Bug#516528: ejabberd: starttls hangs after upgrade from etch-bpo to lenny

[Kevin Otte]

Package: ejabberd
Version: 2.0.1-6
Severity: important


Version installed on etch was 2.0.1-6~bpo40+1

After upgrade to lenny, any attempts to starttls on 5222 cause the connection
to hang. For debugging, I enabled the legacy SSL on port 5223 and attempted
to connect with openssl's s_client.  The exchange was:

$ openssl s_client -connect jabber.nivex.net:5223
CONNECTED(00000003)
25231:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:188:

Logging set to level 5, /var/log/ejabberd/ejabberd.log reports:

=INFO REPORT==== 2009-02-21 23:18:23 ===
I(<0.250.0>:ejabberd_listener:112) : (#Port<0.407>) Accepted connection 
{{207,192,73,107},38014} -> {{207,192,73,107},5223}

=INFO REPORT==== 2009-02-21 23:18:23 ===
D(<0.335.0>:ejabberd_receiver:297) : Received XML on stream = []

An strace on ejabberd shows the process reading the .pem listed in the config
file as well as the files that make up the certificate chain (cacert.org).
Immediately after reading and closing the last cacert .pem file, the
process peforms a mumnap() and closes the socket connection to the client.

As this was an upgrade from a working server, no configs have changed.
I have verified that the permissions on the .pem file are correct.

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18.8-linode10 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ejabberd depends on:
ii  adduser                3.110             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.24            Debian configuration management sy
ii  erlang-base [erlang-ab 1:12.b.3-dfsg-4   Concurrent, real-time, distributed
ii  erlang-nox             1:12.b.3-dfsg-4   Concurrent, real-time, distributed
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libexpat1              2.0.1-4           XML parsing C library - runtime li
ii  libpam0g               1.0.1-5           Pluggable Authentication Modules l
ii  libssl0.9.8            0.9.8g-15         SSL shared libraries
ii  openssl                0.9.8g-15         Secure Socket Layer (SSL) binary a
ii  ucf                    3.0016            Update Configuration File: preserv
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

ejabberd recommends no packages.

Versions of packages ejabberd suggests:
pn  libunix-syslog-perl           <none>     (no description available)

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org