Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

It's hard to tune heavily tuned code. :-) -- Larry Wall in <199801141725.JAA07555@wall.org>


computers / news.software.readers / Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

SubjectAuthor
* (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
+* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|+- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
| `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    | +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)david
|    | |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)D
|    | | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)david
|    | |  +- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)D
|    | |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    | |   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    | |    `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|    |    `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |     `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |      `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |       `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    |        `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|    |         `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|     `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|      `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       +* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       |`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|       | `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|       |  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|       |   `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|       `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|        `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|         `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
+* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|`* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
| `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)VanguardLH
|  `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
|   `* Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Bernd Rose
|    `- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)Ronald
`- Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)immibis

Pages:12
(Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<und7gj$srbd$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1751&group=news.software.readers#1751

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sat, 6 Jan 2024 22:58:11 -0500
Organization: To protect and to server
Message-ID: <und7gj$srbd$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 03:58:12 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="945517"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:ekz6Ua+Rd2+iJuf2k4ISFfUKcROZku+z0VU93Vc2ZVE=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 03:58 UTC

Dialog is failing on a Neodome account setup that used to work.
Posting article failed: Socket Error # 0; (nameofserver username ok)(Finished)
Socket Error # 0; (nameofserver username ok)(Finished)

The stunnel.conf file has the same boilerplate setup as it always had.
That boilerplate stunnel.conf is this (which used to work for Neodome).
[neodome]
client = yes
accept = 127.0.0.1:55555
connect = news.neodome.net:563
verify = 0
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

That same boilerplate stunnel.conf works for other encrypted servers.
Just not Neodome.

40TudeDialog is set up for that user as any other setup would be.
Host: 127.0.0.1
Port: 55555
SSL: unchecked
Username: abcdefg
Password: xxxxxxx
Allwd. conn.: 2
Use pipelining (unchecked)

I set the log level to "0 - All debug messages" by right clicking on
"Connections" at the bottom right corner of the Windows Dialog GUI.

Then I copied the section of the files in Program Files under "logs".

0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
0 25674390: FDATA: Opening 1
0 25674390: FDATA: Reading itemcount 3
0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
3 25674390: Sending message to news.software.readers (Started) [$0000250C]
1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
3 25674390: Connecting to NNTP 127.0.0.1:60569 [$0000250C]
1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
0 25675500: FDATA: Regular update PAK - ChangeCount: 0
0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
0 25675500: FDATA: Regular update PAK - ChangeCount: 1
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FontFB: No non-ASCII characters found; Using default font
0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675484: !Quit (Finished) [$0000250C]
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
0 25676328: TFlushBodiesThread started with ThreadID: $16A0
1 25678328: Flushing body db
0 25678328: FDATA: Updating PAK, number of subfiles: 29
0 25678328: FDATA: Writing itemcount 3
0 25678328: FDATA: Closing 1
1 25679687: Main window close query
1 25679750: Main window destroy called - Goodbye
0 25679765: FDATA: destroying; Changecount: 0
1 25679765: Flushing group and server list

How can I further debug this socket error before contacting Neodome admins?
(What is a Dialog socket error anyway?)

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<und84c$ssl1$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1752&group=news.software.readers#1752

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sat, 6 Jan 2024 23:08:44 -0500
Organization: To protect and to server
Message-ID: <und84c$ssl1$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 04:08:45 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="946849"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:jOLakYQvzT1L6OUjP5v4rzLSYfbxC4e5Zcf5aaBn0+Y=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 04:08 UTC

When cleaning up the log to make it easier for you to read, I made a
minor mistake in simplifying the port number and noticed it too late.

Here's the corrected log so you don't waste time debugging the prior log.

0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
0 25674390: FDATA: Opening 1
0 25674390: FDATA: Reading itemcount 3
0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
3 25674390: Sending message to news.software.readers (Started) [$0000250C]
1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
0 25675500: FDATA: Regular update PAK - ChangeCount: 0
0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
0 25675500: FDATA: Regular update PAK - ChangeCount: 1
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FontFB: No non-ASCII characters found; Using default font
0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675484: !Quit (Finished) [$0000250C]
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
0 25676328: TFlushBodiesThread started with ThreadID: $16A0
1 25678328: Flushing body db
0 25678328: FDATA: Updating PAK, number of subfiles: 29
0 25678328: FDATA: Writing itemcount 3
0 25678328: FDATA: Closing 1
1 25679687: Main window close query
1 25679750: Main window destroy called - Goodbye
0 25679765: FDATA: destroying; Changecount: 0
1 25679765: Flushing group and server list

The line I don't understand is that the error is a Dialog "socket error".
What's that?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<8i5ojjyfgn67$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1755&group=news.software.readers#1755

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!news.nntp4.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 09:04:04 +0100
Message-ID: <8i5ojjyfgn67$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="187049"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (4c75ff17.194.259)
Cancel-Lock: sha1:m4wSGhUSvTFCF2cAFZwG9D4tun0=
X-User-ID: eJwFwQcBwEAIBDBLrIMih2f4l9AE6uwd5nDD4axYs0NDpSVcDLbR/mqDQNvjy5dH+27S9LYpU77xBGwwXfw9q4JU21v+AcY+GlY=
 by: Bernd Rose - Sun, 7 Jan 2024 08:04 UTC

On Sat, 6th Jan 2024 23:08:44 -0500, Ronald wrote:

> 1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
> 3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
[...]
> 0 25675484: !Quit (Finished) [$0000250C]
>
> The line I don't understand is that the error is a Dialog "socket error".
> What's that?

A socket is a dedicated connection established by the OS between a program
and an IP-address:port combination. Several such sockets can exist in
parallel at any certain time, just not with the same parameters.

"Socket error # 0" isn't a normal Socket error number. It will be returned
by the Indy network functions (a Delphi network library used by Dialog),
when no connection could be established, at all.

From above information it seems, you set up your connection to the Neodome
server inside Dialog to connect to localhost (127.0.0.1) on port 55555.
User name and password for the Neodome server have to be entered inside the
Dialog connection settings, as well. You must /not/ tick on the SSL box,
though, because with above parameters you most likely want to use a more
up-to-date program for managing the encryption.

