pan-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-users] ssl/tls certificate handling?

From: walt
Subject: Re: [Pan-users] ssl/tls certificate handling?
Date: Tue, 23 Feb 2016 16:02:23 -0800 
On Tue, 23 Feb 2016 21:08:17 +0100
Detlef Graef <address@hidden> wrote:

> Am 23.02.2016 um 18:15 schrieb Detlef Graef:
> 
> > Am 23.02.2016 um 04:43 schrieb walt:
> >   
> >> I'm running the latest pan from git with gnutls support and I'm a
> >> bit confused about how pan is saving the server certs.  If you
> >> have a news server that supports ssl/tls connections, could you
> >> look in your ~/.pan2/ssl_certs directory for any files and check
> >> to make sure they are stored correctly?
> >>
> >> They should be .pem files, which are plain text files containing
> >> lines like -----BEGIN CERTIFICATE----- followed by a bunch of text
> >> garbage, followed by -----END CERTIFICATE-----.  
> > 
> > I've configured three servers, two servers with TSL/SSL encryption.
> > The directory ~/.pan2/ssl_certs was empty.
> > 
> > The check-box "Always trust the servers certificate" was enabled.
> > I've disabled the check-box and restarted pan. Then I was asked to
> > confirm the certificate. A six byte file was saved at
> > ~/.pan2/ssl_certs.
> > 
> > The option "Always trust the servers certificate" is set if the
> > certificate is confirmed.  
> 
> Just an update:
> 
> The above behavior was on Fedora Linux.
> 
> On MS Windows (Pan 0.140) the file with the certificate is ok.
> 
> Maybe this bug is related to the C++11 ABI change in GCC5.

I'm still using gcc-4.9.3 and seeing the same bug, unfortunately.

I've tried pan on fedora, arch and gentoo and the breakage is always
the same:  the .pem file is six bytes long.  The connection to the
server is actually encrypted, at least, so the bug is in the code that
exports the cert after pan downloads it.

The pertitent code is in pan/data/cert-store.cc at line 352, and it
includes an interesting comment from Heinrich:

        size_t outsize;
        /* make up for dumbness of this function */

        gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM, NULL,
        &outsize); char* out = new char[outsize];

        gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM, out,
        &outsize);

        fputs((const char*) out, fp);

Perhaps Heinrich will read this thread and make another comment, I
hope :)

Another, different bug is in the dialog box for editing the certs
("Edit/Edit SSL Certificates").  It crashes pan every time but I don't
know why.  Can anyone reproduce this?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]