[inn-workers] Inn 2.4.5: Openssl error when using perl_access function

Jonathan Siegle jsiegle at psu.edu
Wed Sep 17 13:57:46 UTC 2008


Julien ÉLIE said the following on 9/16/08 4:48 PM:
> Hi Jonathan,
> 
>> I'm attempting to use perl_access to dynamically set groups after a user logs in using authinfo commands over port 563.
> 
> This error never happens for other commands?

I believe so. I've tried some basic commands(list/mode/date/group and 
don't get the error. I had hoped that I just wasn't setting a variable 
in readers2.conf or some such.

> Only just after AUTHINFO when perl_access is set?  (Also python_access?
> or perl_auth?)
> 
I can look into writing those, I just haven't a need.

> 
>> I'm printing lots and lots of debug to syslog. It sure looks like it gets out of my perl code but then it dies.
> 
> Yes, the Perl hook has finished and the whole authentication process
> just after:
> 
>> Sep 16 15:14:21 tr22n12 user:notice tr22n12.aset.psu.edu: cider.aset.psu.edu user tstem38
> [...]
>> 281 Ok
> 
> 
>> 20996:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:286:
>> [cider.aset.psu.edu:/Users/jonathansiegle]
> 
> It looks like more a SSL bug than another thing...
> I tried to reproduce the error with perl_access too but I do not have
> such a SSL problem.
> 
> OpenSSL> version
> OpenSSL 0.9.8c 05 Sep 2006
> 

Thanks. I've recompiled with this version. Still no dice.

> 
> 
>     http://www.globus.org/mail_archive/gt-user/2008/01/msg00057.html
> Apache -> when the proxy_connect module starts to send data because
> proxy_connect is writing to the socket directly instead of going through the
> filter stack. Because it skips the filter stack, the SSL module doesn't get
> called and the data is sent in the clear.
> 
>     http://www.nntp.perl.org/group/perl.qpsmtpd/2006/06/msg5205.html
> SMTP -> it looks like s_client isn't clearing the buffer after the last read
> 
> 
> 
> Hmmm...  Does the same thing occur if you connect with a news reader?
> 
Tbird version 2.0.0.16 doesn't give me the openssl error. It just sits 
there until a timeout is reached. That is what prompted me to use openssl.

> And with nnrpd launched with that:
> 
>     nnrpd -D -c /news/etc/readers2.conf -p 563 -S
> 
Hrm. As user news, this line doesn't work.


# su news -c '/news/bin/nnrpd -D -c /news/etc/readers2.conf -p 563 -S'
/news/bin/nnrpd: can't bind (Permission denied)
tr22n12# ls -lt /news/bin/nnrpd
-r-xr-xr-x   1 news     news        3596092 Sep 17 08:21 /news/bin/nnrpd

netstat/telnet confirms that nothing is listening on the nntps port.

Software:
AIX 5.3
inn 2.4.5
openssl 0.9.8c

thanks,
Jonathan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3485 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20080917/be1bb3ea/attachment.bin>


More information about the inn-workers mailing list