You are probably using sTunnel as an intermediate for encrypted connections.
With above parameters you need to set up sTunnel to accept local connections
from port 55555 and forward them encrypted to the Neodome NNTP server:

[Neodome]
client = yes
accept = localhost:55555
connect = news.neodome.net:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

Please check, if sTunnel is running at all. And if the connection parameters
are set correctly. (Especially, that no 2 connection sections using the same
/internal/ port number [55555 in this case].) If this all seems okay, check
the sTunnel log file for further information.

HTH.
Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1756&group=news.software.readers#1756

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Supersedes: <8i5ojjyfgn67$.dlg@b.rose.tmpbox.news.arcor.de>
Date: Sun, 7 Jan 2024 09:10:13 +0100
Message-ID: <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="187351"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (4c75ff17.194.259)
Cancel-Key: sha1:asjYtEUPBX0xcbSE25vD7Ljy1zE=
Cancel-Lock: sha1:izqotPldCbGoaPBMT0SbZmY/ecc=
X-User-ID: eJwNwocRA0EIBLCWgCWWQ/D1X8J7JIOzb6ibq72/5iuJ3DWqbqYdEMv0r4+ACEM8+CRj5apCy2zyIM3NrsBmmuoW5durD7NqGP0=
 by: Bernd Rose - Sun, 7 Jan 2024 08:10 UTC

On Sat, 6th Jan 2024 23:08:44 -0500, Ronald wrote:

> 1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
> 3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
[...]
> 0 25675484: !Quit (Finished) [$0000250C]
> 5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
[...]
> The line I don't understand is that the error is a Dialog "socket error".
> What's that?

A socket is a dedicated connection established by the OS between a program
and an IP-address:port combination. Several such sockets can exist in
parallel at any certain time, just not with the same parameters.

"Socket error # 0" isn't a normal Socket error number. It will be returned
by the Indy network functions (a Delphi network library used by Dialog),
when no connection could be established, at all.

From above information it seems, you set up your connection to the Neodome
server inside Dialog to connect to localhost (127.0.0.1) on port 55555.
User name and password for the Neodome server have to be entered inside the
Dialog connection settings, as well. You must /not/ tick on the SSL box,
though, because with above parameters you most likely want to use a more
up-to-date program for managing the encryption.

You are probably using sTunnel as an intermediate for encrypted connections.
With above parameters you need to set up sTunnel to accept local connections
from port 55555 and forward them encrypted to the Neodome NNTP server:

[Neodome]
client = yes
accept = localhost:55555
connect = news.neodome.net:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

Please check, if sTunnel is running at all. And if the connection parameters
are set correctly. (Especially, that no 2 connection sections using the same
/internal/ port number [55555 in this case].) If this all seems okay, check
the sTunnel log file for further information.

HTH.
Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<undopl$tmdk$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1757&group=news.software.readers#1757

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 03:53:10 -0500
Organization: To protect and to server
Message-ID: <undopl$tmdk$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 08:53:10 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="973236"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:g6hXn2vjMcxaNlbuWsShu/MKtbOaROkAAReGklAw54I=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 08:53 UTC

On Sun, 7 Jan 2024 09:10:13 +0100, Bernd Rose <b.rose.tmpbox@arcor.de> wrote

> A socket is a dedicated connection established by the OS between a program
> and an IP-address:port combination. Several such sockets can exist in
> parallel at any certain time, just not with the same parameters.
>
> "Socket error # 0" isn't a normal Socket error number. It will be returned
> by the Indy network functions (a Delphi network library used by Dialog),
> when no connection could be established, at all.

Thanks for that information as Stunnel is working with other encrypted nntp
news servers without the socket error that only Neodome is reporting.

The strange thing is the Neodome stunnel entry was working for about a year
and there are no conflicts in the port (55555) arbitrarily assigned as I've
changed the port multiple times (in both Dialog & in stunnel.conf of course)
and no other nntp server is using the same port either.

> From above information it seems, you set up your connection to the Neodome
> server inside Dialog to connect to localhost (127.0.0.1) on port 55555.
> User name and password for the Neodome server have to be entered inside the
> Dialog connection settings, as well. You must /not/ tick on the SSL box,
> though, because with above parameters you most likely want to use a more
> up-to-date program for managing the encryption.

Yep. All that is set exactly as you said, and it used to work for Neodome.
It still works for other encrypted news servers - but just not Neodome.

> You are probably using sTunnel as an intermediate for encrypted connections.
> With above parameters you need to set up sTunnel to accept local connections
> from port 55555 and forward them encrypted to the Neodome NNTP server:
>
> [Neodome]
> client = yes
> accept = localhost:55555
> connect = news.neodome.net:563
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = news.neodome.net
> OCSPaia = yes

My stunnel.conf is only very slightly different, as shown below.
[neodome]
client = yes
accept = 127.0.0.1:55555
connect = news.neodome.net:563
verify = 0
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

The only difference is I have a "verify = 0" which I will comment out.
And I use "127.0.0.1" instead of "localhost" which should not matter.

> Please check, if sTunnel is running at all.

Stunnel is definitely running as I post with other servers using it.

Plus the icon in the hardware section of the taskbar will be green when
it's OK, then blue when being used, and red if there's a failure.

It's green.

> And if the connection parameters
> are set correctly. (Especially, that no 2 connection sections using the same
> /internal/ port number [55555 in this case].) If this all seems okay, check
> the sTunnel log file for further information.

