[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re
|
From: |
SciFi |
|
Subject: |
[Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)) |
|
Date: |
Fri, 11 Nov 2011 20:03:28 +0000 (UTC) |
|
User-agent: |
Pan/0.135 (Tomorrow I'll Wake Up and Scald Myself with Tea; GIT b2069b3 (github.com/judgefudge/pan2/master); x86_64-apple-darwin10.8.0; gcc-4.2.1 (Apple build 5666 (dot 3)); 32-bit mode) |
Hi,
Ok I think I might've figured-out one little thing.
Please bear with me here, this takes some 'splainin'. ;)
I got your GIT b2069b3 level running here.
With my aw-only setup,
I found all certs/pems from ssl-eu and ssl-us
were the very same text
matching byte-for-byte.
Now here's the odd thing.
Something to do with the file-names stored in $PAN_HOME/ssl_certs
and associated matters
I think.
If I use the pem-file-names based on the server
e.g. ssl-eu.astraweb.com.pem ,
Pan gets confused somehow
and gives the event-log msgs about having errors storing them etc.
For example, from an empty subdir there,
we only get the cert for ssl-eu (my fallback)
with a file _named_ ssl-eu.astraweb.com.pem stored there,
but we never get the cert for ssl-us (my primary)
and Pan apparently blacklists both primary & fallback
with things seemingly clogged-up 'til ya reset etc.
The other day I was using their "main" ssl server
named ssl.astraweb.com
and the cert's pem-filename based on it.
(Again this file matched byte-for-byte with ssl-eu and ssl-us.)
This began the trick I just-now discovered.
If I use their "main" name on the pem file,
e.g. ssl.astraweb.com.pem ,
and put only that file in $PAN_HOME/ssl_certs ,
Pan seems to use _that_ _same_ cert for _both_ ssl-eu and ssl-us.
(In fact we never would see the "Apply/Accept" panel in this case.)
And apparently we are then in a true-secure mode
for _both_ of their nodes.
(But again I never know if we "really" are secure;
we really do need to have a sure-fire test for that, somehow,
to let the Pan-user know beyond any doubt.)
It might be that the pem file needs to match
the "officially registered" names for the certs.
And for Pan keep track of that gook, somehow. ;)
I have yet to figure this out for gn and gmane,
and my "mixed" gn+aw setup,
but I think this is the crux of the matter
at least as present with your b2069b3 code.
Does this make any sort of sense at all?
(honestly asking)
- Re: [Pan-devel] ANN: SSL Support, (continued)
- Re: [Pan-devel] ANN: SSL Support, Heinrich Müller, 2011/11/07
- Re: [Pan-devel] ANN: SSL Support, Darren A, 2011/11/07
- Re: [Pan-devel] ANN: SSL Support, SciFi, 2011/11/08
- Re: [Pan-devel] ANN: SSL Support, Heinrich Müller, 2011/11/09
- [Pan-devel] at bb11b8e now: no crash, but still no cigar (Re: ANN: SSL Support), SciFi, 2011/11/09
- Re: [Pan-devel] at bb11b8e now: no crash, but still no cigar (Re: ANN: SSL Support), Heinrich Müller, 2011/11/10
- [Pan-devel] at af30a8b is closer: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), SciFi, 2011/11/10
- Re: [Pan-devel] at af30a8b is closer: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), Duncan, 2011/11/11
- Re: [Pan-devel] at af30a8b is closer: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), Heinrich Mueller, 2011/11/11
- Re: [Pan-devel] at af30a8b is closer: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), Heinrich Müller, 2011/11/11
- [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)),
SciFi <=
- Re: [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)), Heinrich Mueller, 2011/11/11
- Re: [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)), SciFi, 2011/11/11
- Re: [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)), SciFi, 2011/11/11
- Re: [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)), Heinrich Mueller, 2011/11/12
- Re: [Pan-devel] at b2069b3 now -- I think I figured-out one little thing (Re: ANN: SSL Support)), Heinrich Mueller, 2011/11/12
- [Pan-devel] at GIT 6ffb80b still the same here: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), SciFi, 2011/11/16
- Re: [Pan-devel] at GIT 6ffb80b still the same here: seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), Heinrich Müller, 2011/11/18
- [Pan-devel] at GIT 7e49a9b still the same here, plus some research I've done (seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), SciFi, 2011/11/18
- [Pan-devel] still at GIT 7e49a9b, still the same here, plus some MORE research I've done (seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), SciFi, 2011/11/21
- Re: [Pan-devel] still at GIT 7e49a9b, still the same here, plus some MORE research I've done (seems AW works, but not GN nor Gmane (Re: ANN: SSL Support)), Duncan, 2011/11/22