Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Mixmin] Did a certificate expire recently?
39 views
Skip to first unread message
Arlen Holder
Apr 24, 2020, 4:13:30 AM4/24/20
to
[Mixmin] Did a certificate expire recently?
stunnel.log
Service [nntp] accepted connection from 127.0.0.1:57364
s_connect: connected 144.76.182.167:563
Service [nntp] connected remote server from 10.211.1.81:57365
OCSP: Connecting the AIA responder "http://isrg.trustid.ocsp.identrust.com"
s_connect: connected 119.207.65.153:80
OCSP: OCSP_sendreq_nbio: crypto/ocsp/ocsp_ht.c:260: error:27076072:OCSP routines:parse_http_line1:server response error
Rejected by OCSP at depth=1: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
SSL_connect: ssl/statem/statem_clnt.c:1919: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
stunnel.log
Service [nntp] accepted connection from 127.0.0.1:57364
s_connect: connected 144.76.182.167:563
Service [nntp] connected remote server from 10.211.1.81:57365
OCSP: Connecting the AIA responder "http://isrg.trustid.ocsp.identrust.com"
s_connect: connected 119.207.65.153:80
OCSP: OCSP_sendreq_nbio: crypto/ocsp/ocsp_ht.c:260: error:27076072:OCSP routines:parse_http_line1:server response error
Rejected by OCSP at depth=1: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
SSL_connect: ssl/statem/statem_clnt.c:1919: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Arlen Holder
Apr 24, 2020, 5:32:32 AM4/24/20
to
If Steve requires this, here is the stunnel configuration file for mixmin:
stunnel.conf
; Mixmin Server:Port = 127.0.0.1:1119
; Mixmin Username/Password = <blank>/<blank>
[nntp]
client = yes
accept = 127.0.0.1:1119
connect = news.mixmin.net:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.mixmin.net
OCSPaia = yes
stunnel.conf
; Mixmin Server:Port = 127.0.0.1:1119
; Mixmin Username/Password = <blank>/<blank>
[nntp]
client = yes
accept = 127.0.0.1:1119
connect = news.mixmin.net:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.mixmin.net
OCSPaia = yes
A. non Eyemouse
Apr 25, 2020, 2:04:20 PM4/25/20
to
openssl s_client -showcerts -connect news.mixmin.net:563 </dev/null |\
openssl x509 -enddate -noout
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = news.mixmin.net
verify return:1
DONE
notAfter=Jun 26 19:57:30 2020 GMT
--
Mouse.
Where Morse meets House.
😉 Good Guy 😉
Apr 25, 2020, 3:17:45 PM4/25/20
to
Life's too short to worry about these things!! Just enjoy and troll while you it is still working!
--
With over 1.2 billion
devices now running Windows 10, customer satisfaction is higher
than any previous version of windows.
Arlen Holder
Apr 25, 2020, 6:03:28 PM4/25/20
to
In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
>> stunnel.conf
>> ; Mixmin Server:Port = 127.0.0.1:1119
>> ; Mixmin Username/Password = <blank>/<blank>
>> [nntp]
>> client = yes
>> accept = 127.0.0.1:1119
>> connect = news.mixmin.net:563
>> verifyChain = yes
>> CAfile = ca-certs.pem
>> checkHost = news.mixmin.net
>> OCSPaia = yes
>
> Appears to have been renewed.
>
> openssl s_client -showcerts -connect news.mixmin.net:563 </dev/null |\
> openssl x509 -enddate -noout
>
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = news.mixmin.net
> verify return:1
> DONE
> notAfter=Jun 26 19:57:30 2020 GMT
Thank you for being a purposefully helpful person on this newsgroup,
which, unfortunately, is a rarity (although purposefully helpful
people do exist, and you proved that to be the case!).
I will save your certificate checking method for the future!
o My stunnel log is now reporting success with mixmin.
...
Service [nntp] accepted connection from 127.0.0.1:59669
s_connect: connected 144.76.182.167:563
Service [nntp] connected remote server from 10.239.7.117:59670
OCSP: Certificate accepted
OCSP: Connecting the AIA responder "http://ocsp.int-x3.letsencrypt.org"
s_connect: connected 104.109.129.57:80
OCSP: Certificate accepted
Certificate accepted at depth=0: CN=news.mixmin.net
SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
Connection reset: 912 byte(s) sent to TLS, 320 byte(s) sent to socket
...