To get a clean log out of Stunnel, I killed and restarted it.
This shows it's ready to take connections.
2024.01.07 02:18:11 LOG5[main]: stunnel 5.69 on x64-pc-mingw32-gnu platform
2024.01.07 02:18:11 LOG5[main]: Compiled/running with OpenSSL 3.0.8 7 Feb 2023
2024.01.07 02:18:11 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2024.01.07 02:18:11 LOG5[main]: Reading configuration from file C:\Program Files\stunnel\config\stunnel.conf
2024.01.07 02:18:11 LOG5[main]: UTF-8 byte order mark detected
2024.01.07 02:18:11 LOG5[main]: FIPS mode disabled
2024.01.07 02:18:32 LOG5[main]: Configuration successful

This is what happens when I post to another server (not neodome).
2024.01.07 02:34:17 LOG5[0]: Service [eternal] accepted connection from 127.0.0.1:55554
2024.01.07 02:34:20 LOG5[0]: s_connect: connected 135.181.20.170:563
2024.01.07 02:34:20 LOG5[0]: Service [eternal] connected remote server from 10.211.1.145:60382
2024.01.07 02:34:24 LOG5[0]: OCSP: Connecting the AIA responder "http://r3.o.lencr.org"
2024.01.07 02:34:27 LOG5[0]: s_connect: connected 23.2.16.105:80
2024.01.07 02:34:30 LOG5[0]: OCSP: Certificate accepted
2024.01.07 02:34:30 LOG5[0]: Certificate accepted at depth=0: CN=news.eternal-september.org
2024.01.07 02:34:44 LOG3[0]: SSL_read: ssl/record/rec_layer_s3.c:321: error:0A000126:SSL routines::unexpected eof while reading
2024.01.07 02:34:44 LOG5[0]: Connection reset: 358 byte(s) sent to TLS, 388 byte(s) sent to socket

This is what happens when I post to the neodome server.
2024.01.07 02:18:55 LOG5[0]: Service [neodome] accepted connection from 127.0.0.1:55555
2024.01.07 02:19:00 LOG5[0]: s_connect: connected 95.216.243.224:563
2024.01.07 02:19:00 LOG5[0]: Service [neodome] connected remote server from 10.211.1.145:60371
2024.01.07 02:19:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
2024.01.07 02:19:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
2024.01.07 02:19:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed
2024.01.07 02:19:01 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

This is the Dialog log file when I post using eternal september with Stunnel.
0 43532453: Creating worker thread: Sending message to alt.test username
0 43532453: FDATA: Opening 1
0 43532468: FDATA: Reading itemcount 6
0 43532468: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2579
3 43532453: Sending message to alt.test (Started) [$00002754]
1 43532453: NNTP slot used by this thread: username [$00002754]
3 43532468: Connecting to NNTP 127.0.0.1:55556 [$00002754]
0 43548968: 200 news.eternal-september.org InterNetNews NNRP server INN 2.8.0 (20231205 snapshot) ready (posting ok) [$00002754]
0 43548968: !MODE READER [$00002754]
0 43550859: 200 news.eternal-september.org InterNetNews NNRP server INN 2.8.0 (20231205 snapshot) ready (posting ok) [$00002754]
3 43550859: Connected to NNTP 127.0.0.1:55556 [$00002754]
3 43550859: Logging in to NNTP 127.0.0.1:55556 [$00002754]
0 43550859: !AUTHINFO USER ****** [$00002754]
0 43552218: 381 Enter password [$00002754]
0 43552218: !AUTHINFO PASS ********* [$00002754]
0 43554687: 281 Authentication succeeded [$00002754]
3 43554687: Posting message to NNTP server [$00002754]
0 43554687: !POST [$00002754]

This is the Dialog log file when I post using neodome with Stunnel.
0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
0 25674390: FDATA: Opening 1
0 25674390: FDATA: Reading itemcount 3
0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
3 25674390: Sending message to news.software.readers (Started) [$0000250C]
1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
3 25674390: Connecting to NNTP 127.0.0.1:55555 [$0000250C]
1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
0 25675500: FDATA: Regular update PAK - ChangeCount: 0
0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
0 25675500: FDATA: Regular update PAK - ChangeCount: 1
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FontFB: No non-ASCII characters found; Using default font
0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675531: FontFB: No non-ASCII characters found; Using default font
0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
0 25675484: !Quit (Finished) [$0000250C]
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
0 25676328: TFlushBodiesThread started with ThreadID: $16A0
1 25678328: Flushing body db
0 25678328: FDATA: Updating PAK, number of subfiles: 29
0 25678328: FDATA: Writing itemcount 3
0 25678328: FDATA: Closing 1
1 25679687: Main window close query
1 25679750: Main window destroy called - Goodbye
0 25679765: FDATA: destroying; Changecount: 0
1 25679765: Flushing group and server list

The two errors (one in Dialog's log and the other in Stunnel's log) are:

Dialog error:
5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]


Click here to read the complete article
Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<undpsb$tok8$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1758&group=news.software.readers#1758

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 04:11:40 -0500
Organization: To protect and to server
Message-ID: <undpsb$tok8$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 09:11:40 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="975496"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:zabLs3mcSJaJvVi+Ee+RWCFDqPF7CmvxZeDDAsIySkA=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 09:11 UTC

On Sun, 7 Jan 2024 03:53:10 -0500, Ronald wrote:

> In a minute I will try it again by removing that one line (verify = 0)
> in the stunnel.conf file for Neodome, but does that look like to you
> that the certificate for Neodome is having the problem?

I commented out the "verify = 0" stunnel.conf line, but it still failed.
It just failed faster.

Stunnel.conf
[Neodome]
client = yes
accept = 127.0.0.1:55555
connect = news.neodome.net:563
; verify = 0
; (verify was set to 0 because it's a self-signed certificate)
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.neodome.net
OCSPaia = yes

Dialog log:
5 44896390: Socket Error # 0; (Neodome username ok) (Finished) [$0000220C]
0 44896390: KillNNTP entered for: Neodome username ok1 (Finished) [$0000220C]
Stunnel log:
2024.01.07 03:57:01 LOG5[0]: Service [Neodome] accepted connection from 127.0.0.1:55555
2024.01.07 03:57:01 LOG5[0]: s_connect: connected 95.216.243.224:563
2024.01.07 03:57:01 LOG5[0]: Service [Neodome] connected remote server from 192.168.1.23:55555
2024.01.07 03:57:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
2024.01.07 03:57:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
2024.01.07 03:57:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed
2024.01.07 03:57:01 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

The two main questions are what is a "KillNNTP" in Dialog and
does that error look like the certificate is bad for Neodome?

