ejabberd RPM needs to install/create cert

[wad]

After following the directions on http://wiki.laptop.org/go/Ejabberd_Configuration , and installing ejabberd-1.1.4-1.7.20071205svn1050.fc7.olpc and enabling shared rosters, etc. I was able to "register" a laptop with the school server (a user account was created on the server, and the .sugar config file now specifies "schoolserver" as the Jabber server), but the Jabber server is showing no registration by the laptop.

The school server was running build 141. The laptop was running build 1489, and was connected to the school server via the mesh.

The presenceservice logs from the laptop are attached.

[wad]

Followed the debugging instructions at: http://wiki.laptop.org/go/Telepathy-debug

In order to obtain the attached logs.

[wad]

The /var/log/ejabberd/sasl.log file contains the following:

=CRASH REPORT==== 4-Jan-2008::04:28:05 ===

crasher:

pid: <0.531.0> registered_name: [] error_info: {{badmatch,{error,"SSL_CTX_use_certificate_file failed: error:02

001002:system library:fopen:No such file or directory"}},

[{ejabberd_socket,starttls,2},

{ejabberd_c2s,init,1}, {gen_fsm,init_it,6}, {proc_lib,init_p,5}]}

initial_call: {gen,init_it,

[gen_fsm,

<0.238.0>, <0.238.0>, ejabberd_c2s, [{ejabberd_socket,

{socket_state,gen_tcp,#Port<0.437>,<0.530.0>}},

[inet6,

{access,c2s}, {shaper,c2s_shaper}, tls, {certfile,"/etc/ejabberd/ejabberd.pem"}, {max_stanza_size,524288}]],

[]]}

ancestors: [ejabberd_c2s_sup,ejabberd_sup,<0.36.0>] messages: [] links: [<0.238.0>,#Port<0.438>] dictionary: [] trap_exit: false status: running heap_size: 987 stack_size: 21 reductions: 256

neighbours:

Which leads to the observation that there is no /etc/ejabberd/ejabberd.pem file.

[wad]

Generating a pem file by hand:

openssl req -newkey rsa:1024 -keyout ejabberd.pem -nodes -x509 -days 3650 -out ejabberd.cer

echo "" >> ejabberd.pem

cat ejabberd.cer >> ejabberd.pem

and installing it as /etc/ejabberd/ejabberd.pem with ownership ejabberd:ejabberd and 400 permissions fixed the problem.

[daf]

I have a patch to do this in my git repository for the ejabberd RPM:

http://git.collabora.co.uk/?p=user/daf/ejabberd-rpm.git;a=commit;h=66702f24c50e67b5542c101e2718e2a38f26018d

[mstone]

A comment about the patch: this patch relies on the hostname being correctly defined at package installation time, which wouldn't work very well with distributing ejabberd as part of a simple flashable binary image. However, I think we can safely go ahead with what we have since that is a fairly unusual use case for server software.

I think the next step here is to submit this patch upstream in bugzilla.redhat.com for merging by peter or silfreed (the current ejabberd maintainers listed in https://admin.fedoraproject.org/pkgdb/packages/name/ejabberd).

[gdesmott]

The patch was merged to Fedora's devel package. My new version of the XS package include it too. Will test it soon.

http://git.collabora.co.uk/?p=user/cassidy/ejabberd-rpm;a=shortlog;h=refs/heads/XS