[Operators] Operators Digest, Vol 91, Issue 16

Bandie Yip Kojote bandie at ttygap.net
Thu Oct 29 14:19:09 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The charge free StartSSL certificate gives out certificates with wrong
purpose flags. When I set ejabberd to "require valid certs only" your
server would be blocked.
I made this experience to everyone who has this free StartSSL cert.

Btw to the administrators of xmpp.net: I remember to fix the bug which
abort the test for those who have set "require valid certs only". In
the past we had it working.

On 10/29/2015 02:05 PM, Daniele Ricci wrote:
> Yesterday evening I've replaced the certificate with one issued by 
> StartSSL. I now have grade A.
> 
> Thanks!
> 
> On Thu, Oct 29, 2015 at 1:00 PM,  <operators-request at xmpp.org>
> wrote:
>> Interesting. I use a CAcert certificate on wyrddreams.org and the
>> IM Observatory doesn't seem to have any problems with it. I don't
>> see anything obviously wrong in what you pasted, and attempting
>> to connect from here didn't yield anything useful:
>> http://pastebin.com/BBhDJejA
>> 
>> This is using OpenSSL 1.0.1f from the Ubuntu repos.
>> 
>> JT
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iL4EAREKAGYFAlYyKtZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDFFMTBDQzEyNzY0RTlBMjc4RTAzMzhDMEQ4
ODhGQjg0MDYwN0UwOTQACgkQ2Ij7hAYH4JTzQQD/bUH4cPlacZXyfUcfFv7bYOpE
FZGYA5kev6VfDAn4QZEA/2cZ2JDfnJAE9Fq0UA3K2/PvEVGPndznlousbvKPRofz
=Qdu6
-----END PGP SIGNATURE-----


More information about the Operators mailing list