SSL strange after upgrading to ejabberd 2

I used an ejabberd 1.1.4 server on my FreeBSD machine with no problems or maintenance. I recently upgraded to 2.0.3 after FreeBSD accepted the new version into "ports". Since then, SSL just hasn't worked right.

From my ejabberd.cfg:

{host_config, "jabber.honeypot.net", [
        {listen,
         [{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper},
                                    {ip, {10, 0, 5, 16}},
                                    {max_stanza_size, 65536},
                                    starttls_required, {certfile, "/usr/local/etc/ejabberd/jabber.honeypot.net.pem"}]},
          {5223, ejabberd_c2s,     [{access, c2s},
                                    {ip, {10, 0, 5, 16}},
                                    {max_stanza_size, 65536},
                                    tls, {certfile, "/usr/local/etc/ejabberd/jabber.honeypot.net.pem"}]},
          {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
                                    {ip, {10, 0, 5, 16}},
                                    {max_stanza_size, 131072}
                                   ]},
          {5280, ejabberd_http,    [{ip, {10, 0, 5, 16}}]},
          {8888, ejabberd_service, [{hosts, ["icq.localhost", "sms.localhost"],
                                     [{password, "secret"}]}]}
         ]},
        {s2s_use_starttls, true},
        {s2s_certfile, "/usr/local/etc/ejabberd/jabber.honeypot.net.pem"},
        {outgoing_s2s_port, 5269}
]}.

It seems to have trouble finding the pem file. Whenever I telnet to the host, port 5223, I get:

  crasher:
    pid: <0.1708.0>
    registered_name: []
    exception exit: {{badmatch,{error,"SSL_CTX_use_certificate_file failed: error:02001002:system library:fopen:No such file or directory"}},
                     [{ejabberd_socket,starttls,2},
                      {ejabberd_c2s,init,1},
                      {gen_fsm,init_it,6},
                      {proc_lib,init_p_do_apply,3}]}
      in function  gen_fsm:init_it/6
    initial call: ejabberd_c2s:init/1
    ancestors: [ejabberd_c2s_sup,ejabberd_sup,<0.1333.0>]
    messages: []
    links: [<0.1540.0>,#Port<0.13761>]
    dictionary: []
    trap_exit: false
    status: running
    heap_size: 610
    stack_size: 23
    reductions: 169
  neighbours:

However, that file certainly exists and is readable by the ejabberd user:

$ sudo -u ejabberd file /usr/local/etc/ejabberd/jabber.honeypot.net.pem
/usr/local/etc/ejabberd/jabber.honeypot.net.pem: ASCII text

For some reason, ejabberd seems to be ignoring the pathname to that pem file. When starting it using ejabberdctl's "live" option, I see:

=PROGRESS REPORT==== 6-Apr-2009::10:16:55 ===
          supervisor: {local,ejabberd_listeners}
             started: [{pid,<0.255.0>},         
                       {name,5222},             
                       {mfa,                    
                           {ejabberd_listener,start,
                               [5222,ejabberd_c2s,  
                                [{access,c2s},      
                                 {shaper,c2s_shaper},
                                 {max_stanza_size,65536},
                                 starttls_required,      
                                 {certfile,"./jabber.honeypot.net.pem"}]]}},
                       {restart_type,transient},                            
                       {shutdown,brutal_kill},                              
                       {child_type,worker}]                                 

=PROGRESS REPORT==== 6-Apr-2009::10:16:55 ===
          supervisor: {local,ejabberd_listeners}
             started: [{pid,<0.256.0>},         
                       {name,5223},             
                       {mfa,                    
                           {ejabberd_listener,start,
                               [5223,ejabberd_c2s,  
                                [{access,c2s},      
                                 {max_stanza_size,65536},
                                 tls,                    
                                 {certfile,"./jabber.honeypot.net.pem"}]]}},
                       {restart_type,transient},                            
                       {shutdown,brutal_kill},                              
                       {child_type,worker}]

I'm not really sure where else to look now. Any ideas?

Looking for ejabberd docs?

SSL strange after upgrading to ejabberd 2

Listen is not per-vhost

User login

Navigation