Is there a way to test the certificate for Neodome?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<v1akekkmcrn9.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1759&group=news.software.readers#1759

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 03:37:46 -0600
Organization: Usenet Elder
Lines: 92
Sender: V@nguard.LH
Message-ID: <v1akekkmcrn9.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net nIpC7sn6rqvkEridhD79owaUQ1ttvrnLGdiKzM5zdjpE9es5Ru
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:SCr3A8DHOkT8wI35YNrnf6s0E+U= sha256:fy4YeCk2XPEoHL8Lrvy2zvWcnrD6SXf+zfAnq0p/Ofk=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 09:37 UTC

Ronald <ronald@nospam.me> wrote:

> Dialog is failing on a Neodome account setup that used to work.
> Posting article failed: Socket Error # 0; (nameofserver username ok)(Finished)
> Socket Error # 0; (nameofserver username ok)(Finished)
>
> The stunnel.conf file has the same boilerplate setup as it always had.
> That boilerplate stunnel.conf is this (which used to work for Neodome).
> [neodome]
> client = yes
> accept = 127.0.0.1:55555
> connect = news.neodome.net:563
> verify = 0
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = news.neodome.net
> OCSPaia = yes
>
> That same boilerplate stunnel.conf works for other encrypted servers.
> Just not Neodome.
>
> 40TudeDialog is set up for that user as any other setup would be.
> Host: 127.0.0.1
> Port: 55555
> SSL: unchecked
> Username: abcdefg
> Password: xxxxxxx
> Allwd. conn.: 2
> Use pipelining (unchecked)
>
> I set the log level to "0 - All debug messages" by right clicking on
> "Connections" at the bottom right corner of the Windows Dialog GUI.
>
> Then I copied the section of the files in Program Files under "logs".
>
> 0 25674390: Creating worker thread: Sending message to news.software.readers neodome Username ok1
> 0 25674390: FDATA: Opening 1
> 0 25674390: FDATA: Reading itemcount 3
> 0 25674390: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
> 3 25674390: Sending message to news.software.readers (Started) [$0000250C]
> 1 25674390: NNTP slot used by this thread: neodome Username ok1 [$0000250C]
> 3 25674390: Connecting to NNTP 127.0.0.1:60569 [$0000250C]
> 1 25675500: Reindexing (Order: 3, no filtering) of group 1 with 2574 articles took 16 ms
> 0 25675500: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2572
> 0 25675500: FDATA: Regular update PAK - ChangeCount: 0
> 0 25675500: FDATA: adding GroupKey: 1 ArticleKey: 2573
> 0 25675500: FDATA: Regular update PAK - ChangeCount: 1
> 0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675515: FontFB: No non-ASCII characters found; Using default font
> 0 25675515: FontFB: Using font "Arial" which is missing 0 glyphs.
> 0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675515: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675531: FontFB: No non-ASCII characters found; Using default font
> 0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
> 0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675531: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675531: FontFB: No non-ASCII characters found; Using default font
> 0 25675531: FontFB: Using font "Arial" which is missing 0 glyphs.
> 0 25675546: FDATA: Extracting body of GroupKey: 1 ArticleKey: 2571
> 0 25675484: !Quit (Finished) [$0000250C]
> 5 25675484: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
> 0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
> 0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
> 0 25675484: KillNNTP entered for: neodome Username ok1 (Finished) [$0000250C]
> 0 25675484: KillNNTP left for: neodome Username ok1 (Finished) [$0000250C]
> 5 25675484: Posting article failed: Socket Error # 0; (neodome Username ok) (Finished) [$0000250C]
> 1 25675500: Sending message to news.software.readers (Finished) (Finished) [$0000250C]
> 0 25676328: TFlushBodiesThread started with ThreadID: $16A0
> 1 25678328: Flushing body db
> 0 25678328: FDATA: Updating PAK, number of subfiles: 29
> 0 25678328: FDATA: Writing itemcount 3
> 0 25678328: FDATA: Closing 1
> 1 25679687: Main window close query
> 1 25679750: Main window destroy called - Goodbye
> 0 25679765: FDATA: destroying; Changecount: 0
> 1 25679765: Flushing group and server list
>
> How can I further debug this socket error before contacting Neodome admins?
> (What is a Dialog socket error anyway?)

Your log shows Dialog is connecting to an IP of 127.0.0.1, port 55555.
That's a reserved internal IP address, not one for a site running an
NNTP server. Seems you must be using a local proxy through which you
pipe Dialog connects to a server. Could be that proxy is dead. Could
be to where that proxy points to for external connects is invalid.
Check settings in the proxy on your host (127.0.0.1) to which to tell
Dialog to connect.

Are you using sTunnel, a VPN, or other local proxy with Dialog?

I thought Neodome died, so there'd be no NNTP server to which Dialog (or
your proxy) could connect.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<undrv0$trmf$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1760&group=news.software.readers#1760

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 04:47:13 -0500
Organization: To protect and to server
Message-ID: <undrv0$trmf$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <v1akekkmcrn9.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 09:47:13 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="978639"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:hE3DH9GewyX7t9VOj96atlJ2IbYqTMw0KSjVY7pK21U=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 09:47 UTC

On Sun, 7 Jan 2024 03:37:46 -0600, VanguardLH wrote:

> Are you using sTunnel, a VPN, or other local proxy with Dialog?

I'm using VPN plus Stunnel with Dialog on Windows.
Just like everyone else does (as Dialog needs Stunned for port 563).

> I thought Neodome died, so there'd be no NNTP server to which Dialog (or
> your proxy) could connect.

I looked up the test commands and I cut and pasted them, so I don't really know what they are telling me but I think the Neodome server has expired.

The odd thing to me is it's supposedly a self-signed certificate.
I don't really know what that means, but how can it expire then?

