After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 76476 - nntps patch
nntps patch
Status: RESOLVED OBSOLETE
Product: Pan
Classification: Other
Component: general
0.11.2
Other Linux
: Normal enhancement
: bluesky
Assigned To: Charles Kerr
Charles Kerr
: 76457 117916 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2002-03-26 17:04 UTC by Colin Leroy
Modified: 2011-12-03 08:05 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
the patch (15.61 KB, patch)
2002-03-26 17:05 UTC, Colin Leroy
none Details | Review
the patch (missing config.h.in in the last one) (15.87 KB, patch)
2002-03-27 10:54 UTC, Colin Leroy
none Details | Review
new version of the patch (correcting a hang on socket close) (15.61 KB, patch)
2002-03-27 15:22 UTC, Colin Leroy
none Details | Review
patch for last version 0.11.2.91 (-p1 as usual) (15.65 KB, patch)
2002-04-04 13:45 UTC, Colin Leroy
none Details | Review
patch for latest (05-13-2002) pan-0-11-fix branch (15.77 KB, patch)
2002-05-12 22:46 UTC, Colin Leroy
none Details | Review
patch for latest (05-13-2002) HEAD branch (15.38 KB, patch)
2002-05-12 22:46 UTC, Colin Leroy
none Details | Review
almost complete patch against 10/23/2002 cvs HEAD (14.27 KB, patch)
2002-10-22 22:16 UTC, Colin Leroy
none Details | Review
patch adds SSL UI to r324 (18.72 KB, patch)
2007-12-15 04:53 UTC, Heikki Toivonen
none Details | Review

Description Colin Leroy 2002-03-26 17:04:57 UTC
This patch adds support for SSL (with openssl).
Apply it with -p1, run autoconf after patching and before ./configure
(patch adds an option to configure).
Comment 1 Colin Leroy 2002-03-26 17:05:57 UTC
Created attachment 7398 [details] [review]
the patch
Comment 2 Colin Leroy 2002-03-27 10:54:57 UTC
Created attachment 7409 [details] [review]
the patch (missing config.h.in in the last one)
Comment 3 Colin Leroy 2002-03-27 15:22:38 UTC
Created attachment 7411 [details] [review]
new version of the patch (correcting a hang on socket close)
Comment 4 Charles Kerr 2002-04-02 20:18:41 UTC
*** Bug 76457 has been marked as a duplicate of this bug. ***
Comment 5 Colin Leroy 2002-04-04 13:45:17 UTC
Created attachment 7550 [details] [review]
patch for last version 0.11.2.91 (-p1 as usual)
Comment 6 Colin Leroy 2002-05-12 22:46:22 UTC
Created attachment 8412 [details] [review]
patch for latest (05-13-2002) pan-0-11-fix branch
Comment 7 Colin Leroy 2002-05-12 22:46:44 UTC
Created attachment 8413 [details] [review]
patch for latest (05-13-2002) HEAD branch
Comment 8 Colin Leroy 2002-07-09 13:25:19 UTC
Hi,

some news about this one ? I could provide an updated patch (last one
causes two rejects with last cvs) if needed, although I've got
problems with autoheader stuff.
Comment 9 Christophe Lambin 2002-08-22 18:40:08 UTC
Moving enhancements to bluesky.
Comment 10 Braden 2002-10-22 03:50:49 UTC
SourceForge is using nntps now. This would be handy.
Comment 11 Christophe Lambin 2002-10-22 19:41:15 UTC
I suppose we could now add this patch in HEAD.

Colin: what's the state of this patch?  Is it updated against 0.13.1?
Comment 12 Colin Leroy 2002-10-22 22:15:45 UTC
hi
no, it wasn't... Here's a quick update lacking server-ui.c (gui)
changes  and configure doesn't output USE_SSL to config.h (although it
checks for it).

Quite no time to test/finish it more, but it should be straight-away
for you knowing gtk2 ;-)

Cheers,
Colin
Comment 13 Colin Leroy 2002-10-22 22:16:43 UTC
Created attachment 11768 [details] [review]
almost complete patch against 10/23/2002 cvs HEAD
Comment 14 Christophe Lambin 2003-07-20 21:57:49 UTC
*** Bug 117916 has been marked as a duplicate of this bug. ***
Comment 15 Christophe Lambin 2003-10-11 22:58:54 UTC
This patch is out of date (again). We should revisit this when GNet
adds support for SSL (currently under discussion in gnet-devel).
Comment 16 alexander.winston 2004-01-03 16:29:43 UTC
Bumping the priority level to High due to the attached patches.
Comment 17 Christophe Lambin 2004-02-03 22:56:37 UTC
Dropping priority again since this patch is obsolete and superseded by
the plan to use gnet for ssl (once it supports it).
Comment 18 Darren Albers 2006-07-29 21:32:42 UTC
This would be a nice feature to have post 1.0 if it is still possible.
Comment 19 longint 2007-02-01 21:53:22 UTC
I also strongly vote for NNTPS support in the very near future!

