* nntp and ssl
@ 2006-04-12 19:57 Antoine Junod
2006-04-16 16:58 ` Lars Magne Ingebrigtsen
2006-04-20 20:46 ` m. kolb
0 siblings, 2 replies; 8+ messages in thread
From: Antoine Junod @ 2006-04-12 19:57 UTC (permalink / raw)
Hello,
I was using gnus to read my mails (IMAP + SSL) and news
(NNTP) without any problem until my news provider updated
the news server. NNTP is no longer supported and I have to
use NNTP over SSL.
I've tried to change my conf as follow:
(setq gnus-select-method'
(nntp "news.epfl.ch"
(nntp-open-connection-function
nntp-open-ssl-stream)
(nntp-port-number)
(nntp-address "news.epfl.ch"))
But when i'm launching gnus, il says me
nntp (news.epfl.ch) open error: ''. Continue? (y or n)
What should I try to debug that?
Network config seems a bit crazy for that server but
thinderbird can handle that crazieness so i think it's not
so important (look at the last steps):
zapata ~ # tcptraceroute news.epfl.ch 563
Selected device eth0, address 213.239.193.37, port 33726 for
outgoing packets
Tracing the path to news.epfl.ch (128.178.50.84) on TCP port
563 (nntps), 30 hops max
1 213-239-193-33.clients.your-server.de (213.239.193.33)
0.414 ms 0.393 ms 0.450 ms
2 et-2-14.RS86001.RZ3.hetzner.de (213.133.96.77) 0.865
ms 0.287 ms 0.234 ms
3 gi-upl.lambdanet.hetzner.de (213.239.240.195) 0.931 ms
0.294 ms 0.421 ms
4 nbg.de.lambdanet.net (213.133.96.234) 1.182 ms 0.445
ms 0.422 ms
5 FRA-2-pos620.de.lambdanet.net (217.71.96.41) 4.295 ms
72.759 ms 4.421 ms
6 FRA-11-pos300.de.lambdanet.net (217.71.105.94) 5.239
ms 4.202 ms 4.445 ms
7 FRA-8-pos300.de.lambdanet.net (217.71.105.225) 4.639
ms 4.217 ms 4.181 ms
8 ZUR-1-eth000-103.ch.lambdanet.net (80.86.163.26)
17.382 ms 16.709 ms 16.714 ms
9 swiix1-g2-1.switch.ch (194.42.48.11) 20.946 ms 20.725
ms 20.531 ms
10 swiZH2-10GE-1-3.switch.ch (130.59.36.130) 21.051 ms
20.340 ms 20.620 ms
11 swiEL2-G2-3.switch.ch (130.59.36.78) 20.842 ms 20.464
ms 20.349 ms
12 news.epfl.ch (128.178.50.84) 21.376 ms 20.425 ms
20.758 ms
13 news.epfl.ch (128.178.50.84) 21.235 ms 20.673 ms
21.437 ms
14 news.epfl.ch (128.178.50.84) 20.425 ms 20.379 ms
20.978 ms
15 news.epfl.ch (128.178.50.84) [open] 20.743 ms * 20.882 ms
zapata ~ #
I'm really sorry to typeset as a piggy but i'm not writing
that post in emacs and the news reader i'm using does not
seem to like me.
Thanks a lot for your help
-AJ
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-12 19:57 nntp and ssl Antoine Junod
@ 2006-04-16 16:58 ` Lars Magne Ingebrigtsen
2006-04-20 20:46 ` m. kolb
1 sibling, 0 replies; 8+ messages in thread
From: Lars Magne Ingebrigtsen @ 2006-04-16 16:58 UTC (permalink / raw)
Antoine Junod <antoine.junod@epfl.ch> writes:
> (setq gnus-select-method'
> (nntp "news.epfl.ch"
> (nntp-open-connection-function nntp-open-ssl-stream)
> (nntp-port-number)
> (nntp-address "news.epfl.ch"))
I think that should be
(nntp-port-number 563)
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-12 19:57 nntp and ssl Antoine Junod
2006-04-16 16:58 ` Lars Magne Ingebrigtsen
@ 2006-04-20 20:46 ` m. kolb
2006-04-21 7:54 ` Antoine Junod
1 sibling, 1 reply; 8+ messages in thread
From: m. kolb @ 2006-04-20 20:46 UTC (permalink / raw)
Antoine Junod <antoine.junod@epfl.ch> writes:
> Hello,
>
> I was using gnus to read my mails (IMAP + SSL) and news (NNTP) without
> any problem until my news provider updated the news server. NNTP is no
> longer supported and I have to use NNTP over SSL.