I don't understand this certificate stuff. Nor signing. Nor expiry.
But here's the output I got from running these commands on Windows.

echo q | openssl s_client -connect news.neodome.net:563 | openssl x509 -noout -enddate | findstr "notAfter"

It reported this result:
depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
verify error:num=18:self signed certificate
verify return:1
depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
verify error:num=10:certificate has expired
notAfter=Dec 31 21:59:46 2020 GMT
verify return:1
depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
notAfter=Dec 31 21:59:46 2020 GMT
verify return:1
notAfter=Dec 31 21:59:46 2020 GMT
DONE

Then I found this command and cut and pasted it into Windows.
openssl s_client -ign_eof -connect news.neodome.net:563

Which reported a long output but I cut out the non errors to result in this.
verify error:num=10:certificate has expired
Verification error: certificate has expired
Verify return code: 10 (certificate has expired)

But Neodome uses a self-signed certificate.
So it's never supposed to expire, right?

I don't know what the output is SUPPOSED to be for a self-signed certificate.
I don't even know what a self-signed certificate even means.

Can you help me make better sense of the output and how to fix it?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1761&group=news.software.readers#1761

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 11:07:58 +0100
Message-ID: <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="140573"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (153b4bb5.162.355)
Cancel-Lock: sha1:l8tbpDfFix0VXqTaJU6/ce7/zr0=
X-User-ID: eJwNycEBwCAIA8CVICRox6kI+4/Q3vcU6VmLqaRGMwCU5wluwO3gtnRz+KKtjEWMgr6Ws6/Vurup3Ko2r0BUuMYaOf9hPpzWGR0=
 by: Bernd Rose - Sun, 7 Jan 2024 10:07 UTC

On Sun, 7th Jan 2024 04:11:40 -0500, Ronald wrote:

> Dialog log:
> 5 44896390: Socket Error # 0; (Neodome username ok) (Finished) [$0000220C]
> 0 44896390: KillNNTP entered for: Neodome username ok1 (Finished) [$0000220C]
>
> Stunnel log:
> 2024.01.07 03:57:01 LOG5[0]: Service [Neodome] accepted connection from 127.0.0.1:55555
> 2024.01.07 03:57:01 LOG5[0]: s_connect: connected 95.216.243.224:563
> 2024.01.07 03:57:01 LOG5[0]: Service [Neodome] connected remote server from 192.168.1.23:55555
> 2024.01.07 03:57:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
> 2024.01.07 03:57:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
> 2024.01.07 03:57:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed
> 2024.01.07 03:57:01 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
>
> The two main questions are what is a "KillNNTP" in Dialog and

Network connection socket is unregistered in the OS active connection table.

> does that error look like the certificate is bad for Neodome?

Yes.

> Is there a way to test the certificate for Neodome?

Yes, for instance with OpenSSL (https://www.openssl.org):
openssl.exe s_client -connect news.neodome.net:563

=> "certificate has expired"

If you don't care about valid certificates for your encrypted connection
you may use this shorted sTunnel configuration. It should still work.

[Neodome]
client = yes
accept = localhost:55555
connect = news.neodome.net:563

HTH.
Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<ng3o9ylbddtr$.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1762&group=news.software.readers#1762

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!news.chmurka.net!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 04:33:31 -0600
Organization: Usenet Elder
Lines: 51
Sender: V@nguard.LH
Message-ID: <ng3o9ylbddtr$.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net dbctLI3X/QoMZlKC3HkjEA3SS9FZcT8D76hRuO43QwzUZqWtwM
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:IzPkrfAlw75GaCBoNxzYMRW+3Kk= sha256:+SDws5pQ6u3T35pg/wsACgTi0Z0FA8X/UAQ4LmjPRPA=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 10:33 UTC

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

> On Sun, 7th Jan 2024 04:11:40 -0500, Ronald wrote:
>
>> Dialog log:
>> 5 44896390: Socket Error # 0; (Neodome username ok) (Finished) [$0000220C]
>> 0 44896390: KillNNTP entered for: Neodome username ok1 (Finished) [$0000220C]
>>
>> Stunnel log:
>> 2024.01.07 03:57:01 LOG5[0]: Service [Neodome] accepted connection from 127.0.0.1:55555
>> 2024.01.07 03:57:01 LOG5[0]: s_connect: connected 95.216.243.224:563
>> 2024.01.07 03:57:01 LOG5[0]: Service [Neodome] connected remote server from 192.168.1.23:55555
>> 2024.01.07 03:57:01 LOG4[0]: CERT: Pre-verification error: self-signed certificate
>> 2024.01.07 03:57:01 LOG4[0]: Rejected by CERT at depth=0: O=Neodome, CN=neodome.net, emailAddress=admin@neodome.net
>> 2024.01.07 03:57:01 LOG3[0]: SSL_connect: ssl/statem/statem_clnt.c:1889: error:0A000086:SSL routines::certificate verify failed
>> 2024.01.07 03:57:01 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
>>
>> The two main questions are what is a "KillNNTP" in Dialog and
>
> Network connection socket is unregistered in the OS active connection table.
>
>> does that error look like the certificate is bad for Neodome?
>
> Yes.
>
>> Is there a way to test the certificate for Neodome?
>
> Yes, for instance with OpenSSL (https://www.openssl.org):
> openssl.exe s_client -connect news.neodome.net:563
>
> => "certificate has expired"
>
> If you don't care about valid certificates for your encrypted connection
> you may use this shorted sTunnel configuration. It should still work.
>
> [Neodome]
> client = yes
> accept = localhost:55555
> connect = news.neodome.net:563
>
> HTH.
> Bernd

Is a login even required for news.neodome.net?

http://web.archive.org/web/20210618113621/http://neodome.net/

That's the latest archived copy of their web site. Looks like
www.neodome.net disappeared, but their NNTP server still functions. If
a login is not required, why bother with NNTPS at all? Just use the
NNTP connect on port 119, and eliminate using sTunnel.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1763&group=news.software.readers#1763

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 11:56:41 +0100
Message-ID: <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="192960"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (ec4c95f5.169.360)
Cancel-Lock: sha1:90hNJegAzRTsWxsNaY4LWO7JSAM=
X-User-ID: eJwNyEcBwEAIADBL7CGHY/iX0OYZZUNrF1MTPT3KF39RoCtOVpFWtY5Y4F7IGC8tbgY9CfbHcDm44PIaghv4rhF0FrrRPq3RGYg=
 by: Bernd Rose - Sun, 7 Jan 2024 10:56 UTC

On Sun, 7th Jan 2024 04:33:31 -0600, VanguardLH wrote:

> Is a login even required for news.neodome.net?

