[Operators] IM client report for beta.kontalk.net

Matthias Rieber supportrq at sucksass.de
Tue Oct 27 19:27:16 UTC 2015


Hi,

On Tue, 27 Oct 2015, Daniele Ricci wrote:

> Hello list,
> I've been having issues with the certification tool at xmpp.net with my server.
> The reported error is: "Connection failed".
> 
> I use CACert and I'm pretty sure I have a correct certificate chain (have I?):
> http://pastebin.com/pVu2EUjP
> 
> IIRC CACert certificates are accepted by this tool, right?

when I try that with the new openssl-1.1.0-dev I get the following error:

CONNECTED(00000003)
depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support at cacert.org
verify return:1
depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
verify return:1
depth=0 CN = beta.kontalk.net
verify return:1
33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365:

Maybe openssl is not very happy with the md5 signature of the CAcert root 
certificate, but I don't know what xmpp.net is actually using.

Matthias


More information about the Operators mailing list