INN 2.5.1-1 on Ubuntu 10.04 does not support SSL

Julien ÉLIE julien at trigofacile.com
Sat Sep 4 07:46:55 UTC 2010


Hi Alexander,

> The /usr/lib/news/bin/nnrpd-ssl that comes with package inn2 is broken.
> Thunderbird reports error ssl_error_rc_record_too_long when it tries
> to open a connection. The logfiles show now nothing.
> Starting the programm manually produces a core dump.
>
> # /usr/lib/news/bin/nnrpd-ssl -n -t -c /etc/news/readers.conf -S
> Segmentation fault

I do not know well what happened with the Ubuntu/Debian package
as for TLS support.  Perhaps an issue with the TLS libraries
(because otherwise nnrpd would just not launch:  "-S" is unknown
if HAVE_SSL is undefined).

I saw in March the problem you report for Ubuntu:
    https://bugs.launchpad.net/ubuntu/+source/inn2/+bug/535208

And there was another one in Debian (but here, "-S" is clearly
said to be unknown):
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581937


As far as I recall, no change has been recently done in TLS support
except this one in INN 2.5.1:
    The default path for TLS certificates has changed from pathnews/lib
    to pathetc.  It only affects new INN installations or generations
    of certificates with make cert.  Besides, a default value has been
    added to tlscapath because it is required by nnrpd when TLS is used.

Please check whether it is configures correctly.
Though I do not understand a segfault because of that.  nnrpd should just
log an error of unknown file and close.  (At least, it was the behaviour
I noticed.)



> As a workaround I retrieved the latest source of INN 2.6.x from subversion
> and built it. The resulting nnrpd works fine. That is, I am now using the
> stock INN shipped by Ubuntu together with a custom built nnrpd.

Doesn't "Maverick (2.5.2-1)" work better?
I believe 2.5.2-2 should be included in Ubuntu (there is probably the "-S"
issue in 2.5.2-1).



> The only problem is that the new nnrpd does not produce a X-Trace header
> so I have to create a synthetic one in filter_nnrpd.pl.

It is a deprecated header field.
I would suggest that you retrieve inn-2.5.1.tar.gz at <http://ftp.isc.org/isc/inn/>
and you compile it.  nnrpd should work fine with it!

Or inn-2.5.2.tar.gz (if the 2.5.2-1 Ubuntu package does not work fine).


It is better to remain in the 2.5.x branch because unexpected results
may occur (slightly changes in global innd+nnrpd behaviour may exist...).
STABLE snapshots would probably be fine but I still recommend the real
official version 2.5.1 in your case.

-- 
Julien ÉLIE

« Impossible n'est pas gaulois, les amis ! » (Distributiondesprix) 




More information about the inn-workers mailing list