Thx a lot!
Comment 20 Heikki Toivonen 2007-07-13 22:45:35 UTC
Some ISPs (for example Comcast Cable) require username and password to read news. This is typically the same username and password as their main user account. They offer both plain and SSL connection to the newserver. Quite obviously it is a really bad idea to connect without SSL.

There don't seem to be many open source news readers with SSL support (Mozilla products being the notable exception), so it would be really great to provide SSL in Pan. While using stunnel with Pan might be suitable for the technical crowd, it is obviously not going to work for the majority of normal users (and using stunnel is an annoying hassle even for those who know how to use it).

In my experience it isn't very much work to add SSL support using OpenSSL (I've got experience adding SSL support using a Python wrapper of OpenSSL). There are some gotchas, so it is good to have pointers on what to do and not do. There is a great resource to developers who wish to use OpenSSL: "Network Security with OpenSSL" by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X.

GNet seems to be dead: http://www.gnetlibrary.org/. There have been no updates since 2005 according to the website. There are no news or plans about SSL support in GNet anywhere that I could find.

I don't know if it would be easier to add SSL support to GNet directly or to Pan, although I would suspect adding it to Pan would be easier.

I am willing to put my skills where my mouth is and help code and test, but I would need some assurances from the maintainers that this is actually something they would be willing to commit to now. The previous efforts to bring SSL into Pan seem to have been ignored.
Comment 21 Darren Albers 2007-07-13 23:53:28 UTC
Heikki,

Last year Charles began rewriting PAN using C++ and he did not use gnet when he did that.   

I /think/ Charles still considers this feature to be one of the items he would like to do but he just hasn't gotten to it.  I am guessing that part of the reason he hasn't is that many people use stunnel. He is VERY receptive to patches so if you are willing to do the work he has been great at reviewing and accepting patches (Including some hackish ones I put together;) ). 

The current version of pan is in the Gnome svn as "Pan2" and has become VERY stable over the last year and I suspect a 1.0 release is soon.   

Thanks!
Comment 22 Van Reuther 2007-07-27 12:04:44 UTC
Please add another vote to include SSL with pan. Stunnel has not worked for me yet but still trying since it's the only way.

Perhaps a bullet on the pan FAQ or link to a How-to in the meantime?
Comment 23 Heikki Toivonen 2007-12-15 04:53:15 UTC
Created attachment 100991 [details] [review]
patch adds SSL UI to r324

I did all the work on this early fall, and first did the UI part figuring it would be interesting to learn about gtk programmning.

Then I started looking at where the sockets are used so that I could switch to SSL sockets. Alas, I could not find them. It seems the whole network stack used is highly abstracted now, and I could not find any simple sockets which would be easy to change for SSL.

At that point I pretty much lost steam, since the alternative is to implement SSL using BIO pairs and do SSL in memory such that the lower level code does not even know SSL is taking place. I've done that in Python using M2Crypto. It was painful even then. I dread the thought of writing it again in C/C++.

I put in a stub that shows where this code would go, but I've been unable to get myself started on that stuff.
Comment 24 Peter Arends 2008-02-07 13:20:43 UTC
I have stunnel working with Pan ver 0.14.2,
It runs on startup from rc.local with

/usr/sbin/stunnel /etc/log.d/conf/services/stunnel.conf

Linux version RHEL 4_U6

Stunnel version

stunnel 4.05 on i686-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003

Global options
cert            = /etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
debug           = 5
key             = /etc/stunnel/stunnel.pem
pid             = /var/run/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
session         = 300 seconds
verify          = none


Here is the only contents of my stunnel.conf

cert = /etc/stunnel/symbion.pem
chroot = /var/run/stunnel/
pid = /stunnel.pid

setuid = nobody
setgid = nobody

output = /tmp/stunnel.log

client = yes

[nntps]
accept = 119
connect = ssl.usenet-news.net:443


In Pan the server name is localhost and the port is set at 119

Hope it helps in the meantime.