[inn-workers] Inn 2.4.5: Openssl error when using perl_access function

Julien ÉLIE julien at trigofacile.com
Wed Sep 17 17:59:30 UTC 2008


Hi Jonathan,

>> And with nnrpd launched with that:
>>
>>     nnrpd -D -c /news/etc/readers2.conf -p 563 -S
>
> Hrm. As user news, this line doesn't work.

Oh, yes, you're quite right:  INN 2.4 cannot bind to port 563 as user news
(contrary to INN 2.5 which can).

In fact, I did my test with INN 2.4.5 on another port and this command
works as user news:

./nnrpd -D -c /home/news/work/testserver/etc/readers-ssl.conf -p 5630 -S



And I'm sorry I cannot reproduce your problem on my Linux (i686) with:
libperl5.8 (5.8.8-7etch3)
libssl0.9.8 (0.9.8c-4etch3)

Maybe AIX is in cause (?)



/home/news/work/testserver/etc/readers-ssl.conf:

auth "users-ssl" {
    hosts: "*"
    auth: "ckpasswd -f /home/news/work/testserver/etc/users-ssl"
    perl_access: "/home/news/work/testserver/bin/filter/nnrpd_access.pl"
}

access "users-ssl" {
}



/home/news/work/testserver/bin/filter/nnrpd_access.pl:

#! /usr/bin/perl
require '/home/news/work/testserver/lib/innshellvars.pl';

sub access {
    my %return_hash;
    $return_hash{"read"} = 'news.software.nntp';
    return %return_hash;
}




19:41 news at trigofacile ~/work/testserver/bin% openssl s_client -connect localhost:5630
CONNECTED(00000003)
depth=0 /C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
 0 s:/C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
   i:/C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJAMjp5+4LNkGJMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkZSMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDgwOTE3MTczMjUzWhcNMDkwOTE4MTczMjUzWjBF
MQswCQYDVQQGEwJGUjETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCpQkH56CziyODMucHX5sVuKbyPI9ou8AjGRw5mIzhQlE7PHUeDSJGpCgqzP0jR
7EGVmnM7X5MY/ks4MjZyUBQdT29XrIeSL8yX/iZE8b5RBfPrgL8xf/FouTNmX3Fm
IVu2WI0CVWkRiSlKcT9TSZqwfB9wCDS7AHyCAQ3N/htwjwIDAQABo4GnMIGkMB0G
A1UdDgQWBBQPp/0PLWHK1R5bBZ2U+LyPMl9RqjB1BgNVHSMEbjBsgBQPp/0PLWHK
1R5bBZ2U+LyPMl9RqqFJpEcwRTELMAkGA1UEBhMCRlIxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMjp5+4L
NkGJMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAT47d1Xe167k7jtFY
jQafxFye/Sr14OEwVEpUsN+Xdtssv6+BJMAMCnDdx8XiMJschbEnFY1mez3eE3bn
eIlj8jIfnZUNWlBv/Nq9HeUHFHsggbO6dajiaBzIpkj+iTrYHgz2AG/mZVAjNJFm
xBUq+sXGaIKN/NSYbo8IPEI5bE4=
-----END CERTIFICATE-----
subject=/C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=FR/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1256 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 180073B5F65272224B58F06A05DD90BC1E9AD15F395DCD35AAA7157C74D205F0
    Session-ID-ctx:
    Master-Key: DE06E85FE559DE055BE1C4331452C37B1F036224518CD928FF9E77ADF519D2A85987CDFFFFC0AA860C29F28AE2520A97
    Key-Arg   : None
    Start Time: 1221673283
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
201 test-inn-2.4.5 InterNetNews NNRP server INN 2.4.5 (20080629 prerelease) ready (no posting).
LIST
480 Authentication required for command
AUTHINFO USER test
381 PASS required
AUTHINFO PASS test
281 Ok
LIST
215 Newsgroups in form "group high low flags".
news.software.nntp 0000004989 0000000001 y
.
QUIT
205 .
closed



-- 
Julien ÉLIE

« Ordinateur : moyen conçu pour accélérer et automatiser les erreurs. » 



More information about the inn-workers mailing list