Fixing SSL problems in ejabberd on Gentoo

Recently a Jabber contact of mine sent me an e-mail saying that he didn't see me online for weeks, asking whether something's broken with my Jabber server. I started investigating and found out that indeed server-to-server connections between my host and jabber.ccc.de didn't work since I rebooted the server machine on December 20.

First I thought that the problem was based on DNS SRV records, because jabber.ccc.de requires support for them. There is a nice howto page on the ejabberd web site about fixing DNS SRV, but running the provided test case showed that SRV already worked quite fine on my server.

Peeking into the log files I saw messages about a module called PKIX1Explicit88 and that it could not be loaded. On Gentoo, stuff like that is caused mostly by ABIs that were broken when updating packages, and solved by updating dependent software. So what I did was to try re-merging Erlang and ejabberd, only to find out that the ejabberd compile would die.

Enter Gentoo's bug tracker. I found two bugs about this problem, namely net-im/ejabberd-1.1.4 does not build with dev-lang/erlang-12.2.0 which basically says uhm, it's somehow broken with Erlang 12B, but we don't know why, and dev-lang/erlang-11.2.5: QA: TEXTREL usr/lib/erlang/lib/crypto-1.5.1.1/priv/lib/crypto_drv.so which explained why only a handfull of people experienced this bug: It seems like you have to use the unstable branch of Gentoo and the "hardened" profile, and ejabberd. As Jakub says on the bug: Well, this completely breaks SSL support on hardened, causing b0rkage w/ stuff like net-im/ejabberd.

I now had three choices: Wait for the developers to resolve the problem, work on the bug myself or downgrade Erlang. Since I was in a bit of a hurry, I decided for the latter, and now my Jabber server works flawlessly again.

Oh, by the way, I must admit that I'm a bit (or maybe more) scared about what is being said in the first bug, starting from comment #6: I feel that ejabberd would benefit from a maintainer with actual erlang knowledge. [...] Christian, Jan, are you interested in maintaining this? — I have zero erlang knowledge [...] — I only maintain Erlang because of sense of duty...I know nothing about it.

Erstellt: 11. 1. 2008, 08:05:25 (CET)
Tags: English Gentoo ejabberd SSL fix
scytale.name