Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-405

Openfire fails to verify chained certificates

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.9.2
    • Fix Version/s: 3.10.0
    • Component/s: Core
    • Labels:
      None

      Description

      (3:52:24 PM) jdev@conference.jabber.org/seth: sorry to privmsg you, but I was hoping I could get your help on what looks like an openfire issue. Do you have a minute to chat?
      (3:54:28 PM) Guus: hi
      (3:54:34 PM) jdev@conference.jabber.org/seth: hi
      (3:54:48 PM) Guus: actually, I'm very busy :/
      (3:54:58 PM) jdev@conference.jabber.org/seth: yes
      (3:54:59 PM) jdev@conference.jabber.org/seth: http://community.igniterealtime.org/thread/42845
      (3:55:06 PM) jdev@conference.jabber.org/seth: intermediate (chaining) certs
      (3:55:15 PM) jdev@conference.jabber.org/seth: ignore my emails
      (3:55:16 PM) jdev@conference.jabber.org/seth: yeah
      (3:55:31 PM) jdev@conference.jabber.org/seth: the emails were when I thought this issue was related to another - it's not - I spent last week testing it
      (3:55:49 PM) jdev@conference.jabber.org/seth: the problem is when the certfile presented to openfire has more than one cert in it. Openfire drops the tls connection
      (3:56:01 PM) Guus: ah
      (3:56:08 PM) Guus: that might explain for some issues that I've been seeing
      (3:56:27 PM) jdev@conference.jabber.org/seth: I have a godaddy cert which requires 3 intermediates
      (3:56:41 PM) jdev@conference.jabber.org/seth: When I bundle them, openfire to prosody fails.
      (3:56:52 PM) jdev@conference.jabber.org/seth: when I use just my cert (get rid of the other intermediates), it works
      (3:57:01 PM) jdev@conference.jabber.org/seth: BUT then the clients complain because the chaining is broken
      (3:58:25 PM) jdev@conference.jabber.org/seth: I also tried all the (documented) available options.
      (3:58:37 PM) Guus: I'm terribly busy at the moment
      (3:58:44 PM) jdev@conference.jabber.org/seth: ok
      (3:58:44 PM) Guus: I'll copy/paste this conversation in a new JIRA issue
      (3:58:48 PM) Guus: and figure it out later, ok?
      (3:59:09 PM) jdev@conference.jabber.org/seth: thanks. yeah. THis is a bit important to me, so any attention you could give it would be greatly appreciated. Thank you very much.
      (3:59:26 PM) Guus: I'm always happy to accept patches
      (3:59:43 PM) jdev@conference.jabber.org/seth: I don't know java at all. If openfire were written in python, ...

        Attachments

          Activity

            People

            • Assignee:
              dwd Dave Cridland
              Reporter:
              guus Guus der Kinderen
            • Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: