sasl.conf: Possible bad man-page and sample
Felix E. Klee
felix.klee at inka.de
Thu Nov 25 18:49:52 UTC 2004
Hi,
two possible bugs concerning nnrp over SSL (INN 2.4.1):
1. man page sasl.conf(5):
In the key certificate creation example, the parameter "-keyout
/usr/local/news/lib/cert.pem" should be replaced by -keyout
/usr/local/news/lib/key.pem". Also, in addition, the paths should be
matched with those in the sample sasl.conf. The chown- and
chmod-lines should also be adapted. In a nutshell, a working example
could be this:
openssl req -new -x509 -nodes -out /usr/lib/news/lib/cert.pem\
-days 366 -keyout /usr/lib/news/lib/key.pem
chown news:news /usr/lib/news/lib/cert.pem
chmod 640 /usr/lib/news/lib/cert.pem
chown news:news /usr/lib/news/lib/key.pem
chmod 600 /usr/lib/news/lib/key.pem
2. Sample /etc/news/sasl.conf:
Also, the line
tls_key_file: /usr/lib/news/lib/cert.pem
should be replaced by
tls_key_file: /usr/lib/news/lib/key.pem
Note that I have close to no experience with setting up SSL encryption.
However, the above flaws just seem obvious to me.
BTW, it would also be nice if there were a little tutorial for setting
up SSL support for INN. For example, it took me quite some time to
figure out how to set up inetd. Here's what I currently have in my
inetd.conf:
# NNTP via SSL
nntps stream tcp nowait news /usr/lib/news/bin/nnrpd /usr/lib/news/bin/nnrpd -S
Felix
More information about the inn-bugs
mailing list