--
There are few adults on Usenet but those that remain are the best there is!
>> stunnel.conf
>> ; Mixmin Server:Port = 127.0.0.1:1119
>> ; Mixmin Username/Password = <blank>/<blank>
>> [nntp]
>> client = yes
>> accept = 127.0.0.1:1119
>> connect = news.mixmin.net:563
>> verifyChain = yes
>> CAfile = ca-certs.pem
>> checkHost = news.mixmin.net
>> OCSPaia = yes
>
> Appears to have been renewed.
>
> openssl s_client -showcerts -connect news.mixmin.net:563 </dev/null |\
> openssl x509 -enddate -noout
>
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = news.mixmin.net
> verify return:1
> DONE
> notAfter=Jun 26 19:57:30 2020 GMT
which, unfortunately, is a rarity (although purposefully helpful
people do exist, and you proved that to be the case!).
I will save your certificate checking method for the future!
o My stunnel log is now reporting success with mixmin.
...
Service [nntp] accepted connection from 127.0.0.1:59669
s_connect: connected 144.76.182.167:563
Service [nntp] connected remote server from 10.239.7.117:59670
OCSP: Connecting the AIA responder "http://isrg.trustid.ocsp.identrust.com"
s_connect: connected 104.109.129.25:80
OCSP: Certificate accepted
OCSP: Connecting the AIA responder "http://ocsp.int-x3.letsencrypt.org"
s_connect: connected 104.109.129.57:80
OCSP: Certificate accepted
Certificate accepted at depth=0: CN=news.mixmin.net
SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
Connection reset: 912 byte(s) sent to TLS, 320 byte(s) sent to socket
...
--
There are few adults on Usenet but those that remain are the best there is!
A. non Eyemouse
Apr 25, 2020, 6:38:41 PM4/25/20
to
On 2020-04-25, Arlen Holder <arlen...@anyexample.com> wrote:
> Thank you for being a purposefully helpful person on this newsgroup,
> which, unfortunately, is a rarity (although purposefully helpful
> people do exist, and you proved that to be the case!).
>
> I will save your certificate checking method for the future!
> o My stunnel log is now reporting success with mixmin.
> ...
> Service [nntp] accepted connection from 127.0.0.1:59669
> s_connect: connected 144.76.182.167:563
> Service [nntp] connected remote server from 10.239.7.117:59670
> OCSP: Connecting the AIA responder "http://isrg.trustid.ocsp.identrust.com"
> s_connect: connected 104.109.129.25:80
> OCSP: Certificate accepted
> OCSP: Connecting the AIA responder "http://ocsp.int-x3.letsencrypt.org"
> s_connect: connected 104.109.129.57:80
> OCSP: Certificate accepted
> Certificate accepted at depth=0: CN=news.mixmin.net
> SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
> Connection reset: 912 byte(s) sent to TLS, 320 byte(s) sent to socket
> ...
I didn't see what OS you are running this on but (as you are no doubt
> Thank you for being a purposefully helpful person on this newsgroup,
> which, unfortunately, is a rarity (although purposefully helpful
> people do exist, and you proved that to be the case!).
>
> I will save your certificate checking method for the future!
> o My stunnel log is now reporting success with mixmin.
> ...
> Service [nntp] accepted connection from 127.0.0.1:59669
> s_connect: connected 144.76.182.167:563
> Service [nntp] connected remote server from 10.239.7.117:59670
> OCSP: Connecting the AIA responder "http://isrg.trustid.ocsp.identrust.com"
> s_connect: connected 104.109.129.25:80
> OCSP: Certificate accepted
> OCSP: Connecting the AIA responder "http://ocsp.int-x3.letsencrypt.org"
> s_connect: connected 104.109.129.57:80
> OCSP: Certificate accepted
> Certificate accepted at depth=0: CN=news.mixmin.net
> SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
> Connection reset: 912 byte(s) sent to TLS, 320 byte(s) sent to socket
> ...
aware) you can turn up the logging level in Stunnel for debugging
purposes but sometimes it still isn't very helpful. Just happens today
I've been re-building my copies of 5.56 that I use on Windows as OpenSSL
updated to 1.1.1g.
LetsEncrypt is great but the certificates only last for three months.
Arlen Holder
Apr 26, 2020, 4:31:45 AM4/26/20
to
In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
> I didn't see what OS you are running this on but (as you are no doubt
> aware) you can turn up the logging level in Stunnel for debugging
> purposes but sometimes it still isn't very helpful.
