I wouldn't say it's a bug. You didn't show us the complete configuration file,
but I am assuming
you did not configure jabberd2 to also serve xmpp.guuk.eu, so when you try to
connect to xmpp.guuk.eu
jabberd2 doesn't know that it should also serve users for x...@xmpp.guuk.eu. If
you need that you can
just configure a second session manager.
There is an issue with openssl that you ran into, that might have helped you to
find this out yourself.
It's that when you connect like this
openssl s_client -starttls -connect example.com:5222
when there is a server running at example.com:5222, but it's not configured to
serve example.com
then openssl doesn't show you that error message, but it just prints
CONNECTED(0003)
(and get's stuck in an endless loop ...)
Which is not entirely incorrect, after all it established a connection, but the
starttls part failed,
and it doesn't print an error message.
So you _can_ in fact use user @ domainname.tld ! You can just not debug it with
openssl :-)
Yaxim works, because it's smarter that openssl. It connects to xmpp.guuk.eu,
but it sends the correct
hostname guuk.eu in it's pre-starttls connection data
stream to='guuk.eu' version='1.0'
openssl doesn't know that you want to connect as u...@guuk.de, the only
information it has is the host
xmpp.guuk.de so it sends that instead.
stream to='xmpp.guuk.eu' version='1.0'
for which your server is not configured, it responds with host-unknown, which
openssl doesn't show you.
So the bug is in fact in openssl:
http://rt.openssl.org/Ticket/Display.html?id=2860user=guestpass=guest
If you want to use u...@guuk.de instead of u...@xmpp.guuk.de just configure it,
and if it works in yaxim
it will probably work in all other clients.
Karim
i found the error by myself. IMHO this is a bug within jabberd2 not
responding to openssl s_client calls while using the FQDN instead of the
domain part of the JID. especially because some xmpp clients give you the
ability to connect to another host instead of your domain part of your JID.
while using the FQDN of my host i am not getting a response from openssl
s_client:
root@cargo:/etc/jabberd2 2015/05/10 03:21:31 # openssl s_client -CApath
/etc/ssl/certs -starttls xmpp -connect xmpp.guuk.eu:5222
CONNECTED(0003)
^C
using the domain part of the JID is giving me a response:
root@cargo:/etc/jabberd2 2015/05/10 03:22:59 # openssl s_client -CApath
/etc/ssl/certs -starttls xmpp -connect guuk.eu:5222
CONNECTED(0003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing,
CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing,
CN = StartCom Class 2 Primary Intermediate Server CA
verify return:1
depth=0 C = DE, ST = Hessen, L = Wiesbaden, O = G\C3\BCnther K\C3\BCnzel, CN
= xmpp.guuk.eu, emailAddress = p... @guuk.eu
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Hessen/L=Wiesbaden/O=G\xFCnther
K\xFCnzel/CN=xmpp.guuk.eu/emailAddress=p... @guuk.eu
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Class 2 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
---
Server certificate
the certification chain is only working, because my certificate is signed for
both, xmpp.guuk.eu and guuk.eu.
not sure how to proceed with that, but it looks like it was a nice try to use
username @ domainname.tld for JIDs. it's just not working. looks like i have
to use username @ hostname.domainname.tld ...
greetings
-mog
--
pgpGiY9Yet9T4.pgp
Description: PGP signature
