Prosody on FreeBSD

Posted on

Tags: prosody, XMPP, FreeBSD

Few weeks ago, I noticed that I was not able to communicate with one of my XMPP contact. They were showing offline for a while. To make sure, it’s not something misconfigured on my end that broke it, I checked my ejabberd.log, and then came across following message:

2020-09-22 12:46:49.768 [warning] <0.14435.4>@ejabberd_s2s_out:process_closed:157 Failed to establish outbound s2s connection mydomain.tld -> otherdomain.tld: Stream closed by peer: Your server's certificate is invalid, expired, or not trusted by otherdomain.tld (not-authorized); bouncing for 269 seconds

It seems their XMPP instance (otherdomain.tld) was refusing S2S connection from my host (mydomain.tld). On reaching out to them through another channel, I found out that they’re running Prosody. After some debugging, it turns out that it’s missing the CA configuration. So to make it work, needed to add CA configuration for FreeBSD (which required installing security/ca_root_nss port for Mozilla CA bundle):

ssl = {
    cafile = "/etc/ssl/cert.pem"

Hope this helps someone. :)