AFAICT, for posting: yes, for reading: no.

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<18gy9f6axliam$.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1764&group=news.software.readers#1764

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 05:08:19 -0600
Organization: Usenet Elder
Lines: 75
Sender: V@nguard.LH
Message-ID: <18gy9f6axliam$.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <v1akekkmcrn9.dlg@v.nguard.lh> <undrv0$trmf$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net xIjqh/66VY2QmSTRAAL0uANO/B3l+zLxKHf5LCc3nWUdkgSwNy
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:FnTneukB1dfor1F7QHgQLNRIzdo= sha256:VM/zTFH2BrooJoRaadUZmWbDWY+wE8lStlicV6TBhI4=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 11:08 UTC

Ronald <ronald@nospam.me> wrote:

> VanguardLH wrote:
>
>> Are you using sTunnel, a VPN, or other local proxy with Dialog?
>
> I'm using VPN plus Stunnel with Dialog on Windows.
> Just like everyone else does (as Dialog needs Stunned for port 563).

I don't. I added news.neodome.net using SSL on port 563. I was able to
retrieve a groups list from Neodome, so the connection worked. Also was
able to download articles from alt.computer. I'm not using sTunnel, or
anything else to get SSL connects on port 563 to work in Dialog. I just
enabled the SSL checkbox in the server config in Dialog.

40tude Dialog 2.0.15.41 (beta 38)

>
>> I thought Neodome died, so there'd be no NNTP server to which Dialog (or
>> your proxy) could connect.

I was wrong. Their web site disappeared (www.neodome.net). Last time
it was found per web.archive.org was Jun 18, 2021:

http://web.archive.org/web/20210618113621/http://neodome.net/

I can still do "telnet news.neodome.net 119" to get a connect.

> The odd thing to me is it's supposedly a self-signed certificate.
> I don't really know what that means, but how can it expire then?

Anything you post to Usenet remains public. The only reason to use SSL
is to secure your login credentials. When I created a Neodome account
in Dialog (and clicked the SSL checkbox and specified port 563), I did
not need nor have any login credentials. Looks like Neodome is an
*un*registered Usenet provider (free, no login needed). Since login is
not required, why bother with an encrypted connection?

Why not use port 119 without SSL? I don't see a reason to use an
encrypted connection of a server that stores publicly accessible info.

> echo q | openssl s_client -connect news.neodome.net:563 | openssl x509 -noout -enddate | findstr "notAfter"
>
> It reported this result:
> depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
> verify error:num=10:certificate has expired
> notAfter=Dec 31 21:59:46 2020 GMT
> verify return:1
> depth=0 O = Neodome, CN = neodome.net, emailAddress = admin@neodome.net
> notAfter=Dec 31 21:59:46 2020 GMT
> verify return:1
> notAfter=Dec 31 21:59:46 2020 GMT

I'm no cert guru, either. From the above, the cert is for neodome.net,
and may not be a multi-host cert (I thought a wildcard was used to
denote any host at the domain).

You are connecting to news.neodome.net, not to neodome.net. Their cert
is flawed. It is a self-signed cert; that is, they created it instead
of using a CA (Certificate Authority). My guess is they need to
regenerate their self-signed cert to identify CN = news.neodome.net
which is the host to which you are connecting. They probably instead
get a free site cert from LetsEncrypt.

A self-signed cert does not need to be time ranged, so it won't expire.
However, notice their cert does have an expiration:

notAfter=Dec 31 21:59:46 2020 GMT

Maybe that gets ignored for self-signed certs.

So, it is an expired self-signed certificate

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<une1gv$2f589$1@i2pn2.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1765&group=news.software.readers#1765

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!.POSTED!not-for-mail
From: thi...@is.invalid (david)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 04:22:08 -0700
Organization: i2pn2 (i2pn.org)
Message-ID: <une1gv$2f589$1@i2pn2.org>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 11:22:08 -0000 (UTC)
Injection-Info: i2pn2.org;
logging-data="2594057"; mail-complaints-to="usenet@i2pn2.org";
posting-account="CaHBDtkhV1D5Bt+NHXWn2/AL80wOBYc5Yj9RDiDOZCs";
User-Agent: Unison/2.1.10
X-Spam-Checker-Version: SpamAssassin 4.0.0
 by: david - Sun, 7 Jan 2024 11:22 UTC

Using <news:1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>, Bernd Rose
wrote:

>> Is a login even required for news.neodome.net?
>
> AFAICT, for posting: yes, for reading: no.

A lot of news servers are that way (for example, news.dizum.net:119).
But you need an account and port 563 to post to them most of the time.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<une2f9$u6e8$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1766&group=news.software.readers#1766

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 06:38:18 -0500
Organization: To protect and to server
Message-ID: <une2f9$u6e8$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 11:38:18 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="989640"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:+Wxg87cM2PJqDsCj16MuS1xNx36+ePlsNNtkWCIFhOQ=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 11:38 UTC

On Sun, 7 Jan 2024 11:07:58 +0100, Bernd Rose wrote:

> If you don't care about valid certificates for your encrypted connection
> you may use this shorted sTunnel configuration. It should still work.

Thank you for that advice. I don't understand why I even need encryption
since (as Vanguard said) the end result is being posted to the public.

I think it's supposed to protect my login credentials but isn't that what
the VPN is for? I'm always on NordVPN all the time anyway.

> [Neodome]
> client = yes
> accept = localhost:55555
> connect = news.neodome.net:563

Oh my gosh. That actually worked! How did you know how to do that trick?

