Setup SSL with inn

Kenichi Okada okada at opaopa.org
Wed Aug 29 16:16:58 UTC 2001


In the message <Pine.LNX.4.33.0108291144520.17124-100000 at marduk.litech.org>
"Jeffrey M. Vinocur" <jeff at litech.org> wrote:

> > Do I
> > need make modification on inn.conf in order to make innd run nnrpd -S ?

> If you want to only allow SSL connections I think you have to put innd on
> a different port (433 is usual) and spawn nnrpd -S out of xinetd (or using
> nnrpd daemon mode).  Alternatively you can use the nntps port (563) for
> SSL nntp connections, similarly with xinetd or daemon mode.

I wrote a little patch for daemontools (http://cr.yp.to/daemontools.html).
When nnrpd starts with '-f', nnrpd does not fork.

For example.

/service/nnrpd/run:
#!/bin/sh
exec 2>&1
exec /usr/news/bin/nnrpd -D -f -S -p 563

-- 
Kenichi Okada
mailto:okada at opaopa.org

*** nnrpd/nnrpd.c-orig	Thu Aug 30 01:08:42 2001
--- nnrpd/nnrpd.c	Thu Aug 30 00:58:27 2001
***************
*** 84,89 ****
--- 84,90 ----
  #endif	/* !defined(_HPUX_SOURCE) */
  STATIC sig_atomic_t	ChangeTrace;
  BOOL	DaemonMode = FALSE;
+ BOOL	ForeGroundMode = FALSE;
  #if HAVE_GETSPNAM
  STATIC char	*ShadowGroup;
  #endif
***************
*** 780,788 ****
      if (ReadInnConf() < 0) exit(1);
  
  #ifdef HAVE_SSL
!     while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:tS")) != EOF)
  #else
!     while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:t")) != EOF)
  #endif /* HAVE_SSL */
  	switch (i) {
  	default:
--- 781,789 ----
      if (ReadInnConf() < 0) exit(1);
  
  #ifdef HAVE_SSL
!     while ((i = getopt(argc, argv, "b:Dfi:g:op:Rr:s:tS")) != EOF)
  #else
!     while ((i = getopt(argc, argv, "b:Dfi:g:op:Rr:s:t")) != EOF)
  #endif /* HAVE_SSL */
  	switch (i) {
  	default:
***************
*** 797,802 ****
--- 798,806 ----
   	case 'D':			/* standalone daemon mode */
   	    DaemonMode = TRUE;
   	    break;
+  	case 'f':			/* Don't fork on daemon mode */
+  	    ForeGroundMode = TRUE;
+  	    break;
  #if HAVE_GETSPNAM
  	case 'g':
  	    ShadowGroup = optarg;
***************
*** 928,939 ****
  	}
  
  	/* Detach */
! 	if ((pid = fork()) < 0) {
  	    fprintf(stderr, "%s: can't fork: %s\n", argv[0], strerror(errno));
  	    syslog(L_FATAL, "cant fork: %m");
  	    exit(1);
! 	} else if (pid != 0) 
  	    exit(0);
  
  	setsid();
  
--- 932,945 ----
  	}
  
  	/* Detach */
! 	if (!ForeGroundMode) {
! 	  if ((pid = fork()) < 0) {
  	    fprintf(stderr, "%s: can't fork: %s\n", argv[0], strerror(errno));
  	    syslog(L_FATAL, "cant fork: %m");
  	    exit(1);
! 	  } else if (pid != 0) 
  	    exit(0);
+ 	}
  
  	setsid();
  
*** doc/man/nnrpd.8-orig	Thu Aug 30 01:02:34 2001
--- doc/man/nnrpd.8	Thu Aug 30 01:08:05 2001
***************
*** 11,16 ****
--- 11,19 ----
  .B \-D
  ]
  [
+ .B \-f
+ ]
+ [
  .BI \-g " shadowgroup"
  ]
  [
***************
*** 101,106 ****
--- 104,115 ----
  once on startup and never again until restarted.
  .I nnrpd
  should therefore be restarted if inn.conf is changed.
+ .TP
+ .B \-f
+ If specified,
+ .I nnrpd
+ does not detache itself and runs in the foreground
+ when started as a standalone daemon using the ``\-D'' flag.
  .TP
  .B \-g
  On systems that have a shadow password file,


More information about the inn-workers mailing list