From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/61006 Path: news.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: SSL-enabled protocols Date: Fri, 23 Sep 2005 10:54:53 +0200 Message-ID: References: <87zmq5s5nh.fsf@myxomop.com> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1127466078 3754 80.91.229.2 (23 Sep 2005 09:01:18 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 23 Sep 2005 09:01:18 +0000 (UTC) Original-X-From: ding-owner+m9538@lists.math.uh.edu Fri Sep 23 11:01:15 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EIjQY-0007Cj-9M for ding-account@gmane.org; Fri, 23 Sep 2005 11:01:06 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1EIjQP-0003Hy-00; Fri, 23 Sep 2005 04:00:57 -0500 Original-Received: from nas02.math.uh.edu ([129.7.128.40]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1EIjKj-0003Hs-00 for ding@lists.math.uh.edu; Fri, 23 Sep 2005 03:55:05 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by nas02.math.uh.edu with esmtp (Exim 4.52) id 1EIjKf-0002L4-Hd for ding@lists.math.uh.edu; Fri, 23 Sep 2005 03:55:05 -0500 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1EIjKa-0000RH-00 for ; Fri, 23 Sep 2005 10:54:56 +0200 Original-Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j8N8ssTB011787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 23 Sep 2005 10:54:55 +0200 Original-To: ding@gnus.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050923:ding@gnus.org::ULfAll6hYZ3y+lHN:0KrE In-Reply-To: <87zmq5s5nh.fsf@myxomop.com> (Alexander Kotelnikov's message of "Thu, 22 Sep 2005 15:28:34 +0400") User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean X-Spam-Score: -2.3 (--) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:61006 Archived-At: Alexander Kotelnikov writes: > Hello. > > Can anyone clarify to me, how should one use imaps/nntps? I belive, > openssl/gnutsl-cli usage for opening these connections is absolutely > unacceptable, since these programs maintain a connection even if > certificates check fails. I use stunnel for imaps, but for > not-still-investigated reasons it does not work for nntps. Is there any > other ways? I have fixed gnutls-cli so that if you supply a --x509cafile or --pgptrustdb parameter, and the server certificate validation fails, the program will terminate. So you should be able to use tomorrow's GnuTLS snapshot with Gnus to achieve what you want. I can't help you with nntps.