>
> I've tried to change my conf as follow:
>
> (setq gnus-select-method' (nntp
> "news.epfl.ch"
>
> (nntp-open-connection-function nntp-open-ssl-stream)
>
> (nntp-port-number)
>
> (nntp-address "news.epfl.ch"))
When we changed to require SSL and authentication, I changed my
pertinent .gnus.el like this:
(add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)
(setq gnus-select-method '(nntp "nntp.msu.edu"
(nntp-open-connection-function
nntp-open-ssl-stream)
(nntp-port-number "nntps")
(nntp-address "nntp.msu.edu")))
Best of luck,
./muk
--
m. kolb <muk@msu.edu>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-20 20:46 ` m. kolb
@ 2006-04-21 7:54 ` Antoine Junod
2006-04-28 16:56 ` m. kolb
0 siblings, 1 reply; 8+ messages in thread
From: Antoine Junod @ 2006-04-21 7:54 UTC (permalink / raw)
m. kolb wrote:
> Antoine Junod <antoine.junod@epfl.ch> writes:
>
>
>>Hello,
>>
>>I was using gnus to read my mails (IMAP + SSL) and news (NNTP) without
>>any problem until my news provider updated the news server. NNTP is no
>>longer supported and I have to use NNTP over SSL.
>>
>>I've tried to change my conf as follow:
>>
>>(setq gnus-select-method' (nntp
>>"news.epfl.ch"
>>
>> (nntp-open-connection-function nntp-open-ssl-stream)
>>
>> (nntp-port-number)
>>
>> (nntp-address "news.epfl.ch"))
>
>
> When we changed to require SSL and authentication, I changed my
> pertinent .gnus.el like this:
>
> (add-hook 'nntp-server-opened-hook 'nntp-send-authinfo)
>
> (setq gnus-select-method '(nntp "nntp.msu.edu"
> (nntp-open-connection-function
> nntp-open-ssl-stream)
> (nntp-port-number "nntps")
> (nntp-address "nntp.msu.edu")))
hum, it freeze with the following line:
Loading ssl...done
Any idea?
Thanks for your help.
-AJ
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-21 7:54 ` Antoine Junod
@ 2006-04-28 16:56 ` m. kolb
2006-04-28 17:54 ` Anne & Lynn Wheeler
2006-04-30 7:15 ` Antoine Junod
0 siblings, 2 replies; 8+ messages in thread
From: m. kolb @ 2006-04-28 16:56 UTC (permalink / raw)
Antoine Junod <antoine.junod@epfl.ch> writes:
> hum, it freeze with the following line:
>
> Loading ssl...done
Unfortunately I'm not sure what is happening there. Can you just
openssl s_client -connect newshost:563 from your machine and see what is
happening?
Best of luck, and sorry for the late reply.
./muk
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-28 16:56 ` m. kolb
@ 2006-04-28 17:54 ` Anne & Lynn Wheeler
2006-04-30 7:15 ` Antoine Junod
1 sibling, 0 replies; 8+ messages in thread
From: Anne & Lynn Wheeler @ 2006-04-28 17:54 UTC (permalink / raw)
muk@msu.edu (m. kolb) writes:
> Unfortunately I'm not sure what is happening there. Can you just
> openssl s_client -connect newshost:563 from your machine and see what is
> happening?
about 20-30percent of the time ... i see freeze-up while reading
active file. it rarely freezes at any other point .... openssl
0.9.8a-5.2; no gnus v0.5
first couple times i had to kill emacs and restart. i eventually did a
script that i run in another window that gets the process number of
openssl and kills it. turns out that it kills openssl and then after a
couple seconds it checks to see if it has to kill openssl a second
time (about half the time after it has killed openssl while reading
the active file, gnus continues a little bit and then freezes a second
time).
it then is good ... until the next get-new-news, at which point there
is about 1-in-3 chance it will repeat
it also freezes about 95 percent of the time when posting ... i run
the kill script; gnus then completes saying that the posting failed;
however the post was actually made (like is going to happen when this
is posted)
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-28 16:56 ` m. kolb
2006-04-28 17:54 ` Anne & Lynn Wheeler
@ 2006-04-30 7:15 ` Antoine Junod
2006-05-03 13:19 ` m. kolb
1 sibling, 1 reply; 8+ messages in thread
From: Antoine Junod @ 2006-04-30 7:15 UTC (permalink / raw)
m. kolb wrote:
> Antoine Junod <antoine.junod@epfl.ch> writes:
>
> > hum, it freeze with the following line:
> >
> > Loading ssl...done
>
>
> Unfortunately I'm not sure what is happening there. Can you just
> openssl s_client -connect newshost:563 from your machine and see what is
> happening?
