GNOME Bugzilla – Bug 76476
nntps patch
Last modified: 2011-12-03 08:05:57 UTC
This patch adds support for SSL (with openssl). Apply it with -p1, run autoconf after patching and before ./configure (patch adds an option to configure).
Created attachment 7398 [details] [review] the patch
Created attachment 7409 [details] [review] the patch (missing config.h.in in the last one)
Created attachment 7411 [details] [review] new version of the patch (correcting a hang on socket close)
*** Bug 76457 has been marked as a duplicate of this bug. ***
Created attachment 7550 [details] [review] patch for last version 0.11.2.91 (-p1 as usual)
Created attachment 8412 [details] [review] patch for latest (05-13-2002) pan-0-11-fix branch
Created attachment 8413 [details] [review] patch for latest (05-13-2002) HEAD branch
Hi, some news about this one ? I could provide an updated patch (last one causes two rejects with last cvs) if needed, although I've got problems with autoheader stuff.
Moving enhancements to bluesky.
SourceForge is using nntps now. This would be handy.
I suppose we could now add this patch in HEAD. Colin: what's the state of this patch? Is it updated against 0.13.1?
hi no, it wasn't... Here's a quick update lacking server-ui.c (gui) changes and configure doesn't output USE_SSL to config.h (although it checks for it). Quite no time to test/finish it more, but it should be straight-away for you knowing gtk2 ;-) Cheers, Colin
Created attachment 11768 [details] [review] almost complete patch against 10/23/2002 cvs HEAD
*** Bug 117916 has been marked as a duplicate of this bug. ***
This patch is out of date (again). We should revisit this when GNet adds support for SSL (currently under discussion in gnet-devel).
Bumping the priority level to High due to the attached patches.
Dropping priority again since this patch is obsolete and superseded by the plan to use gnet for ssl (once it supports it).
This would be a nice feature to have post 1.0 if it is still possible.
I also strongly vote for NNTPS support in the very near future! Thx a lot!
Some ISPs (for example Comcast Cable) require username and password to read news. This is typically the same username and password as their main user account. They offer both plain and SSL connection to the newserver. Quite obviously it is a really bad idea to connect without SSL. There don't seem to be many open source news readers with SSL support (Mozilla products being the notable exception), so it would be really great to provide SSL in Pan. While using stunnel with Pan might be suitable for the technical crowd, it is obviously not going to work for the majority of normal users (and using stunnel is an annoying hassle even for those who know how to use it). In my experience it isn't very much work to add SSL support using OpenSSL (I've got experience adding SSL support using a Python wrapper of OpenSSL). There are some gotchas, so it is good to have pointers on what to do and not do. There is a great resource to developers who wish to use OpenSSL: "Network Security with OpenSSL" by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X. GNet seems to be dead: http://www.gnetlibrary.org/. There have been no updates since 2005 according to the website. There are no news or plans about SSL support in GNet anywhere that I could find. I don't know if it would be easier to add SSL support to GNet directly or to Pan, although I would suspect adding it to Pan would be easier. I am willing to put my skills where my mouth is and help code and test, but I would need some assurances from the maintainers that this is actually something they would be willing to commit to now. The previous efforts to bring SSL into Pan seem to have been ignored.
Heikki, Last year Charles began rewriting PAN using C++ and he did not use gnet when he did that. I /think/ Charles still considers this feature to be one of the items he would like to do but he just hasn't gotten to it. I am guessing that part of the reason he hasn't is that many people use stunnel. He is VERY receptive to patches so if you are willing to do the work he has been great at reviewing and accepting patches (Including some hackish ones I put together;) ). The current version of pan is in the Gnome svn as "Pan2" and has become VERY stable over the last year and I suspect a 1.0 release is soon. Thanks!
Please add another vote to include SSL with pan. Stunnel has not worked for me yet but still trying since it's the only way. Perhaps a bullet on the pan FAQ or link to a How-to in the meantime?
Created attachment 100991 [details] [review] patch adds SSL UI to r324 I did all the work on this early fall, and first did the UI part figuring it would be interesting to learn about gtk programmning. Then I started looking at where the sockets are used so that I could switch to SSL sockets. Alas, I could not find them. It seems the whole network stack used is highly abstracted now, and I could not find any simple sockets which would be easy to change for SSL. At that point I pretty much lost steam, since the alternative is to implement SSL using BIO pairs and do SSL in memory such that the lower level code does not even know SSL is taking place. I've done that in Python using M2Crypto. It was painful even then. I dread the thought of writing it again in C/C++. I put in a stub that shows where this code would go, but I've been unable to get myself started on that stuff.
I have stunnel working with Pan ver 0.14.2, It runs on startup from rc.local with /usr/sbin/stunnel /etc/log.d/conf/services/stunnel.conf Linux version RHEL 4_U6 Stunnel version stunnel 4.05 on i686-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003 Global options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /etc/stunnel/stunnel.pem pid = /var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none Here is the only contents of my stunnel.conf cert = /etc/stunnel/symbion.pem chroot = /var/run/stunnel/ pid = /stunnel.pid setuid = nobody setgid = nobody output = /tmp/stunnel.log client = yes [nntps] accept = 119 connect = ssl.usenet-news.net:443 In Pan the server name is localhost and the port is set at 119 Hope it helps in the meantime.