From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/18728 Path: news.gmane.org!.POSTED!not-for-mail From: Maxim Cournoyer Newsgroups: gmane.emacs.gnus.user Subject: Gmane with Gnus first timer Date: Wed, 27 Sep 2017 11:12:38 -0400 Message-ID: <877ewk41ll.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1506525352 5469 195.159.176.226 (27 Sep 2017 15:15:52 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 27 Sep 2017 15:15:52 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) To: info-gnus-english@gnu.org Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Wed Sep 27 17:15:41 2017 Return-path: Envelope-to: gegu-info-gnus-english@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxE3j-0000V1-Uw for gegu-info-gnus-english@m.gmane.org; Wed, 27 Sep 2017 17:15:36 +0200 Original-Received: from localhost ([::1]:55212 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxE3r-0008FV-9v for gegu-info-gnus-english@m.gmane.org; Wed, 27 Sep 2017 11:15:43 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:32914) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxE3k-0008F5-Mv for info-gnus-english@gnu.org; Wed, 27 Sep 2017 11:15:41 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxE3i-0003I7-1A for info-gnus-english@gnu.org; Wed, 27 Sep 2017 11:15:36 -0400 Original-Received: from [195.159.176.226] (port=54181 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dxE3h-0003HH-QP for info-gnus-english@gnu.org; Wed, 27 Sep 2017 11:15:33 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dxE3F-0007Fw-TF for info-gnus-english@gnu.org; Wed, 27 Sep 2017 17:15:05 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 125 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:EMpRfVZ1IB6K11TA/xSV2Uds8As= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: info-gnus-english@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Announcements and discussions for GNUS, the GNU Emacs Usenet newsreader \(in English\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Original-Sender: "info-gnus-english" Xref: news.gmane.org gmane.emacs.gnus.user:18728 Archived-At: Hello Gnusers! I've started experimenting with Gmane[1], and it seems very useful at easily navigating archived mailing lists! I thought I'd share some of the details for NNTP neophytes like me; I had the good fortune to be helped on the IRC #gnus channel by sixbitslacker, who shared important bits of their config as well as the Gmane's X.509 certificate necessary for proper TLS authentication. * Gnus configuration The first thing I did was adding a select method to my Gnus configuration. I already had a `gnus-select-method' defined with my email server, so I used `gnus-secondary-select-methods' for Gmane: --8<---------------cut here---------------start------------->8--- ;; To be put in your ~/.gnus.el or similar. (setq gnus-secondary-select-methods '((nntp "gmane" (nntp-address "news.gmane.org")))) --8<---------------cut here---------------end--------------->8--- * Gmane TLS certificate I then started Gnus. I was greeted with a warning that said: --8<---------------cut here---------------start------------->8--- Certificate information Issued by: news.gmane.org Issued to: Gmane Hostname: news.gmane.org Public key: RSA, signature: RSA-SHA1 Protocol: TLS1.2, key: RSA, cipher: AES-256-GCM, mac: AEAD Security level: Low Valid: From 2015-01-13 to 2018-01-12 The TLS connection to news.gmane.org:nntp is insecure for the following reasons: certificate signer was not found (self-signed) certificate was signed with an insecure algorithm the certificate was signed by an unknown and therefore unstrusted authority certificate could not be verified --8<---------------cut here---------------end--------------->8--- While we can't do anything about the weak SHA1 signature, we can at least fix the other warnings by trusting the self-signed certificate that Gmane is using. To do so, we must first retrieve the X.509 certificate that Gmane uses. The OpenSSL package provides a mean to do so (credits to sixbitslacker): openssl s_client -starttls smtp -connect news.gmane.org:119 Amongst the output you should find the server certificate, which is: --8<---------------cut here---------------start------------->8--- -----BEGIN CERTIFICATE----- MIICwjCCAiugAwIBAgIJAJOYYw06tv/WMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV BAYTAk5PMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ4wDAYDVQQKEwVHbWFuZTEXMBUG A1UEAxMObmV3cy5nbWFuZS5vcmcwHhcNMTUwMTEzMjExMzQ2WhcNMTgwMTEyMjEx MzQ2WjBLMQswCQYDVQQGEwJOTzETMBEGA1UECBMKU29tZS1TdGF0ZTEOMAwGA1UE ChMFR21hbmUxFzAVBgNVBAMTDm5ld3MuZ21hbmUub3JnMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDK4MBGhSVg3O/L0U7ME7D4kmiPShwxmu6NZzQ5UsBV3S5H qzPBEaInGUqX0IJX2pGVMKTGOmy+Sz0aJYcKQJdJ1Zq9LAtUOk7gflxX4z4wrcng 9bRz1z8D3/KJFyTrELZyEC8DkKEwbO4LxO3QrfxNXOkpuVZ0eUlP/AwVGN9D+QID AQABo4GtMIGqMB0GA1UdDgQWBBRCnZpe5p9+0CKQoFm/RVzp/EmUTzB7BgNVHSME dDBygBRCnZpe5p9+0CKQoFm/RVzp/EmUT6FPpE0wSzELMAkGA1UEBhMCTk8xEzAR BgNVBAgTClNvbWUtU3RhdGUxDjAMBgNVBAoTBUdtYW5lMRcwFQYDVQQDEw5uZXdz LmdtYW5lLm9yZ4IJAJOYYw06tv/WMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEAQgcrfK9IN7DfqIGVwuhHZRBskbcTyD0oh11zUrr1s44sEq4pWT/ht42C Cpn4g+mCCOLewLT+MAHxs7Acxbkxd+lQyRVWknVLHNQL48dUrQX9QCEZVcLHcZmL w2mmmDMfRgLNKdNDO60BMtK/EGGaaYmLY+B4EzQtSVGRZfANXLg= -----END CERTIFICATE----- --8<---------------cut here---------------end--------------->8--- Save this file somewhere, say, to "~/.gnutls/gmane.pem". Now we must configure Emacs to trust this certificate. One easy way is to add this line to your ~/.emacs file: (add-to-list 'gnutls-trustfile "~/.gnutls/gmane.pem") Another other options to make it globally trusted would be to place the file under /etc/ Eval this line (C-M-x or C-x C-e on that s-exp) and restart Gnus. The only remaining warning should be the one about the weak SHA1 signature: When I did, Emacs still complained that the server was deemed insecure because the "certificate signer was not found (self-signed)". I am not sure why it persists warning me about a self-signed certificate after I've explicitly given it my trust, nor do I know why the weak SHA1 issue is not raised anymore... But anyway, I consider our due diligence done, so at this point you may choose "Always" when presented the security prompt. * Browsing lists with Gmane You should now be in the plain old *Group* buffer, with nothing new in it. To actually navigate the mailing lists archived by Gmane, you may press the '^' key to show a list of the known servers. It should contain an entry for the newly added news.gmane.org news server, such as: {nntp:gmane} (opened) Finally, by clicking (on typing RET) on that gmane entry, you should now have access to a huge collection of archived mailing lists (31682 at the time of writing), which can be comfortably browsed in a Gnusy way. You can also subscribe using 'u', to show some of these in your *Group* buffer. * Posting to a Gmane Instead of sending an email with 'm', you can now send an article (the equivalent in the world of news) with the 'a' key. This long text is my first attempt at doing so; if you received it, it's because it worked! Happy hacking, Maxim [1] http://gmane.org