It seems to work fine:
$> openssl s_client -connect newse.fpl.ch:563
CONNECTED(00000003)
depth=0
/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=news.epfl.ch/emailAddress=Franck.Perrot@epfl.ch
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=news.epfl.ch/emailAddress=Franck.Perrot@epfl.ch
verify error:num=27:certificate not trusted
verify return:1
depth=0
/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=news.epfl.ch/emailAddress=Franck.Perrot@epfl.ch
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0
s:/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=news.epfl.ch/emailAddress=Franck.Perrot@epfl.ch
i:/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=EPFL Certification
Authority/emailAddress=cert-auth@epfl.ch
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICqTCCAhKgAwIBAgICB3EwDQYJKoZIhvcNAQEEBQAwgYcxCzAJBgNVBAYTAkNI
MQ0wCwYDVQQIEwRWYXVkMREwDwYDVQQHEwhMYXVzYW5uZTENMAsGA1UEChMERVBG
TDElMCMGA1UEAxMcRVBGTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqG
SIb3DQEJARYRY2VydC1hdXRoQGVwZmwuY2gwHhcNMDYwMzE2MTEwODQ1WhcNMTIw
MTE0MTEwODQ1WjB7MQswCQYDVQQGEwJDSDENMAsGA1UECBMEVmF1ZDERMA8GA1UE
BxMITGF1c2FubmUxDTALBgNVBAoTBEVQRkwxFTATBgNVBAMTDG5ld3MuZXBmbC5j
aDEkMCIGCSqGSIb3DQEJARYVRnJhbmNrLlBlcnJvdEBlcGZsLmNoMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQCofko/xRXXuY545eh9SrN74VV0+VdV+/Sf3mSU
XiUvR1BSijiQQ/AvJxK+aap284txZ2s7442UnZ1kypGjqZVx6gGq4nps9GuN15zN
/aeCVZHEwKgxB2ULCWPPArISWdMO57ZqkCDQjQhjpyAVtS4yRd951XkTtsclZ19k
u9n2nQIDAQABoy8wLTArBgNVHREEJDAighBlcGZsbmV3cy5lcGZsLmNogg5mb3J1
bXMuZXBmbC5jaDANBgkqhkiG9w0BAQQFAAOBgQApm6IM+sNxMQ9isRP8CIIbD1PP
1cLdFRUuB3hqC/MSWdQITEFknWWHnjGwVyOZMCp8sqoDmh+qXb05n6lKWbvsrdX7
wpHeCBXkXrxU6bJLtgn+9nnpMNJGQv8KQehaqEQgZhSnAZFADT6g2ciqiL+ZrOMu
BuL+yYbAwZ9TYmyblw==
-----END CERTIFICATE-----
subject=/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=news.epfl.ch/emailAddress=Franck.Perrot@epfl.ch
issuer=/C=CH/ST=Vaud/L=Lausanne/O=EPFL/CN=EPFL Certification
Authority/emailAddress=cert-auth@epfl.ch
---
No client certificate CA names sent
---
SSL handshake has read 847 bytes and written 346 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
9FB22FCA52BC2E7938D0746223ACEE033B951D662BA5DEB21D8AD342F2E0F9D8
Session-ID-ctx:
Master-Key:
D0F0A77AC81973EC392A5C8D8FA547748C6ABDD8F430406B254E115F3ED7B7CD8FB65C910757726BBCFD01C92AC01056
Key-Arg : None
Start Time: 1146377081
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
200 Bienvenue sur le serveur News de l'EPFL - Welcome to the EPFL's News
server
Thanks a lot for your help
-AH
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: nntp and ssl
2006-04-30 7:15 ` Antoine Junod
@ 2006-05-03 13:19 ` m. kolb
0 siblings, 0 replies; 8+ messages in thread
From: m. kolb @ 2006-05-03 13:19 UTC (permalink / raw)
Antoine Junod <antoine.junod@epfl.ch> writes:
> m. kolb wrote:
>> Antoine Junod <antoine.junod@epfl.ch> writes:
> >
>> > hum, it freeze with the following line:
>> >
>> > Loading ssl...done
>> Unfortunately I'm not sure what is happening there. Can you just
>> openssl s_client -connect newshost:563 from your machine and see what is
>> happening?
>
> It seems to work fine:
>
> $> openssl s_client -connect newse.fpl.ch:563
> CONNECTED(00000003)
> depth=0
I'm at a loss :/ Sorry!
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2006-05-03 13:19 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-12 19:57 nntp and ssl Antoine Junod
2006-04-16 16:58 ` Lars Magne Ingebrigtsen
2006-04-20 20:46 ` m. kolb
2006-04-21 7:54 ` Antoine Junod
2006-04-28 16:56 ` m. kolb
2006-04-28 17:54 ` Anne & Lynn Wheeler
2006-04-30 7:15 ` Antoine Junod
2006-05-03 13:19 ` m. kolb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).