[Operators] IM client report for beta.kontalk.net

James Tait james.tait at wyrddreams.org
Wed Oct 28 16:40:39 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Oct 28, 2015 at 1:00 PM, <operators-request at xmpp.org> wrote:
>>> Hi,
>>>
>>> On Tue, 27 Oct 2015, Daniele Ricci wrote:
>>>
>>>> Hello list,
>>>> I've been having issues with the certification tool at xmpp.net
with my server.
>>>> The reported error is: "Connection failed".
>>>>
>>>> I use CACert and I'm pretty sure I have a correct certificate chain
(have I?):
>>>> http://pastebin.com/pVu2EUjP
>>>>
>>>> IIRC CACert certificates are accepted by this tool, right?
>>>
>>> when I try that with the new openssl-1.1.0-dev I get the following
error:
>>>
>>> CONNECTED(00000003)
>>> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert
Signing Authority, emailAddress = support at cacert.org
>>> verify return:1
>>> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert
Class 3 Root
>>> verify return:1
>>> depth=0 CN = beta.kontalk.net
>>> verify return:1
>>> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca
md too weak:s3_clnt.c:1365:
>>>
>>> Maybe openssl is not very happy with the md5 signature of the CAcert
root
>>> certificate, but I don't know what xmpp.net is actually using.
>>>

Interesting. I use a CAcert certificate on wyrddreams.org and the IM
Observatory doesn't seem to have any problems with it. I don't see
anything obviously wrong in what you pasted, and attempting to connect
from here didn't yield anything useful: http://pastebin.com/BBhDJejA

This is using OpenSSL 1.0.1f from the Ubuntu repos.

JT

- -- 
- ---------------------------------------+--------------------------------
James Tait, BSc                        |    xmpp:jayteeuk at wyrddreams.org
Programmer and Free Software advocate  |        Tel: +44 (0)870 490 2407
- ---------------------------------------+--------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYw+ocACgkQyDo4xMNTLiZLBQCeNF7EIIyZHZ/3uz3K4aZ9MAkv
T7cAoKWlo1INPEmqL5K+tkH3RpnkbMct
=hiXs
-----END PGP SIGNATURE-----




More information about the Operators mailing list