Home

SSL connections being dropped

Submitted by trejkaz@jabber.... on Tue, 2005-08-02 00:57

I have an issue where connections on port 5223 (and presumably using STARTTLS as well) are being dropped, when unencrypted connections on port 5222 work fine.

Other posts on the forum suggest looking at the configuration and making sure the certificate file is readable by ejabberd.

Fragment from /etc/ejabberd/ejabberd.cfg:

  {5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper},
                            starttls, {certfile, "./ssl.pem"}]},
  {5223, ejabberd_c2s,     [{access, c2s},
                            tls, {certfile, "./ssl.pem"}]},

That looks similar to other working configurations I've found, but maybe something is wrong that I haven't noticed.

As for the readability of the certificate file:

trejkaz@morden:/etc/ejabberd> ls -l ssl.pem
lrwxrwxrwx  1 root root 38 May 15 11:36 ssl.pem -> /etc/ssl/home.trypticon.org/server.pem

I've symlinked it into the location all my other services go to, for reasons of simpler maintenance. The file itself:

trejkaz@morden:/etc/ejabberd> ls -l /etc/ssl/home.trypticon.org/server.pem
-r--r-----  1 root certs 2294 May 15 11:24 /etc/ssl/home.trypticon.org/server.pem

And of course...

trejkaz@morden:/etc/ejabberd> groups ejabberd
certs jabber

I've checked, and beam, epmd and some ssl_esock process are all running under the ejabberd user.

What else could be wrong here?

Also

Submitted by trejkaz@jabber.... on Tue, 2005-08-02 00:59.

I forgot to add, I know it's a problem with SSL specifically, because I'm getting the same error which you get when the file isn't readable:

{badmatch, {error, "ssl_ctx_use_certificate_chain_file failed"}}

(Only in this case, the file most certainly is readable.)

»

things to try

Submitted by mfoss on Tue, 2005-08-02 10:15.

Try putting the full path: 

  {5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper},
                            starttls, {certfile, "/etc/ssl/home.trypticon.org/server.pem"}]},
  {5223, ejabberd_c2s,     [{access, c2s},
                            tls, {certfile, "/etc/ssl/home.trypticon.org/server.pem"}]},
If that works you can try {certfile, "/etc/ejabberd/ssl.pem"}. If I remember correctly, when running ejabberd the directory "./" is where the beam files are, not $HOME.

If that does not help, try with a new cert self-signed, just to be sure the problem is not with that specific cert.

»
Syndicate content

User login