Thank you for your purposefully helpful information on Stunnel logs where,
> aware) you can turn up the logging level in Stunnel for debugging
> purposes but sometimes it still isn't very helpful.
yes, I am aware, in general, of log levels, but the whole time I figured
the problem was on the mixmin side (and it was) simply because I had changed
nothing in the interim between working and not working (& back to working)
> Just happens today I've been re-building my copies of 5.56 that I use on
> Windows as OpenSSL updated to 1.1.1g.
I searched and found almost too many Windows binaries to choose from:
<https://wiki.openssl.org/index.php/Binaries>
For example, a quick skim found more than I had wanted to choose from:
o <http://gnuwin32.sourceforge.net/packages/openssl.htm>
o <https://www.openssl.org/>
o <https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-in-64-bit/>
o <https://www.osradar.com/install-openssl-windows/>
o <https://slproweb.com/products/Win32OpenSSL.html>
o <https://sourceforge.net/projects/openssl/>
etc.
After installing & googling for syntax examples, this worked:
echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
Which confirmed the result you obtained of:
notAfter=Jun 26 19:57:30 2020 GMT
Given Usenet is a huge public helpdesk, the great news is now I can use
that command in the future for self-help debugging of a server certificate:
echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
echo q | openssl s_client -connect news.eternal-september.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
echo q | openssl s_client -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
etc.
This worked for mixmin & eternal september, but, unfortunately, not dizum:
o mixmin = notAfter=Jun 26 19:57:30 2020 GMT
o eternal-september = notAfter=Jun 13 09:09:38 2020 GMT
o dizum = unable to load certificate
Are there any other free newsservers we can test with this command?
> LetsEncrypt is great but the certificates only last for three months.
to check the known handful of free servers' encryption, e.g., pseudocode...
for servers named {news.mixmin.net,news.dizum.net,news.eternal-september.org}
echo q | openssl s_client -connect %servers%:563 | openssl x509 -noout -enddate | findstr "notAfter"
if enddate < currentdate then print "Warning: %server% cert EXPIRED!'
endloop
Thanks again for helpfully confirming the mixmin certificate had expired.
Next time I can check the expiry date for myself, and others can benefit
from this information to do the same.
--
Each thread on Usenet should add value to our combined tribl knowledge.
A. non Eyemouse
Apr 26, 2020, 6:36:11 AM4/26/20
to
On Sun, 26 Apr 2020 14:01:43 +0530
Arlen Holder <arlen...@anyexample.com> wrote:
> In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
>
> > I didn't see what OS you are running this on but (as you are no
> > doubt aware) you can turn up the logging level in Stunnel for
> > debugging purposes but sometimes it still isn't very helpful.
>
> Thank you for your purposefully helpful information on Stunnel logs
> where, yes, I am aware, in general, of log levels, but the whole time
> I figured the problem was on the mixmin side (and it was) simply
> because I had changed nothing in the interim between working and not
> working (& back to working)
>
> > Just happens today I've been re-building my copies of 5.56 that I
> > use on Windows as OpenSSL updated to 1.1.1g.
>
> I didn't have openssl in my Windows software archives, so to add it,
> I searched and found almost too many Windows binaries to choose from:
> <https://wiki.openssl.org/index.php/Binaries>
>
> For example, a quick skim found more than I had wanted to choose from:
> o <http://gnuwin32.sourceforge.net/packages/openssl.htm>
> o <https://www.openssl.org/>
> o
> <https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-in-64-bit/>
> o <https://www.osradar.com/install-openssl-windows/> o
> <https://slproweb.com/products/Win32OpenSSL.html> o
> <https://sourceforge.net/projects/openssl/> etc.
I've used the light installers from slproweb.com.
Arlen Holder <arlen...@anyexample.com> wrote:
> In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
>
> > I didn't see what OS you are running this on but (as you are no
> > doubt aware) you can turn up the logging level in Stunnel for
> > debugging purposes but sometimes it still isn't very helpful.
>
> Thank you for your purposefully helpful information on Stunnel logs
> where, yes, I am aware, in general, of log levels, but the whole time
> I figured the problem was on the mixmin side (and it was) simply
> because I had changed nothing in the interim between working and not
> working (& back to working)
>
> > Just happens today I've been re-building my copies of 5.56 that I
> > use on Windows as OpenSSL updated to 1.1.1g.
