[Operators] IM client report for beta.kontalk.net

James Tait james.tait at wyrddreams.org
Wed Oct 28 16:40:39 UTC 2015

Hash: SHA1

On Wed, Oct 28, 2015 at 1:00 PM, <operators-request at xmpp.org> wrote:
>>> Hi,
>>> On Tue, 27 Oct 2015, Daniele Ricci wrote:
>>>> Hello list,
>>>> I've been having issues with the certification tool at xmpp.net
with my server.
>>>> The reported error is: "Connection failed".
>>>> I use CACert and I'm pretty sure I have a correct certificate chain
(have I?):
>>>> http://pastebin.com/pVu2EUjP
>>>> IIRC CACert certificates are accepted by this tool, right?
>>> when I try that with the new openssl-1.1.0-dev I get the following
>>> CONNECTED(00000003)
>>> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert
Signing Authority, emailAddress = support at cacert.org
>>> verify return:1
>>> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert
Class 3 Root
>>> verify return:1
>>> depth=0 CN = beta.kontalk.net
>>> verify return:1
>>> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca
md too weak:s3_clnt.c:1365:
>>> Maybe openssl is not very happy with the md5 signature of the CAcert
>>> certificate, but I don't know what xmpp.net is actually using.

Interesting. I use a CAcert certificate on wyrddreams.org and the IM
Observatory doesn't seem to have any problems with it. I don't see
anything obviously wrong in what you pasted, and attempting to connect
from here didn't yield anything useful: http://pastebin.com/BBhDJejA

This is using OpenSSL 1.0.1f from the Ubuntu repos.


- -- 
- ---------------------------------------+--------------------------------
James Tait, BSc                        |    xmpp:jayteeuk at wyrddreams.org
Programmer and Free Software advocate  |        Tel: +44 (0)870 490 2407
- ---------------------------------------+--------------------------------

Version: GnuPG v2


More information about the Operators mailing list