[jadmin] Jabber FreeBSD, SSL, etc.

Ian Cartwright ian351c at home.com
Tue Feb 12 16:50:52 CST 2002


Hi Chris,

It looks like the "null ctx" error messages are caused by an error
processing the SSL key and certificate at startup. You error was caused by
an error trying to process a file that wasn't there (mayber) and mine is
either the same cause or because my SSL key is not formed properly (I
think). Can you tell me the exact process you used to create your SSL key?
Or maybe create a sample for me and attach it? I would greatly appreciate
it...

Here is the very beginning of the debug output from jabber:

Tue Feb 12 15:39:28 2002  mio_ssl.c:55 MIO SSL init
Tue Feb 12 15:39:28 2002  mio_ssl.c:64 Handling configuration using: <ssl>
      <key ip='192.168.0.100'>/usr/local/etc/jabber.pem</key>
    </ssl>
Tue Feb 12 15:39:28 2002  mio_ssl.c:83 Handling: <key
ip='192.168.0.100'>/usr/local/etc/jabber.pem</key>
Tue Feb 12 15:39:28 2002  mio_ssl.c:98 Setting temporary RSA callback
Tue Feb 12 15:39:28 2002  mio_ssl.c:110 Loading SSL certificate
/usr/local/etc/jabber.pem for 192.168.0.100
Tue Feb 12 15:39:28 2002  mio_ssl.c:113 SSL Error using certificate file
Tue Feb 12 15:39:28 2002  mio.c:578 MIO is starting up

Here is the relevant part of my jabber.xml:

   <ssl>
      <key ip='192.168.0.100'>/usr/local/etc/jabber.pem</key>
   </ssl>


Cheers,

Ian


> -----Original Message-----
> From: jadmin-admin at jabber.org [mailto:jadmin-admin at jabber.org]On Behalf
> Of Chris Pile
> Sent: Tuesday, February 12, 2002 10:12 AM
> To: jadmin at jabber.org
> Subject: Re: [jadmin] Jabber FreeBSD, SSL, etc.
>
>
> I just tried this on another test server, I had exactly the same error
> you had.  After looking at my config, I noticed I had this:
>
>       <key ip='192.168.1.1'>./certs/key.pem</key>
>
> Realised what was wrong, then changed it to:
>
>     <ssl>
>       <key ip="192.168.1.1">./certs/key.pem</key>
>     </ssl>
>
> Quotes don't make a difference, but the <ssl/> tags do.  Would be crazy
> if we both made the same mistake, but the error I had was exactly the
> same as yours.
>
> This was using the jabber-1.4.2 tarball on FreeBSD.
>
>
> Thanks,
> Chris.
>
> Chris Pile wrote:
> >
> > I've not actually tried the jabber code from the FreeBSD ports
> > collection, I prefer to download the code from the site or CVS.  I've
> > installed all my jabber related stuff in "/usr/local/jabber" and chown'd
> > it by my jabber user.  I run jabber using: "su jabber -c
> > '/usr/local/jabber/jabberd/jabberd -B'" via a stop/start script under
> > "/usr/local/etc/rc.d/".
> >
> > I'm running msn-transport-1.2 and jabber-1.4.2 (both from the CVS).
> > jabber-1.4.2 works fine with SSL+FreeBSD as far as I can tell (I've been
> > running it for a month or two).  You do need to compile with gmake
> > though.
> >
> > It may be worth starting up a server with no transports, then adding one
> > at a time.
> >
> > Have you definitely got the client SSL libraries (winjab/jim)?  Also the
> > following command maybe useful when debugging SSL connections:
> >
> > openssl s_client -connect localhost:5223 -debug -state
> >
> > See if there is anything obvious in the output.  It should at least
> > indicate if your SSL cert is accepted.
> >
> > Thanks,
> > Chris.
> >
> > Ian Cartwright wrote:
> > >
> > > Greetings all,
> > >
> > > I have recently had the pleasure of compiling and installing
> Jabber on my
> > > FreeBSD box. During this time, I have researched and accomplished the
> > > following tasks:
> > >
> > > Download, compile and install jabberd-1.4.2, aim-transport-0.9.25,
> > > yahoo-transport-0.8-1.4-linux, msn-transport-1.1, and
> icq-transport-0.9 (via
> > > the Ports system of FreeBSD modifying the master Makefile to compile
> > > jabberd-1.4.2 instead of 1.4.1 and manually running "autgen.sh
> > > i386-unknown-freebsd4.5" for aim-transport and then adding "-I
> > > /usr/local/include/pth" to the Makefiles for aim-transport and
> > > aim-transport/src).
> > >
> > > I then went through jabber.xml file and set up services
> according to the
> > > Jabber Server Howto, with the exception of using
> aim-transport instead of
> > > icq-transport for ICQ services (as detailed elsewhere in this forum).
> > >
> > > I generated my SSL key using two different sets of
> instructions (one fond in
> > > this forum, another on snoogans.co.uk). Snoogan's
> instructions seemed more
> > > complete, leaving me witha combined key/certificate file, with no
> > > passphrase.
> > >
> > > I have checked all the permissions to libraries, binaries,
> and data dirs,
> > > and all seem correct, but I am having two issues:
> > >
> > > If I try to run jabberd as user=jabber, I get a "Bus Error"
> message, when
> > > using my config file. If I use the generic config file
> (everything set to
> > > localhost, and no services defined) it runs ok. It also runs
> ok with my
> > > config file if I run as root.
> > >
> > > The other issue is with SSL. I get this in my debug output:
> > >
> > > Mon Feb 11 14:41:27 2002  mio.c:620 mio while loop, working
> > > Mon Feb 11 14:41:27 2002  mio.c:380 _mio_accept calling
> accept on fd #8
> > > Mon Feb 11 14:41:27 2002  mio_ssl.c:234 NULL ctx found in SSL hash
> > > Mon Feb 11 14:41:27 2002  mio.c:607 mio while loop top
> > > Mon Feb 11 14:41:32 2002  mio.c:620 mio while loop, working
> > > Mon Feb 11 14:41:32 2002  mio.c:380 _mio_accept calling
> accept on fd #8
> > > Mon Feb 11 14:41:32 2002  mio_ssl.c:234 NULL ctx found in SSL hash
> > > Mon Feb 11 14:41:32 2002  mio.c:607 mio while loop top
> > >
> > > My previous research lead me to believe that this is either a
> problem with
> > > jabbrd-1.4.1 and FreeBSD or with the SSL Key. I have (to the
> best of my
> > > knowlege) avoided these issues by compiling jabberd-1.4.2 and
> using the
> > > instructions for building a key.
> > >
> > > Does anyone have any suggestions?
> > >
> > > Cheers,
> > >
> > > Ian
> > >
> > > _______________________________________________
> > > jadmin mailing list
> > > jadmin at jabber.org
> > > http://mailman.jabber.org/listinfo/jadmin
> > _______________________________________________
> > jadmin mailing list
> > jadmin at jabber.org
> > http://mailman.jabber.org/listinfo/jadmin
> _______________________________________________
> jadmin mailing list
> jadmin at jabber.org
> http://mailman.jabber.org/listinfo/jadmin




More information about the JAdmin mailing list