>
> I didn't have openssl in my Windows software archives, so to add it,
> I searched and found almost too many Windows binaries to choose from:
> <https://wiki.openssl.org/index.php/Binaries>
>
> For example, a quick skim found more than I had wanted to choose from:
> o <http://gnuwin32.sourceforge.net/packages/openssl.htm>
> o <https://www.openssl.org/>
> o
> <https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-in-64-bit/>
> o <https://www.osradar.com/install-openssl-windows/> o
> <https://slproweb.com/products/Win32OpenSSL.html> o
> <https://sourceforge.net/projects/openssl/> etc.
I've also used the binaries built by the Curl project
https://curl.haxx.se/windows/
Curl project also provide .pem versions of the Mozilla root
certificates which you can use for the -CAfile when testing with
OpenSSL.
https://curl.haxx.se/docs/caextract.html
>
> After installing & googling for syntax examples, this worked:
> echo q | openssl s_client -connect news.mixmin.net:563 | openssl
> x509 -noout -enddate | findstr "notAfter" Which confirmed the result
> you obtained of: notAfter=Jun 26 19:57:30 2020 GMT
>
> Given Usenet is a huge public helpdesk, the great news is now I can
> use that command in the future for self-help debugging of a server
> certificate: echo q | openssl s_client -connect news.mixmin.net:563 |
> openssl x509 -noout -enddate | findstr "notAfter" echo q | openssl
> s_client -connect news.eternal-september.org:563 | openssl x509
> -noout -enddate | findstr "notAfter" echo q | openssl s_client
> -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr
> "notAfter" etc.
>
> This worked for mixmin & eternal september, but, unfortunately, not
> dizum: o mixmin = notAfter=Jun 26 19:57:30 2020 GMT
> o eternal-september = notAfter=Jun 13 09:09:38 2020 GMT
> o dizum = unable to load certificate
>
> Are there any other free newsservers we can test with this command?
nntp.aioe.org:563 - should be OK.
news.albasani.net:563 - this one is broken. (1) It's using a
self-signed certificate, but (2) it has expired.
>
> > LetsEncrypt is great but the certificates only last for three
> > months.
>
> If I could code better, I would consider writing a script that runs
> periodically to check the known handful of free servers' encryption,
> e.g., pseudocode... for servers named
> {news.mixmin.net,news.dizum.net,news.eternal-september.org} echo q |
> openssl s_client -connect %servers%:563 | openssl x509 -noout
> -enddate | findstr "notAfter" if enddate < currentdate then print
> "Warning: %server% cert EXPIRED!' endloop
>
> Thanks again for helpfully confirming the mixmin certificate had
> expired. Next time I can check the expiry date for myself, and others
> can benefit from this information to do the same.
Arlen Holder
Apr 26, 2020, 3:24:19 PM4/26/20
to
In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
Hi a.non.eymous,
Yet again I appreciate that you're purposefully helpful,
where I will try to respond in kind, so that our posts
will always add value to this newsgroup every time we post.
Thanks for suggesting the slproweb latest version, as likely
wholly unbeknownst to you I had also asked on the freeware &
windows newssgroups for the latest binary files.
Unfortunately, so far anyway, the only responses were,
essentially, the unhelpful advice to compile it myself...
o <http://tinyurl.com/alt-comp-freeware>
(which isn't all that helpful as I haven't run a Makefile in a decade).
o Which openssl Windows binary do you recommend (to have the latest official version)?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/mZgki-TvHlo>
I _may_ compile it anyway, but that will take a lot of work
as I have to figure out a compiler for one (e.g., gcc) and whatever
else is needed to compile the openssl tarball src to a Windows binary.
Luckily, from the slproweb choices you had suggested
o I installed the "light" EXE (as the MSI caused Windows defender to complain)
<https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe>
Name: Win64OpenSSL_Light-1_1_1g.exe
Size: 3711230 bytes (3624 KiB)
SHA256: 9DAF1964D886A548BBDCE67560EC73AA050F7448407459F2FD247813EC14527F
This appears to be the latest openssl version (AFAICT):
c:\> openssl version
OpenSSL 1.1.1g 21 Apr 2020
Thanks for that suggestion - but I couldn't find the openssl binaries.
o I found they said they "linked" with openssl...
