Prosody cannot use SSL/TLS after upgrade [Solved]

xganesh · 2016-03-06 20:54:45

After upgrading today, encrypted connections do not work any more and I've had to temporarily reconfigure my clients (psi-plus) to use plain connections.
Installed packages

prosody 0.9.10-1
lua51-sec 1:0.5-5
lua-zlib 1:0.4-4
lua51-event 0.4.3-4
lua-cyrussasl 1.0.0-3

uname -r text

4.3.6-1-ck

While journalctl -u prosody.service --since=now
After sudo systemctl restart prosody.service

-- Logs begin at Fri 2014-02-07 13:49:53 EST, end at Sun 2016-03-06 15:23:10 EST. --
Mar 06 15:23:09 SERVER systemd[1]: Stopping XMPP (Jabber) Server...
Mar 06 15:23:10 SERVER prosody[22811]: mod_posix: Received SIGTERM
Mar 06 15:23:10 SERVER prosody[22811]: general: Shutting down: Received SIGTERM
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: Disconnecting client, <stream:error> is: <stream:error><system-shutdown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Received SIGTERM</text></stream:error>
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: c2s stream for oneuser@PROSODYSERVER/Psi+ closed: Received SIGTERM
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: Destroying session for oneuser@PROSODYSERVER/Psi+ (oneuser@PROSODYSERVER): Received SIGTERM
Mar 06 15:23:10 SERVER prosody[22811]: sessionmanager: All resources of psych1 are now offline
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: Received[c2s]: <presence type='unavailable'>
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: Client disconnected: connection closed
Mar 06 15:23:10 SERVER prosody[22811]: c2s141c980: Destroying session for (unknown) ((unknown)@(unknown))
Mar 06 15:23:10 SERVER prosody[22811]: socket: server.lua: closed client handler and removed socket from list
Mar 06 15:23:10 SERVER prosody[22811]: general: Shutting down...
Mar 06 15:23:10 SERVER prosody[22811]: general: Shutdown status: Cleaning up
Mar 06 15:23:10 SERVER prosody[22811]: general: Shutdown complete
Mar 06 15:23:10 SERVER prosodyctl[23314]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23314]: Prosody was unable to find LuaSec
Mar 06 15:23:10 SERVER prosodyctl[23314]: This package can be obtained in the following ways:
Mar 06 15:23:10 SERVER prosodyctl[23314]:         Source:           [url]http://www.inf.puc-rio.br/~brunoos/luasec/[/url]
Mar 06 15:23:10 SERVER prosodyctl[23314]:         Debian/Ubuntu:    [url]http://prosody.im/download/start#debian_and_ubuntu[/url]
Mar 06 15:23:10 SERVER prosodyctl[23314]:         luarocks:         luarocks install luasec
Mar 06 15:23:10 SERVER prosodyctl[23314]: SSL/TLS support will not be available
Mar 06 15:23:10 SERVER prosodyctl[23314]: More help can be found on our website, at [url]http://prosody.im/doc/depends[/url]
Mar 06 15:23:10 SERVER prosodyctl[23314]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23314]: Stopped
Mar 06 15:23:10 SERVER systemd[1]: Stopped XMPP (Jabber) Server.
Mar 06 15:23:10 SERVER systemd[1]: Starting XMPP (Jabber) Server...
Mar 06 15:23:10 SERVER prosody[23324]: mod_posix: Prosody is about to detach from the console, disabling further console output
Mar 06 15:23:10 SERVER prosodyctl[23322]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23322]: Prosody was unable to find LuaSec
Mar 06 15:23:10 SERVER prosodyctl[23322]: This package can be obtained in the following ways:
Mar 06 15:23:10 SERVER prosodyctl[23322]:         Source:           [url]http://www.inf.puc-rio.br/~brunoos/luasec/[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]:         Debian/Ubuntu:    [url]http://prosody.im/download/start#debian_and_ubuntu[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]:         luarocks:         luarocks install luasec
Mar 06 15:23:10 SERVER prosodyctl[23322]: SSL/TLS support will not be available
Mar 06 15:23:10 SERVER prosodyctl[23322]: More help can be found on our website, at [url]http://prosody.im/doc/depends[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23322]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23322]: Prosody was unable to find LuaSec
Mar 06 15:23:10 SERVER prosodyctl[23322]: This package can be obtained in the following ways:
Mar 06 15:23:10 SERVER prosodyctl[23322]:         Source:           [url]http://www.inf.puc-rio.br/~brunoos/luasec/[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]:         Debian/Ubuntu:    [url]http://prosody.im/download/start#debian_and_ubuntu[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]:         luarocks:         luarocks install luasec
Mar 06 15:23:10 SERVER prosodyctl[23322]: SSL/TLS support will not be available
Mar 06 15:23:10 SERVER prosodyctl[23322]: More help can be found on our website, at [url]http://prosody.im/doc/depends[/url]
Mar 06 15:23:10 SERVER prosodyctl[23322]: **************************
Mar 06 15:23:10 SERVER prosodyctl[23322]: Started
Mar 06 15:23:10 SERVER prosody[23326]: mod_posix: Successfully daemonized to PID 23326
Mar 06 15:23:10 SERVER systemd[1]: prosody.service: Supervising process 23326 which is not our child. We'll most likely not notice when it exits.
Mar 06 15:23:10 SERVER systemd[1]: Started XMPP (Jabber) Server.

/etc/prosody/prosody.cfg.lua

daemonize = true
pidfile = "/run/prosody/prosody.pid"
s2s_require_encryption = false

---------- Server-wide settings ----------
admins = { }

modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"vcard"; -- Allow users to set vCards
	
	-- These are commented by default as they have a performance impact
		--"privacy"; -- Support privacy lists
		--"compression"; -- Stream compression

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"pep"; -- Enables users to publish their mood, activity, playing music and more
		"register"; -- Allow users to register on this server using a client and change passwords

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
	
	-- HTTP modules
		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
		--"groups"; -- Shared roster support
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
};

modules_disabled = {
	-- "offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
};

allow_registration = false;

-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
	key = "/etc/prosody/certs/localhost.key";
	certificate = "/etc/prosody/certs/localhost.crt";
}


c2s_require_encryption = false


s2s_secure_auth = false


authentication = "internal_plain"

log = {
	info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
	error = "prosody.err";
	"*syslog"; -- Uncomment this for logging to syslog
	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
}


VirtualHost "PROSODYSERVER"

VirtualHost "example.com"
	enabled = false -- Remove this line to enable this host
	ssl = {
		key = "/etc/prosody/certs/example.com.key";
		certificate = "/etc/prosody/certs/example.com.crt";
	}

I'll appreciate whatever tip you can give me on this

Last edited by xganesh (2016-03-07 19:24:49)

Scimmia · 2016-03-06 23:50:35

https://bugs.archlinux.org/task/48480

WorMzy · 2016-03-07 00:07:07

Please use code tags, rather than quote tags, when pasting terminal output or config files.

xganesh · 2016-03-07 19:22:48

Thanks for the reply, right on.
Sorry about the wrong markup. I fixed it

Last edited by xganesh (2016-03-07 19:25:22)

Arch Linux

#1 2016-03-06 20:54:45

Prosody cannot use SSL/TLS after upgrade [Solved]

#2 2016-03-06 23:50:35

Re: Prosody cannot use SSL/TLS after upgrade [Solved]

#3 2016-03-07 00:07:07

Re: Prosody cannot use SSL/TLS after upgrade [Solved]

#4 2016-03-07 19:22:48

Re: Prosody cannot use SSL/TLS after upgrade [Solved]

Board footer