Hi all,
I using the OpenLDAP to make authentication on my ejabberd server. It works fine but when I trying to connect onto secure ejabberd port 5223 I get following message in /var/log/ejabberd/sasl.log:
=CRASH REPORT==== 16-Apr-2008::11:11:54 ===
crasher:
pid: <0.32161.2>
registered_name: []
error_info: {{badmatch,{error,"SSL_CTX_use_PrivateKey_file failed: error:0906D06C:PEM routines:PEM_read_bio:no start line"}},
[{ejabberd_c2s,init,1},
{gen_fsm,init_it,6},
{proc_lib,init_p,5}]}
initial_call: {gen,init_it,
[gen_fsm,
<0.32159.2>,
self,
ejabberd_c2s,
[{gen_tcp,#Port<0.54260>},
[{access,c2s},
tls,
{certfile,"/usr/local/etc/exim/certs/my-ssl.crt"}]],
[]]}
ancestors: [<0.32159.2>,ejabberd_listeners,ejabberd_sup,<0.29376.2>]
messages: []
links: [#Port<0.54261>]
dictionary: []
trap_exit: false
status: running
heap_size: 610
stack_size: 21
reductions: 253
neighbours:
=CRASH REPORT==== 16-Apr-2008::11:11:54 ===
crasher:
pid: <0.32159.2>
registered_name: []
error_info: {{badmatch,
{error,
{{badmatch,
{error,
"SSL_CTX_use_PrivateKey_file failed: error:0906D06C:PEM routines:PEM_read_bio:no start line"}},
[{ejabberd_c2s,init,1},
{gen_fsm,init_it,6},
{proc_lib,init_p,5}]}}},
[{ejabberd_listener,accept,3},{proc_lib,init_p,5}]}
initial_call: {ejabberd_listener,
init,
[5223,
ejabberd_c2s,
[{access,c2s},
tls,
{certfile,
"/usr/local/etc/exim/certs/my-ssl.crt"}]]}
ancestors: [ejabberd_listeners,ejabberd_sup,<0.29376.2>]
messages: []
links: [#Port<0.54260>,<0.29573.2>,#Port<0.54259>]
dictionary: []
trap_exit: false
status: running
heap_size: 377
stack_size: 21
reductions: 573
neighbours:
=SUPERVISOR REPORT==== 16-Apr-2008::11:11:54 ===
Supervisor: {local,ejabberd_listeners}
Context: child_terminated
Reason: {{badmatch,
{error,
{{badmatch,
{error,
"SSL_CTX_use_PrivateKey_file failed: error:0906D06C:PEM routines:PEM_read_bio:no start line"}},
[{ejabberd_c2s,init,1},
{gen_fsm,init_it,6},
{proc_lib,init_p,5}]}}},
[{ejabberd_listener,accept,3},{proc_lib,init_p,5}]}
Offender: [{pid,<0.32159.2>},
{name,5223},
{mfa,
{ejabberd_listener,
start,
[5223,
ejabberd_c2s,
[{access,c2s},
tls,
{certfile,
"/usr/local/etc/exim/certs/my-ssl.crt"}]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]
=PROGRESS REPORT==== 16-Apr-2008::11:11:54 ===
supervisor: {local,ejabberd_listeners}
started: [{pid,<0.32162.2>},
{name,5223},
{mfa,
{ejabberd_listener,
start,
[5223,
ejabberd_c2s,
[{access,c2s},
tls,
{certfile,
"/usr/local/etc/exim/certs/my-ssl.crt"}]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]
and connection was refuse...
Is it meter of OpenLDAP, SASL or ejabberd? or something else? How can I fix it?
I use ejabberd-1.1.4 and have following in my ejabberd.cfg:
% For LDAP authentication use these lines instead of above one:
{auth_method, ldap}.
{ldap_servers, ["localhost"]}. % List of LDAP servers
{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
{ldap_base, "dc=my,dc=domain"}. % Search base of LDAP directory
{ldap_rootdn, "cn=Manager,dc=my,dc=domain"}. % LDAP manager
{ldap_password, "very_secret"}. % Password to LDAP manager
% Listened ports:
{listen,
[
{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
{5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, "/usr/local/etc/exim/certs/my-ssl.crt"}]},
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [http_poll, web_admin]},
{8888, ejabberd_service, [{access, all},
{hosts, ["icq.localhost", "sms.localhost"],
[{password, "secret"}]}]}
]}.
Thank you in advance.
Best regards,
Arkady
Seems a problem in the certificate file
At first look it seems a problem in the certificate file. Maybe it is not of the format expected by ejabberd/Erlang/OpenSSL.
Since I am not an expert in the certificate stuff, I can only tell you how looks the certificate file that works for me:
$ cat /etc/ejabberd/cert.pem-----BEGIN CERTIFICATE-----
MIIDIjCCAougAwIBAgIJAP7Zreu8hd7lMA0GCSqGSIb3DQEBBAUAMGoxCzAJBgNV
...
J44awgs57SlDW6HApAoodmVwpyeNcsHA+5weZn6Ynv0qbCRbcJgwruI391cMv6+O
iCfiSB8KHlH8v8FS5kjhAwwcWVtlonio6Zk55j/HZzmtpicRr7U=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDVAY+IG7MRUhBEVQVjfCOnELmYZUnY/6yaDwpsHAZ+K1L+m+pd
....
ESHwz9pc0tSvDaSzQgmSk/NFjCu5GZt3urs7Q30/VGZz
-----END RSA PRIVATE KEY-----