But I wasn't even sure what that means to someone looking for ssl binaries.
BTW, as an aside, I use the Windows native curl.exe all the time
o Mostly to check my network status
C:\> curl.exe icanhazip.com
{RETURNS your WAN IP address}
> Curl project also provide .pem versions of the Mozilla root
> certificates which you can use for the -CAfile when testing with
> OpenSSL.
> https://curl.haxx.se/docs/caextract.html
o But I saved it in my readme in my openssl archives for future use. :)
I'm not sure if that is a typo, but it's "dizum" not "dizium". :)
> news.albasani.net:563 - this one is broken. (1) It's using a
> self-signed certificate, but (2) it has expired.
o But I do not know how to _interpret_ what these results tell me.
Command:
echo q | openssl s_client -connect news.albasani.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
Result:
depth=0 C = CH, ST = Some-State, L = Zurich, O = Albasani, OU = Roman Racine, CN = reader.albasani.net, emailAddress = roman....@gmail.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, ST = Some-State, L = Zurich, O = Albasani, OU = Roman Racine, CN = reader.albasani.net, emailAddress = roman....@gmail.com
verify error:num=10:certificate has expired
notAfter=Jul 21 15:37:36 2019 GMT
verify return:1
depth=0 C = CH, ST = Some-State, L = Zurich, O = Albasani, OU = Roman Racine, CN = reader.albasani.net, emailAddress = roman....@gmail.com
notAfter=Jul 21 15:37:36 2019 GMT
verify return:1
notAfter=Jul 21 15:37:36 2019 GMT
Thank you for suggesting aioe's encrypted server (I usually use the 119 port).
o Here are a few I found by hunting around (I'm sure there are more!)
Ordered by expiry date...
o *aioe* = notAfter=May 14 12:34:41 2020 GMT
echo q | openssl s_client -connect nntp.aioe.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *eternal-september* = notAfter=Jun 13 09:09:38 2020 GMT
echo q | openssl s_client -connect news.eternal-september.org:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *mixmin* = notAfter=Jun 26 19:57:30 2020 GMT
echo q | openssl s_client -connect news.mixmin.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *albasani* = notAfter=Jul 21 15:37:36 2019 GMT
echo q | openssl s_client -connect news.albasani.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *individual* = notAfter=Aug 25 14:52:45 2021 GMT
echo q | openssl s_client -connect news.individual.de:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *neodome* = notAfter=Dec 31 21:59:46 2020 GMT
echo q | openssl s_client -connect news.neodome.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
I don't know why these failed (ordered alphabetically):
o *altopia* = unable to load certificate
echo q | openssl s_client -connect newsipv6.altopia.com:563 | openssl x509 -noout -enddate | findstr "notAfter"
o *dizum* = unable to load certificate
echo q | openssl s_client -connect news.dizum.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
NOTE: I'm not sure why the findstring doesn't grep out the other crap though.
> Yes a script would be useful.
--
Usenet is a wondrously rich public helpdesk to politely discuss solutions.
A. non Eyemouse
Apr 26, 2020, 4:12:55 PM4/26/20
to
On 2020-04-26, Arlen Holder <arlen...@anyexample.com> wrote:
> In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
>
>> I've used the light installers from slproweb.com.
>
> Hi a.non.eymous,
>
> Yet again I appreciate that you're purposefully helpful,
> where I will try to respond in kind, so that our posts
> will always add value to this newsgroup every time we post.
>
> Thanks for suggesting the slproweb latest version, as likely
> wholly unbeknownst to you I had also asked on the freeware &
> windows newssgroups for the latest binary files.
>
> Unfortunately, so far anyway, the only responses were,
> essentially, the unhelpful advice to compile it myself...
> o <http://tinyurl.com/alt-comp-freeware>
> (which isn't all that helpful as I haven't run a Makefile in a decade).
> o Which openssl Windows binary do you recommend (to have the latest
> official version)?
><https://groups.google.com/forum/#!topic/alt.comp.freeware/mZgki-TvHlo>
>
> I _may_ compile it anyway, but that will take a lot of work
> as I have to figure out a compiler for one (e.g., gcc) and whatever
> else is needed to compile the openssl tarball src to a Windows binary.
>https://groups.google.com/forum/#!topic/alt.comp.freeware/mZgki-TvHlo>
> In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
>
>> I've used the light installers from slproweb.com.
