[Operators] IM client report for beta.kontalk.net
Matthias Rieber
supportrq at sucksass.de
Tue Oct 27 19:27:16 UTC 2015
Hi,
On Tue, 27 Oct 2015, Daniele Ricci wrote:
> Hello list,
> I've been having issues with the certification tool at xmpp.net with my server.
> The reported error is: "Connection failed".
>
> I use CACert and I'm pretty sure I have a correct certificate chain (have I?):
> http://pastebin.com/pVu2EUjP
>
> IIRC CACert certificates are accepted by this tool, right?
when I try that with the new openssl-1.1.0-dev I get the following error:
CONNECTED(00000003)
depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support at cacert.org
verify return:1
depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
verify return:1
depth=0 CN = beta.kontalk.net
verify return:1
33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365:
Maybe openssl is not very happy with the md5 signature of the CAcert root
certificate, but I don't know what xmpp.net is actually using.
Matthias
More information about the Operators
mailing list