Date: Tue, 16 Dec 2008 13:21:11 +0100 (CET) From: Petr Holub <hopet@ics.muni.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129681: SSL patch for net-im/ejabberd Message-ID: <200812161221.mBGCLBCd013215@arwen.ics.muni.cz> Resent-Message-ID: <200812161500.mBGF0FHf043706@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129681 >Category: ports >Synopsis: SSL patch for net-im/ejabberd >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Dec 16 15:00:15 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Petr Holub >Release: FreeBSD 7.0-RELEASE i386 >Organization: Masaryk University >Environment: System: FreeBSD arwen.ics.muni.cz 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Apr 13 20:28:04 CEST 2008 toor@arwen.ics.muni.cz:/usr/obj/usr/src/sys/ARWEN i386 >Description: ejabber server is unable to present CA certificate chain to the client and thus clients get Unknown CA error unless it has it installed locally (or unless ignoring SSL problems). With this patch, it is possible to put also CA certificate into the PEM file (together with server key and server certificate) and CA certificate is presented to the client. More information see http://hyperstruct.net/2007/6/20/installing-the-startcom-ssl-certificate-in-ejabberd >How-To-Repeat: cat serverkey.pem servercert.pem CAcert.pem >server.pem Prior to this patch, Psi client needs to have CA cerficate locally. Now it can be provided from the ejabber server. >Fix: --- patch-src::tls::tls_drv.c begins here --- --- src/tls/tls_drv.c.orig 2008-12-16 13:04:21.000000000 +0100 +++ src/tls/tls_drv.c 2008-12-16 13:05:29.000000000 +0100 @@ -108,7 +108,7 @@ d->ctx = SSL_CTX_new(SSLv23_method()); die_unless(d->ctx, "SSL_CTX_new failed"); - res = SSL_CTX_use_certificate_file(d->ctx, buf, SSL_FILETYPE_PEM); + res = SSL_CTX_use_certificate_chain_file(d->ctx, buf); die_unless(res > 0, "SSL_CTX_use_certificate_file failed"); res = SSL_CTX_use_PrivateKey_file(d->ctx, buf, SSL_FILETYPE_PEM); --- patch-src::tls::tls_drv.c ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812161221.mBGCLBCd013215>