>
> Hi a.non.eymous,
>
> Yet again I appreciate that you're purposefully helpful,
> where I will try to respond in kind, so that our posts
> will always add value to this newsgroup every time we post.
>
> Thanks for suggesting the slproweb latest version, as likely
> wholly unbeknownst to you I had also asked on the freeware &
> windows newssgroups for the latest binary files.
>
> Unfortunately, so far anyway, the only responses were,
> essentially, the unhelpful advice to compile it myself...
> o <http://tinyurl.com/alt-comp-freeware>
> (which isn't all that helpful as I haven't run a Makefile in a decade).
> o Which openssl Windows binary do you recommend (to have the latest
> official version)?
><https://groups.google.com/forum/#!topic/alt.comp.freeware/mZgki-TvHlo>
>
> I _may_ compile it anyway, but that will take a lot of work
> as I have to figure out a compiler for one (e.g., gcc) and whatever
> else is needed to compile the openssl tarball src to a Windows binary.
> Luckily, from the slproweb choices you had suggested
> o I installed the "light" EXE (as the MSI caused Windows defender to complain)
> <https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe>
> Name: Win64OpenSSL_Light-1_1_1g.exe
> Size: 3711230 bytes (3624 KiB)
> SHA256: 9DAF1964D886A548BBDCE67560EC73AA050F7448407459F2FD247813EC14527F
>
> This appears to be the latest openssl version (AFAICT):
> c:\> openssl version
> OpenSSL 1.1.1g 21 Apr 2020
>
>> I've also used the binaries built by the Curl project
>> https://curl.haxx.se/windows/
>
> Thanks for that suggestion - but I couldn't find the openssl binaries.
> o I found they said they "linked" with openssl...
> But I wasn't even sure what that means to someone looking for ssl binaries.
The latest binaries are here
> o I installed the "light" EXE (as the MSI caused Windows defender to complain)
> <https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe>
> Name: Win64OpenSSL_Light-1_1_1g.exe
> Size: 3711230 bytes (3624 KiB)
> SHA256: 9DAF1964D886A548BBDCE67560EC73AA050F7448407459F2FD247813EC14527F
>
> This appears to be the latest openssl version (AFAICT):
> c:\> openssl version
> OpenSSL 1.1.1g 21 Apr 2020
>
>> I've also used the binaries built by the Curl project
>> https://curl.haxx.se/windows/
>
> Thanks for that suggestion - but I couldn't find the openssl binaries.
> o I found they said they "linked" with openssl...
> But I wasn't even sure what that means to someone looking for ssl binaries.
https://curl.haxx.se/windows/dl-7.69.1_2/
openssl-1.1.1g_2-win32-mingw.zip
openssl-1.1.1g_2-win64-mingw.zip
Just grab the zip files, unzip them and run. You'll probably have to
get around the Windows smartscreen warnings though.
>
> BTW, as an aside, I use the Windows native curl.exe all the time
> o Mostly to check my network status
> C:\> curl.exe icanhazip.com
> {RETURNS your WAN IP address}
>
>> Curl project also provide .pem versions of the Mozilla root
>> certificates which you can use for the -CAfile when testing with
>> OpenSSL.
>> https://curl.haxx.se/docs/caextract.html
>
> I admit openly that I wouldn't know what to do with this information
> o But I saved it in my readme in my openssl archives for future use. :)
>
Arlen Holder
Apr 26, 2020, 9:10:09 PM4/26/20
to
In response to what "A. non Eyemouse" <some...@work.invalid> wrote :
> The latest binaries are here
> https://curl.haxx.se/windows/dl-7.69.1_2/
> openssl-1.1.1g_2-win32-mingw.zip
> openssl-1.1.1g_2-win64-mingw.zip
Ah. I see why I missed them in the first pass.
> https://curl.haxx.se/windows/dl-7.69.1_2/
> openssl-1.1.1g_2-win32-mingw.zip
> openssl-1.1.1g_2-win64-mingw.zip
Thanks for having the patience to point them out specifically.
o <https://curl.haxx.se/windows/dl-7.69.1_2/openssl-1.1.1g_2-win64-mingw.zip>
o <https://curl.haxx.se/windows/dl-7.69.1_2/openssl-1.1.1g_2-win32-mingw.zip>
Those links were found in the "curl" compile "specifications" section:
<https://curl.haxx.se/windows/>
Which points this directory of related compiled Windows binaries:
<https://curl.haxx.se/windows/dl-7.69.1_2/>
What's interesting is these "haax" openssl binaries are zip files with only
two DLLs necessary (apparently), namely these two DLLs:
o capi.dll & padlock.dll
Meanwhile, the "slproweb" openssl binaries were EXE & MSI installers, with
even more dlls, namely those same two DLLs
o "capi.dll", "padlock.dll"
But also
o dasync.dll
o libcrypto-1_1-x64.dll
o libssl-1_1-x64.dll
o ossltest.dll
> Some that you listed probably don't support ssl connections.
o I just set the free nntp server to 563[x]SSL if it needs it.
