From: pitchum@gramaton.org   
      
   Package: ejabberd   
   Version: 24.12-3   
   Severity: important   
      
   Dear Maintainer,   
      
   since recently, some incomping S2S connections are systematically rejected due   
   to new letsencrypt certificates that do not include clientAuth anymore.   
   Here is the message seen in ejabberd logs:   
      
       Failed inbound s2s EXTERNAL authentication remoteserver.tld ->   
   myserver.tld ... unsupported certificate purpose   
      
   This problem is known (cf. [1]) and was fixed for ejabberd v25.07.   
   A possible workaround would be to contact every admin of other servers to ask   
   them to enable mod_dialback, but I think this is hopeless.   
      
   So I manually patched my own servers (all of theme are running ejabberd from   
   Debian Trixie) by :   
   - installing erlang-p1-tls v1.1.25 (rebuilt for Trixie)   
   - applying the one-line patch on src/ejabberd_s2s_in.erl (cf. [2])   
      
   Would it be feasable to include this fix into Debian stable? Or in   
   proposed-updates?   
      
   [1]: https://github.com/processone/ejabberd/issues/4392   
   [2]: https://github.com/processone/ejabberd/commit/72bc9b6#diff-   
   8717b2810c40f5556afc28a834bacd6676d2d1752c655fce7dcbe8588c17288   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)