[Operators] TLS, certificates, heartache, and pain.

Norman Rasmussen norman at rasmussen.co.za
Wed Oct 15 03:51:06 CDT 2008


On Wed, Oct 15, 2008 at 1:41 AM, Dave Cridland <dave at cridland.net> wrote:

> Anyone got any idea why this is behaving so weirdly? Does anyone have
> logging they could use?
> Any ideas, or even better logging data, gratefully received.


BTW: It seems like your server isn't accepting incoming IPv6 connections
(but happily makes outgoing ones).

31:39 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=5269] outgoing connection
for 'dave.cridland.net'
33:35 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=5269] connection to
dave.cridland.net timed out
33:35 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=5269] disconnect,
packets: 0
33:35 [37] [217.155.137.60, port=5269] outgoing connection for '
dave.cridland.net'
33:40 [37] [217.155.137.60, port=5269] sending dialback auth request for
route 'darkskies.za.net/dave.cridland.net'
33:41 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37601] incoming
connection
33:41 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37601] incoming stream
online (id p9vhyii3mx8zskk789dw0dsukufrklwaurrta9ww)
33:46 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37601] incoming stream
online (id 75wzpg7yqlvrynmjh2a2n6chy4a9d75lc2l2js19)
33:47 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37601] checking dialback
verification from dave.cridland.net: sending valid
33:48 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37601] disconnect,
packets: 1
33:48 [37] [217.155.137.60, port=5269] outgoing route '
darkskies.za.net/dave.cridland.net' is now valid, TLS negotiated
33:49 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37602] incoming
connection
33:49 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37602] incoming stream
online (id dw0cjnv1p63cdguck4lycrjpt5scxtmbpno9akaz)
33:52 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37602] incoming stream
online (id qec4v6ggb1eosydm36y1zkcp80zik9iboufk0w0c)
33:54 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37602] received dialback
auth request for route 'darkskies.za.net/dave.cridland.net'
33:54 [26] [2001:838:378:0:211:9ff:fe2c:e28e, port=37602] incoming route '
darkskies.za.net/dave.cridland.net' is now valid, TLS negotiated

other than that, you could use my proxy-xmpp-tls script [1] to test
connections to your server with openssl

[1] www.darkskies.za.net/~norman/scripts/proxy-xmpp-tls

-- 
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/operators/attachments/20081015/3d286f36/attachment.htm 


More information about the Operators mailing list