For example, these free newsservers use 563 [x]SSL as far as I know:
o aioe_rw_563 nntp.aioe.org:563[x]SSL uname=<blank> passwd=<blank>
o eternal_rw_563 news.eternal-september.org:563[x]SSL uname & passwd req'd
o mixmin_rw_563 news.mixmin.net:563[x]SSL uname=<blank> passwd=<blank>
o neodome_rw_563 news.neodome.net:563[x]SSL uname=<blank> passwd=<blank>
o individual_rw_563 news.individual.de:563[x]SSL uname & passwd req'd
--
See also:
o If I wanted to build the openssl binary from source code,
which free compiler is used nowadays for such things?
<https://groups.google.com/forum/#!topic/alt.comp.freeware/6eVRAN-kPEs>
Arlen Holder
Apr 26, 2020, 9:27:52 PM4/26/20
to
In response to what Arlen Holder <arlen...@anyexample.com> wrote :
> For example, these free newsservers use 563 [x]SSL as far as I know:
> o aioe_rw_563 nntp.aioe.org:563[x]SSL uname=<blank> passwd=<blank>
> o eternal_rw_563 news.eternal-september.org:563[x]SSL uname & passwd req'd
> o mixmin_rw_563 news.mixmin.net:563[x]SSL uname=<blank> passwd=<blank>
> o neodome_rw_563 news.neodome.net:563[x]SSL uname=<blank> passwd=<blank>
> o individual_rw_563 news.individual.de:563[x]SSL uname & passwd req'd
BTW, yesterday this seem to be working (AFAIK), but not today (go figure).
o dizum_rw_563 news.dizum.net:563[x]SSL uname=<blank> passwd=<blank>
o dizum_rw_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
But right now, this is the only thing on dizum that appears to be working:
o dizum_ro_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
--
For some reason, the writing to dizum at port 119 now fails, as does
both reading and writing on port 563 SSL but all three used to work AFAIK.
> For example, these free newsservers use 563 [x]SSL as far as I know:
> o aioe_rw_563 nntp.aioe.org:563[x]SSL uname=<blank> passwd=<blank>
> o eternal_rw_563 news.eternal-september.org:563[x]SSL uname & passwd req'd
> o mixmin_rw_563 news.mixmin.net:563[x]SSL uname=<blank> passwd=<blank>
> o neodome_rw_563 news.neodome.net:563[x]SSL uname=<blank> passwd=<blank>
> o individual_rw_563 news.individual.de:563[x]SSL uname & passwd req'd
o dizum_rw_563 news.dizum.net:563[x]SSL uname=<blank> passwd=<blank>
o dizum_rw_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
But right now, this is the only thing on dizum that appears to be working:
o dizum_ro_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
--
For some reason, the writing to dizum at port 119 now fails, as does
both reading and writing on port 563 SSL but all three used to work AFAIK.
Neodome Admin
May 1, 2020, 1:11:07 PM5/1/20
to
Arlen Holder <arlen...@anyexample.com> wrote:
> In response to what Arlen Holder <arlen...@anyexample.com> wrote :
>
>> For example, these free newsservers use 563 [x]SSL as far as I know:
>> o aioe_rw_563 nntp.aioe.org:563[x]SSL uname=<blank> passwd=<blank>
>> o eternal_rw_563 news.eternal-september.org:563[x]SSL uname & passwd req'd
>> o mixmin_rw_563 news.mixmin.net:563[x]SSL uname=<blank> passwd=<blank>
>> o neodome_rw_563 news.neodome.net:563[x]SSL uname=<blank> passwd=<blank>
>> o individual_rw_563 news.individual.de:563[x]SSL uname & passwd req'd
>
> BTW, yesterday this seem to be working (AFAIK), but not today (go figure).
