[Juser] "Invalid CA certificate" for jabber.org?

Matthias Wimmer m at tthias.net
Fri Feb 18 15:37:42 CST 2005


Hi Peter!

Peter Saint-Andre schrieb am 2005-02-18 15:27:14:
> It is not purely client-side -- the Psi developers require the server
> admin to place some special file in a special format on the server,
> because Psi does not read PEM-encoded certs, but the special Psi XML
> format. And to the jabber.org server admins, that seems like a bad idea.

I don't think this is the case. The certificate is exchanged in the TLS
handshake. The special encoded file format is only used by Psi to store
the certificates of the root authorities ...

It might be possible that a server admin stores the special Psi CA file
on the server if it uses its own certification authority, but it isn't
needed.

If the right certificate has been added to the Psi CA store, it might
be, that an intermediate certificate has been used to sign the
certificate of jabber.org and this certificate is not sent to the client
(in the TLS handshake). In that case jabber.org's client connection
manager would have to sent the intermediate certificate together with
its own certificate while establishing the TLS layer. A special XML
format won't be required in that case either.


Tot kijk
    Matthias

-- 
Fon: +49-(0)70 0770 07770          http://web.amessage.info
Fax: +49-(0)89 312 88 654          xmpp:mawis at amessage.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20050218/f303a7d8/attachment-0003.pgp>


More information about the JUser mailing list