Stunnel log
2024.01.07 06:28:31 LOG5[1]: Service [Neodome] accepted connection from 127.0.0.1:43503
2024.01.07 06:28:32 LOG5[1]: s_connect: connected 95.216.243.224:563
2024.01.07 06:28:32 LOG5[1]: Service [Neodome] connected remote server from 10.211.1.153:43504
2024.01.07 06:28:51 LOG5[1]: Connection closed: 344 byte(s) sent to TLS, 320 byte(s) sent to socket
Dialog log
3 53998687: Posting message to NNTP server [$00000634]
1 54004625: Reindexing (Order: 3, no filtering) of group 2 with 8910 articles took 47 ms
3 54004562: Posting sent successfully: Article received <###########@neodome.net>; (Finished) [$00000634]

Can you give me a clue as to what that Stunnel log did?
Somehow it still posted WITHOUT needing the certificate to be valid.

Will that method work with all encrypted news servers?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1767&group=news.software.readers#1767

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 14:06:23 +0100
Message-ID: <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="197594"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (a1ec5256.173.364)
Cancel-Lock: sha1:1FQjQEzQiSBIsJhJ2Bm4NEeFMmU=
X-User-ID: eJwFwYEBwCAIA7CXwNIyz1GQ/09YQshVGaKCw2mCKsItTefIC0XjWZa+O9ewX1pHHXyrQtkFj6dInz19r3whZqasHHg/pGEZew==
 by: Bernd Rose - Sun, 7 Jan 2024 13:06 UTC

On Sun, 7th Jan 2024 06:38:18 -0500, Ronald wrote:

> I don't understand why I even need encryption
> since (as Vanguard said) the end result is being posted to the public.
>
> I think it's supposed to protect my login credentials

Yes, mostly for this. And for any MitM not knowing, which articles you are
/reading/ and other such information.

> but isn't that what the VPN is for? I'm always on NordVPN all the time anyway.

No. I don't know, how you configured usage of NordVPN. But either, the NNTP
traffic isn't routed via NordVPN, at all. (If port 563 isn't attached to the
VPN.) Or your login credentials are unprotected, whenever they leave NordVPN
server on their route to the Neodome server. Using a VPN service is _not_ a
replacement for using transport encryption!

>> [Neodome]
>> client = yes
>> accept = localhost:55555
>> connect = news.neodome.net:563
>
> Oh my gosh. That actually worked! How did you know how to do that trick?

That's not a trick. I just removed any lines ensuring, that only connections
to correctly certified servers are permitted.

> Stunnel log
> 2024.01.07 06:28:31 LOG5[1]: Service [Neodome] accepted connection from 127.0.0.1:43503
> 2024.01.07 06:28:32 LOG5[1]: s_connect: connected 95.216.243.224:563
> 2024.01.07 06:28:32 LOG5[1]: Service [Neodome] connected remote server from 10.211.1.153:43504
> 2024.01.07 06:28:51 LOG5[1]: Connection closed: 344 byte(s) sent to TLS, 320 byte(s) sent to socket
>
> Dialog log
> 3 53998687: Posting message to NNTP server [$00000634]
> 1 54004625: Reindexing (Order: 3, no filtering) of group 2 with 8910 articles took 47 ms
> 3 54004562: Posting sent successfully: Article received <###########@neodome.net>; (Finished) [$00000634]
>
> Can you give me a clue as to what that Stunnel log did?
> Somehow it still posted WITHOUT needing the certificate to be valid.

Encryption doesn't need a certificate to be valid. This way, you just can't
be sure, that the target server really /is/ the one you are trying to
connect to. It might be an unfriendly server /impersonating/ the other one.

> Will that method work with all encrypted news servers?

As long as a server does have a valid certificate, you should /not/ lower
the security bars. If problems occur, first contact the provider to have
them fix their end. Only, if this isn't an option, consider lowering the
security requirements. Be sure, that you are able to live with possible
consequences, though.

With Neodome, their NNTP server seems to be nearly abandoned. Therefore,
contacting the admins will probably not lead to a fixed certificate. The
consequences may be lost login credentials and other users posting fake
messages impersonating you. - Your decision. (Maybe, better look for
another Usenet provider...)

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<une9ka$uj1c$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1768&group=news.software.readers#1768

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 08:40:27 -0500
Organization: To protect and to server
Message-ID: <une9ka$uj1c$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 13:40:27 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1002540"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:DAJRF71/hPHxw9VSS8nrEoHwdYlkLeJbO33l/Dr1k1M=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 13:40 UTC

On Sun, 7 Jan 2024 14:06:23 +0100, Bernd Rose wrote:

> With Neodome, their NNTP server seems to be nearly abandoned. Therefore,
> contacting the admins will probably not lead to a fixed certificate.

I had sent an email more than a week before asking the question here.

>> Can you give me a clue as to what that Stunnel log did?
>> Somehow it still posted WITHOUT needing the certificate to be valid.
>
> Encryption doesn't need a certificate to be valid. This way, you just can't
> be sure, that the target server really /is/ the one you are trying to
> connect to. It might be an unfriendly server /impersonating/ the other one.

Does that mean I could have omitted stunnel altogether and just used the
40tude dialog user setup with "Host = news.neodome.net" & "Port = 563"?

If I test that out, does it matter if the SSL box is checked or not?
(I never understood what the difference was with or with that SSL checked.)

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<uneagl$uk7s$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1769&group=news.software.readers#1769

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 08:55:34 -0500
Organization: To protect and to server
Message-ID: <uneagl$uk7s$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 13:55:34 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1003772"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:HiIt7loZsKzjcB9PK9k/X39PyUG3ouZEDJFkVM5W+HA=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 13:55 UTC

On Sun, 7 Jan 2024 08:40:27 -0500, Ronald wrote:

> Does that mean I could have omitted stunnel altogether and just used the
> 40tude dialog user setup with "Host = news.neodome.net" & "Port = 563"?
>
> If I test that out, does it matter if the SSL box is checked or not?
> (I never understood what the difference was with or with that SSL checked.)

I tested posting to Neodome using Dialog without Stunnel.

This failed.
Host: news.neodome.net
Port: 563
SSL: unchecked
Username: abcdefg
Password: xxxxxxx
Allwd. conn.: 2
Use pipelining (unchecked)

This worked.
Host: news.neodome.net
Port: 563
SSL: checked
Username: abcdefg
Password: xxxxxxx
Allwd. conn.: 2
Use pipelining (unchecked)

So Vanguard was correct that Stunnel wasn't needed to post.
But it did not work without checking the Dialog "SSL" checkbox.