> o dizum_rw_563 news.dizum.net:563[x]SSL uname=<blank> passwd=<blank>
> o dizum_rw_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
>
> But right now, this is the only thing on dizum that appears to be working:
> o dizum_ro_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
Alex was doing some maintenance on the server. He announced it in a.p.a-s,
> In response to what Arlen Holder <arlen...@anyexample.com> wrote :
>
>> For example, these free newsservers use 563 [x]SSL as far as I know:
>> o aioe_rw_563 nntp.aioe.org:563[x]SSL uname=<blank> passwd=<blank>
>> o eternal_rw_563 news.eternal-september.org:563[x]SSL uname & passwd req'd
>> o mixmin_rw_563 news.mixmin.net:563[x]SSL uname=<blank> passwd=<blank>
>> o neodome_rw_563 news.neodome.net:563[x]SSL uname=<blank> passwd=<blank>
>> o individual_rw_563 news.individual.de:563[x]SSL uname & passwd req'd
>
> BTW, yesterday this seem to be working (AFAIK), but not today (go figure).
> o dizum_rw_563 news.dizum.net:563[x]SSL uname=<blank> passwd=<blank>
> o dizum_rw_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
>
> But right now, this is the only thing on dizum that appears to be working:
> o dizum_ro_119 news.dizum.net:119[_]SSL uname=<blank> passwd=<blank>
not sure if he’s reading this group.
--
Neodome
Arlen Holder
May 15, 2020, 11:25:05 PM5/15/20
to
In response to what Neodome Admin <ad...@neodome.net> wrote :
> Alex was doing some maintenance on the server. He announced it in a.p.a-s,
> not sure if he¢s reading this group.
Thanks for that information about Alex de Joode's changes.
(I'm not at all clear on what newsgroup a.p.a-s is though)
Alex seems to have wiped out the free posting sans account for good.
news.dizum.net:563 [x]SSL (working April 2020, no longer works)
username=<blank> password=<blank>
It didn't work for years, then worked for, oh, maybe a year or so.
But it stopped working recently.
Bummer.
--
Updated the subject line as this has nothing to do with Steve Crook.
> Alex was doing some maintenance on the server. He announced it in a.p.a-s,
> not sure if he¢s reading this group.
(I'm not at all clear on what newsgroup a.p.a-s is though)
Alex seems to have wiped out the free posting sans account for good.
news.dizum.net:563 [x]SSL (working April 2020, no longer works)
username=<blank> password=<blank>
It didn't work for years, then worked for, oh, maybe a year or so.
But it stopped working recently.
Bummer.
--
Updated the subject line as this has nothing to do with Steve Crook.
Neodome Admin
May 19, 2020, 12:42:25 AM5/19/20
to
Arlen Holder <arlen...@any1example.com> wrote:
> (I'm not at all clear on what newsgroup a.p.a-s is though)
alt.privacy.anon-server
> (I'm not at all clear on what newsgroup a.p.a-s is though)
--
Neodome
Arlen Holder
May 19, 2020, 7:01:35 PM5/19/20
to
On Tue, 19 May 2020 04:42:24 -0000 (UTC), Neodome Admin wrote:
>> (I'm not at all clear on what newsgroup a.p.a-s is though)
>
> alt.privacy.anon-server
Hi Neodome,
>> (I'm not at all clear on what newsgroup a.p.a-s is though)
>
> alt.privacy.anon-server
THANK You very much for your polite help, where we're (almost) all old men
who know how risky it is to ask a question or admit lack of knowledge on
Usenet.
Hence, I appreciate that you pointed us to the discussions for a.p.a-s:
o <https://tinyurl.com/alt-privacy-anon-server>
o <https://groups.google.com/forum/#!forum/alt.privacy.anon-server>
o <https://alt.privacy.anon-server.narkive.com/>
etc.
I'm not a regular here, so I appreciate that you were kind in your advice.
Is this the thread about Dizum you intimated we should check?
o *Anticipated dizum downtime*
<https://groups.google.com/d/msg/alt.privacy.anon-server/o2jMpwdTO54/2WjBgixXAQAJ>
BTW, my news agent is simply a bunch of ancient scripts (mostly telnet plus
dictionary lookups for the headers) and vi as the reader, so I will add
alt.privacy.anon-server to my scripts for future use.
Thanks.
--
Usenet is so much better when purposefully helpful people post.
0 new messages