Re: pan nntp via stunnel.

To: peter@easthope.ca
Cc: debian-user@lists.debian.org
Subject: Re: pan nntp via stunnel.
From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 26 May 2023 18:14:11 -0400
Message-id: <[🔎] CAH8yC8kHyCGEJLNwpUTRNJ6ofk2Cqvp=B8SfVykqw6564ogatg@mail.gmail.com>
Reply-to: noloader@gmail.com
In-reply-to: <[🔎] 20230526154143.B693020526@bendel.debian.org>
References: <[🔎] 20230526154143.B693020526@bendel.debian.org>

On Fri, May 26, 2023 at 11:57 AM <peter@easthope.ca> wrote:
>
> https://wiki.debian.org/Pan states,
>
> " ... to generate a RSA Private Key
> #openssl genrsa -out priv.pem
>
> Generate Certificate
> #openssl req -new -x509 -key priv.pem -out stunnel.pem -days 1095"
>
> No problem.  I put the two files in /etc/stunnel/.
>
> Then,
> "combine priv.pem with stunnel.pem"
>
> What is meant by combine?  Is there a syntax to put the private and
> public keys in one file?

Stepping back, I _think_ you are using Pan in client mode. That is,
simply as a reader. In this configuration, Stunnel is merely a SSL
gateway, and Pan talks to Stunnel in plaintext. Stunnel makes the
request to the NNTP server using TLS. So you don't need the server
stuff, like a X.509 certificate.

I think that's why the wiki page says, "Certificate/key is needed in
server mode and optional in client mode."

If you use a certificate in client mode, it will likely mean using TLS
on localhost comms between Pan and Stunnel.

Jeff

Reply to:

Follow-Ups:
- Re: pan nntp via stunnel.
  - From: peter@easthope.ca

References:
- pan nntp via stunnel.
  - From: peter@easthope.ca

Prev by Date: Re: ar8161 gigabit Ethernet drivers
Next by Date: Re: os-prober Just a Rant
Previous by thread: Re: pan nntp via stunnel.
Next by thread: Re: pan nntp via stunnel.
Index(es):
- Date
- Thread