[Pan-devel] at af30a8b is closer: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support))

[SciFi]

Hi,

I am now at your GIT af30a8b master.

I ran three separate tests:
1 - gn+aw (but aw=0, effectively only gn)
2 - aw-only
3 - gmane


-*- 1. -*-

I configured the gn & aw servers for their SSL connections etc.
But I put the #-sessions for aw to '0' to use only gn this time.

I made sure the $PAN_HOME/ssl_certs subdir was empty for this setup.

Then started Pan.  Here is what I did & saw on terminal/console:
>>>>
$ pan
[…I added a "Refresh Group List" to the queue,
  then put Pan on-line…
  …1 item is showing in the queue…]
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA

[…meaning I got only one cert panel for gn,
  I clicked the 'Apply' button on it…]
[…waited a bit…]
[…nothing else happening,
  with 1 item still showing in the queue
  and "No Connections"…]
[Ctrl+Q]

$ ls -al $PAN_HOME/ssl_certs
total 4
drwxr-xr-x 2 scifi staff  102 Nov 10 12:18 .
drwxr-xr-x 7 scifi staff 1020 Nov 10 12:19 ..
-rw------- 1 scifi staff 1440 Nov 10 12:18 news.giganews.com.pem

[…nothing for aw this time of course…]
<<<<

The Event Log for this session said same thing as before,
>>>>
[date-time] Succesfully added 1 SSL PEM certificate(s) to Certificate Store.
[date-time] Error adding certificate of server 'news.giganews.com' to 
Certificate Store
<<<<
yes both msgs despite the new file shown
(which looks okay to me i.e. a proper PEM file AFAICT).  ;)


-*- 2. -*-

I have an aw-only setup also here.
It seems to work with your GIT af30a8b master.
(PAN_HOME is set to a different place than above)
I made sure the $PAN_HOME/ssl_certs subdir was empty for this setup.
>>>>
$ pan
[…added a "Refresh Group List" item to the queue,
  then put Pan on-line…]
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy 
Validation Authority/CN=http://www.valicert.com//address@hidden

/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy 
Validation Authority/CN=http://www.valicert.com//address@hidden

[…I think the cert/Apply panel only showed once…]
[…it then did run the "Refresh Group List"
  and also I fetched new-headers for the subscribed groups
  and I could actually see/read some text posts
  etc…]

[Ctrl+Q]

$ ls -al $PAN_HOME/ssl_certs
total 4
drwxr-xr-x 2 scifi staff  102 Nov 10 12:48 .
drwxr-xr-x 5 scifi staff  680 Nov 10 12:51 ..
-rw------- 1 scifi staff 1066 Nov 10 12:48 ssl.astraweb.com.pem
<<<<
And there are no errors shown in this Event Log.

Later I set the aw servers to use specifically
- ssl-us.astraweb.com (primary)
- ssl-eu.astraweb.com (fallback)
and had these fetch new-headers etc.
but it still has the single PEM file there.


-*- 3. -*-

Now the test with gmane ssl.
Completely separate PAN_HOME again.

No worky.

Its $PAN_HOME/ssl_certs subdir empty.
>>>>
$ pan
[…added a "Refresh Group List",
  shows 1 item in the queue…]
/C=NO/ST=Some-State/L=Oslo/O=Gmane/CN=news.gmane.org/address@hidden

/C=NO/ST=Some-State/L=Oslo/O=Gmane/CN=news.gmane.org/address@hidden

/C=NO/ST=Some-State/L=Oslo/O=Gmane/CN=news.gmane.org/address@hidden

/C=NO/ST=Some-State/L=Oslo/O=Gmane/CN=news.gmane.org/address@hidden

[…it presented the gmane cert twice (not four),
  clicked 'Apply' on them…]
[…waited a bit…]
[…nothing further,
  still 1 item in the queue
  and "No Connections"…]
[…saved the Event Log…]
[Ctrl+Q]
<<<<

There is a PEM stored:
>>>>
$ ls -al $PAN_HOME/ssl*
total 4
drwxr-xr-x 2 scifi admin  102 Nov 10 13:04 .
drwxr-xr-x 8 scifi admin  782 Nov 10 13:05 ..
-rw------- 1 scifi admin 1208 Nov 10 13:04 80.91.229.10.pem
<<<<

The Event Log only shows this one error:
>>>>
[date-time] Error adding certificate of server '80.91.229.10' to Certificate 
Store
<<<<
however no "Successful" line at all was recorded there.


-*- epilogue -*-

I ran each test separately,
no multiple Pan tasks this time.

I guess I'll await further instructions from you.  ;)

Meanwhile I will use plaintext modes
and/or use stunnel (admittedly not so fast anymore).