After upgrading to ejabber 1.0.0 (using Process-one installation) on a Debian Sarge system I wasn't able to logon with "starttls" enabled in the ejabber.conf. If I comment out "starttls" and "certfile" everything works fine. I've already checked the ssl pem file and even created a new one. And I didn't find anything in the ejabberd.log about ssl that indicates a problem. I even tried another jabber client (gush instead of exodus) but this didn't help either. I think you need some more information but I didn't have any logfiles or crash dumps. On the client side you can see that the TCP connection was establised but the ssl handshake seems to stall.
{5222,
ejabberd_c2s,
[ {ip, {83,243,x,x}},
{access, c2s},
{shaper, c2per},
starttls,
{certfile, "/home/ejabberd/ssl.pem"}
]
},
Quite strange, where could
Quite strange, where could be the problem?
{5222, ejabberd_c2s, [{ip, {83,243,x,x}}, {access, c2s}, starttls, {certfile, "/home/ejabberd/ssl.pem"}]}, {5224, ejabberd_c2s, [{ip, {83,243,x,x}}, {access, c2s}]}, ...This enables 5222 for plain and SSL, and 5224 for plain only.
Re: Quite strange, where could
On the client: if it worked before it should work now too. Anyway try Psi and Gajim too.
*sigh* but to solve the problem I will even install Psi and Gajim.
PSI: Status "Connecting" is shown forever.
Gajim: Goes "offline" very soon while connecting.
Tkabber: "Got stream features" and nothing more.
So I'm pretty sure the "fault" in on the server side.
On required libraries not included in the binary installer: OpenSSL. Try to upgrade to the latest
Already done via aptitude update && aptitude upgrade. I really don't wont to upgrade to a non supported OpenSSL version only for ejabberd. Just I case you want to know:
ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary and related
On your downloaded installer: Check if you downloaded the latest available on the site, check the MD5 signature
I didn't find a md5 file for ejabberd-1.0.0_2-linux-installer.bin from http://process-one.net/en/projects/ejabberd/download.html#ejabberd-1.0.0... But I've computed the following md5sum:
9ed472dfb6d3cbe0e36d1b1d9586f43c *ejabberd-1.0.0_2-linux-installer.bin
On the installation process: reinstall ejabberd
I've reinstalled ejabber with the bin packet that I've wgetted in the step before. But even a diff -urN oldinst newinst didn't show any differences (ignoring log and database).
On the configuration: If you already used ejabberd before, you probably know how to configure it. Anyway, if everything else fails, try with this:
{5222, ejabberd_c2s, [{ip, {83,243,x,x}}, {access, c2s}, starttls, {certfile, "/home/ejabberd/ssl.pem"}]}, {5224, ejabberd_c2s, [{ip, {83,243,x,x}}, {access, c2s}]}, ...This enables 5222 for plain and SSL, and 5224 for plain only.
I didn't see any differences between my setup example and your setting. The only diffrence is the {shaper, c2per} shaping setting. But I even tried your setup without success.
On the installer: if you reach this, then it could be a bug on the installer, which one are you using exactly?
I've done a wget http://process-one.net/en/projects/ejabberd/download/1.0.0/ejabberd-1.0....
Now I've installed on port:
5222 -> plain Jabber without any SSL
5223 -> old SSL methode
5224 -> STARTTLS method
It seems incompatibility with OpenSSL 0.9.7e
But I've computed the following md5sum:
9ed472dfb6d3cbe0e36d1b1d9586f43c *ejabberd-1.0.0_2-linux-installer.bin
I've downloaded the same file and I get the same md5sum.
Just I case you want to know:
ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary and related
I'm on Debian unstable, OpenSSL 0.9.7g-1.
I did: wget, chmod, execute the installer, modify ejabberd.cfg to add the {5223, ...} line, put the right path to my selfsigned SSL cert, start ejabberd, start Tkabber (Psi and Gajim works too for sure), enable SSL, create account and login. I found no problem.
I vote that upgrading OpenSSL from 0.9.7e to 0.9.7g or newer solves the problem. Why? I don't know.
According to
According to the main jabber server now also uses ejabberd 1.0.0. Looking at the "Connected Users" statistics it seems that no one is using SSL to connect to this server. Is jabber.org fighting the same problem as I do?
I can login on jabber.org using SSL
I can login on jabber.org using plain, ssl or tls+sasl. Maybe the stats printed there do not reflect the real number of SSL users.
There were very many
There were very many complains about not working SSL in Process-one binary installer. The solution is simple. Do not use thais installer.
Re: There were very many
Do not use thais installer.
I thought the installer is just a fast and easy way to setup ejabberd. Trying to compile ejabberd from src is not an easy task. It seems that sarge didn't have an erlang package ready to use so the configure fails.
nixfix:~# apt-cache search erlang
erlang-doc-html - Erlang HTML pages
erlang-manpages - Erlang man pages
Now I need to install the erlang dev packages to compile ejabberd. Not very user/admin friendly. But after looking at the svn trunk I found the following in ChangeLog:
---
2005-10-22 Alexey Shchepin
* src/ejabberd_app.erl: Try to load tls_drv at startup to avoid unloading of libssl (thanks to Brian Campbell)
---
Since the process-one installer is dated 2005-12-13 I hope the next ejabberd release will fix the SSL issue for me.
Re: There were very many
There were very many complains about not working SSL in Process-one binary installer. The solution is simple. Do not use thais installer.
We did not get those complains. We, on the contrary had many thanks for this installer. And, as said, the problem is solved with this installer. It has been solved and it was the only complain we received.
The installer has many advantages: Erlang is included, supervisor patch is included, mysql and pgsql native module are included.
--
Mickaël Rémond
resolved with ejabberd 1.1.0
The SSL login problem is resolved with ejabberd 1.1.0.