From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Dec 16 15:00:16 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 94AE91065677
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 16 Dec 2008 15:00:16 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 69C0E8FC16
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 16 Dec 2008 15:00:16 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mBGF0FRu043707
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 16 Dec 2008 15:00:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mBGF0FHf043706;
	Tue, 16 Dec 2008 15:00:15 GMT (envelope-from gnats)
Resent-Date: Tue, 16 Dec 2008 15:00:15 GMT
Resent-Message-Id: <200812161500.mBGF0FHf043706@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Petr Holub <hopet@ics.muni.cz>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EC09F1065675
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 16 Dec 2008 14:55:05 +0000 (UTC)
	(envelope-from hopet@arwen.ics.muni.cz)
Received: from minas.ics.muni.cz (minas.ics.muni.cz [147.251.4.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 71A1B8FC1A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 16 Dec 2008 14:55:05 +0000 (UTC)
	(envelope-from hopet@arwen.ics.muni.cz)
Received: from arwen.ics.muni.cz (arwen.ics.muni.cz [147.251.3.20])
	by minas.ics.muni.cz (8.13.8/8.13.8/SuSE Linux 0.8) with ESMTP id
	mBGEgFqd011105
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Dec 2008 15:42:16 +0100
Received: from arwen.ics.muni.cz (localhost [127.0.0.1])
	by arwen.ics.muni.cz (8.14.2/8.14.2) with ESMTP id mBGCLBKr013216
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 16 Dec 2008 13:21:11 +0100 (CET)
	(envelope-from hopet@arwen.ics.muni.cz)
Received: (from root@localhost)
	by arwen.ics.muni.cz (8.14.2/8.14.2/Submit) id mBGCLBCd013215;
	Tue, 16 Dec 2008 13:21:11 +0100 (CET) (envelope-from hopet)
Message-Id: <200812161221.mBGCLBCd013215@arwen.ics.muni.cz>
Date: Tue, 16 Dec 2008 13:21:11 +0100 (CET)
From: Petr Holub <hopet@ics.muni.cz>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/129681: SSL patch for net-im/ejabberd
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Petr Holub <hopet@ics.muni.cz>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2008 15:00:16 -0000


>Number:         129681
>Category:       ports
>Synopsis:       SSL patch for net-im/ejabberd
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 16 15:00:15 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Petr Holub
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
Masaryk University
>Environment:
System: FreeBSD arwen.ics.muni.cz 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Apr 13 20:28:04 CEST 2008 toor@arwen.ics.muni.cz:/usr/obj/usr/src/sys/ARWEN i386


>Description:

	ejabber server is unable to present CA certificate chain to the
        client and thus clients get Unknown CA error unless it has it installed
        locally (or unless ignoring SSL problems). With this patch, it is 
        possible to put also CA certificate into the PEM file (together with 
        server key and server certificate) and CA certificate is presented
        to the client.

        More information see
        http://hyperstruct.net/2007/6/20/installing-the-startcom-ssl-certificate-in-ejabberd

>How-To-Repeat:

        cat serverkey.pem servercert.pem CAcert.pem >server.pem

	Prior to this patch, Psi client needs to have CA cerficate locally.
        Now it can be provided from the ejabber server.

>Fix:

--- patch-src::tls::tls_drv.c begins here ---
--- src/tls/tls_drv.c.orig	2008-12-16 13:04:21.000000000 +0100
+++ src/tls/tls_drv.c	2008-12-16 13:05:29.000000000 +0100
@@ -108,7 +108,7 @@
 	 d->ctx = SSL_CTX_new(SSLv23_method());
 	 die_unless(d->ctx, "SSL_CTX_new failed");
 
-	 res = SSL_CTX_use_certificate_file(d->ctx, buf, SSL_FILETYPE_PEM);
+	 res = SSL_CTX_use_certificate_chain_file(d->ctx, buf);
 	 die_unless(res > 0, "SSL_CTX_use_certificate_file failed");
 
 	 res = SSL_CTX_use_PrivateKey_file(d->ctx, buf, SSL_FILETYPE_PEM);
--- patch-src::tls::tls_drv.c ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: