* SSL-enabled protocols
@ 2005-09-22 11:28 Alexander Kotelnikov
2005-09-23 8:54 ` Simon Josefsson
0 siblings, 1 reply; 3+ messages in thread
From: Alexander Kotelnikov @ 2005-09-22 11:28 UTC (permalink / raw)
Hello.
Can anyone clarify to me, how should one use imaps/nntps? I belive,
openssl/gnutsl-cli usage for opening these connections is absolutely
unacceptable, since these programs maintain a connection even if
certificates check fails. I use stunnel for imaps, but for
not-still-investigated reasons it does not work for nntps. Is there any
other ways?
--
Alexander Kotelnikov
Saint-Petersburg, Russia
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SSL-enabled protocols
2005-09-22 11:28 SSL-enabled protocols Alexander Kotelnikov
@ 2005-09-23 8:54 ` Simon Josefsson
2005-09-23 10:57 ` Alexander Kotelnikov
0 siblings, 1 reply; 3+ messages in thread
From: Simon Josefsson @ 2005-09-23 8:54 UTC (permalink / raw)
Alexander Kotelnikov <sacha@myxomop.com> writes:
> Hello.
>
> Can anyone clarify to me, how should one use imaps/nntps? I belive,
> openssl/gnutsl-cli usage for opening these connections is absolutely
> unacceptable, since these programs maintain a connection even if
> certificates check fails. I use stunnel for imaps, but for
> not-still-investigated reasons it does not work for nntps. Is there any
> other ways?
I have fixed gnutls-cli so that if you supply a --x509cafile or
--pgptrustdb parameter, and the server certificate validation fails,
the program will terminate. So you should be able to use tomorrow's
GnuTLS snapshot with Gnus to achieve what you want. I can't help you
with nntps.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SSL-enabled protocols
2005-09-23 8:54 ` Simon Josefsson
@ 2005-09-23 10:57 ` Alexander Kotelnikov
0 siblings, 0 replies; 3+ messages in thread
From: Alexander Kotelnikov @ 2005-09-23 10:57 UTC (permalink / raw)
>>>>> On Fri, 23 Sep 2005 10:54:53 +0200
>>>>> "SJ" == Simon Josefsson <jas@extundo.com> wrote:
SJ>
SJ> Alexander Kotelnikov <sacha@myxomop.com> writes:
>> Hello.
>>
>> Can anyone clarify to me, how should one use imaps/nntps? I belive,
>> openssl/gnutsl-cli usage for opening these connections is absolutely
>> unacceptable, since these programs maintain a connection even if
>> certificates check fails. I use stunnel for imaps, but for
>> not-still-investigated reasons it does not work for nntps. Is there any
>> other ways?
SJ>
SJ> I have fixed gnutls-cli so that if you supply a --x509cafile or
SJ> --pgptrustdb parameter, and the server certificate validation fails,
SJ> the program will terminate. So you should be able to use tomorrow's
SJ> GnuTLS snapshot with Gnus to achieve what you want. I can't help you
SJ> with nntps.
Oh, thanks. This should help with nntps either, even an approach used
in stunnel (when user can tell in what conditions to abort a
connection) seems to be more elegant.
--
Alexander Kotelnikov
Saint-Petersburg, Russia
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-23 10:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-09-22 11:28 SSL-enabled protocols Alexander Kotelnikov
2005-09-23 8:54 ` Simon Josefsson
2005-09-23 10:57 ` Alexander Kotelnikov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).