Re: STARTTLS connection on jabberd2

[Tomasz Sterna]

Dnia 2015-02-26, czw o godzinie 12:00 +0100, Matěj Cepl pisze:
> https://bugzilla.redhat.com/show_bug.cgi?id=1179229. What do you think
> about my comment 3 and the attached patch?

I have no idea.
My knowledge of TLS is close to vague.


-- 
 /o__ Q: What do monsters eat?
(_<^' A: Things.

Re: STARTTLS connection on jabberd2

[Matěj Cepl]

On 26/02/15 11:23, Tomasz Sterna wrote:
> Dnia 2015-02-26, czw o godzinie 01:09 +0100, Matěj Cepl pisze:
>> pemfile="/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt"
> 
> .crt suggests that this is certificate only.
> You need a .pem with full chain of all certificates from the CA, to your
> certificate (if not present in global ca-certificates) and a private
> key, concatenated together in one file.

Yes, I forgot to add the key, thank you.

Also, on the similar note. I have started to look at our Fedora/RHEL
bugs for jabberd2 (and some of them are shamefully old) and I have found
https://bugzilla.redhat.com/show_bug.cgi?id=1179229. What do you think
about my comment 3 and the attached patch?

Best,

Matěj

-- 
http://www.ceplovi.cz/matej/, Jabber: mc...@ceplovi.cz
GPG Finger: 89EF 4BC6 288A BF43 1BAB  25C3 E09F EF25 D964 84AC

If Patrick Henry thought that taxation without representation was
bad, he should see how bad it is with representation.

Re: STARTTLS connection on jabberd2

[Tomasz Sterna]

Dnia 2015-02-26, czw o godzinie 01:09 +0100, Matěj Cepl pisze:
> pemfile="/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt"

.crt suggests that this is certificate only.
You need a .pem with full chain of all certificates from the CA, to your
certificate (if not present in global ca-certificates) and a private
key, concatenated together in one file.



-- 
 /o__  Talking about a piece of movie dialogue: Let's have some new
(_<^'  cliches. -Samuel Goldwyn