What did that Dialog "SSL" checkbox do to make it work?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1aoeg6pf0gpop.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1770&group=news.software.readers#1770

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 15:19:58 +0100
Message-ID: <1aoeg6pf0gpop.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="200089"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (429a0667.27.474)
Cancel-Lock: sha1:XdE7Nmv8T3+NeMy0xnHOYr13T7U=
X-User-ID: eJwFwQkBwDAIA0BLLYEAcjoe/xJ2Z+BludKotrYTiFungZtC+EsyT3vlERWJdszoads70PyAbX+6cKq8jEqGfz1B6suKH4+VGM8=
 by: Bernd Rose - Sun, 7 Jan 2024 14:19 UTC

On Sun, 7th Jan 2024 08:40:27 -0500, Ronald wrote:

>> Encryption doesn't need a certificate to be valid. This way, you just can't
>> be sure, that the target server really /is/ the one you are trying to
>> connect to. It might be an unfriendly server /impersonating/ the other one.
>
> Does that mean I could have omitted stunnel altogether and just used the
> 40tude dialog user setup with "Host = news.neodome.net" & "Port = 563"?

Maybe and no. Dialog.exe was compiled 2005 and uses (at best) encryption
methods that have been developed until then. (It is a bit more complicated,
because it may profit from /some/ updates to OS encryption functions. But
in the whole, Dialog encryption is stuck in 2005.)

If the NNTP server still supports at least one of these old encryption
methods, then connecting directly to the server on port 563 from Dialog
(with SSL ticked /on/) would work. (Neodome seems to.) Quite a few NNTP
servers disabled all these old (and insecure) encryption methods, though.
With them, direct encrypted connection from Dialog will /not/ work.

Using sTunnel in any case will not only ensure, that encrypted connection
to a server will succeed with contemporary encryption methods. It will also
prevent usage of outdated (insecure) methods. Therefore, even /if/ a server
still permits encrypted connection directly from Dialog, it is better to
use the workaround via sTunnel.
> If I test that out, does it matter if the SSL box is checked or not?
> (I never understood what the difference was with or with that SSL checked.)

The SSL box indicates, whether encryption should be used when sending
information to the target address (server and port) configured inside
Dialog. If you enter the external NNTP server name and its port, you need
to check with the provider, whether encryption is supported or not. Usually,
port 119 means "no encryption" (SSL box off) and port 563 means "encryption"
(SSL box on).

If you enter a local (sTunnel) address, you /could/ encrypt this local
connection, as well. You'd need to configure sTunnel for local encryption,
though, and you'd need to permit the usage of outdated encryption methods
for this, as well. This makes no sense, whatsoever. Therefore, any local
connection (your localhost:55555 for example) should be configured without
encryption (SSL box off). This has no influence on the encryption state
for the outgoing connection to the NNTP server, which /will/ be encrypted
by sTunnel, as long as you don't explicitly tell it to /not/ do it. (Which,
again, wouldn't make any sense...)

Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<879f4360c37366ed1912e3a3261b1150@dizum.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1771&group=news.software.readers#1771

 copy link   Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Injection-Info: neodome.net;
posting-account="mail2news";
key="OR//bMgFgaaC4+Ol92DnLJqeyurm1hNZwRceTTWbsiR0uIYbaoEcqIO8bKSKDJSJZdkDbZ
JlY85yB9A+KNPyUOXRZxVJHdIQ/ZtRAt+ux2xftFFt7MiKczEg0+xa2flfVnCYVbL8XQ7+tEvFc
WFmvj/rKn+iSJaZ+BoKIniKRU+OQPYsjWNCo5+LiuUaSq4ViF8ySTZTDy++DFRrdxoEG1K57wR1
xyUAs0bGDFu20wiqfVR8fn0bVv47RfVvrsTT9/ZlQmecNTlwoHad4v1X38e1IF3wG2jXSDf9mka
UuWPCCPMVIioFBnVLTHxlA8mfOl6bIytdMuVubJkmOL2J6g==";
data="U2FsdGVkX1/9EFXe74aOBdQ3zgncD5RWTYZOdy1VZL9vupfIvgCS5zO3KysCDb5V5YVBt
3GHohoz7pGc0tVZC76OiWTFxIRPBnYBBEffEUPGJl+kagajqvzpsQe/9LlbI0+iPSs7NAZHrxP/
5kweN16Eys56oFg6+HlqGrEGommULonwI1Mc0whmdhcWgsU8CKWO86c5H8fBKjv/qCo+KRp0MGJ
NQ2nF3VBOlxIZakPoVOhuSwL7SylXS1775FCgJ6n1LVDLJUaig6qe+jrF0LDQWEiQ2V9IM8+0c7
WuTLrC7NoLLtmnEkztMykC9AwYR+gYUAucPASTB6Awej/slMxCytgzBivpklbYranmCJ1lgs4qs
jAP+rD2e2YO/mbxF2gcXRPdVA6FUqusx2wjrGFYclZkt3FgO0qSDHigFtEllWoRuAP9/3fnQdOu
wmU8Ab0uBqxT9DHipUiEMZHy7OeduM8V6R8MFoLiLKTlpPxB2ea/lv1vrH/2lSCKj0zca/iQOPO
MrxubHhqmdm8V0PR5EX3p8uvgLCkj7rKQs+0hh5zNXh8HZL943u+GO7Q3faYZ1NvQBAXCokN1CX
T2scxYn/lACmqUB1dtlJ/XZHINVgKVG17qxT47AfNsmbkwqh8qqsolhk/+RdhCXcoDA0GSJ0tFP
fD9q4miaiHQDBU3b427R+5Rf/HvoAtbdZNoHhly8ZyqBWVO54XUSYwkILyrcJe/sKEwU8zIa5ty
kN5kygtbslHriwz/jngaQ7R67hOaWN6PmlHsR8Kg7q14bkqfHJ7PlDL/4Vpe8V1xBEc9gEsiVKL
rbKmm/lNFSOXcVkD04CkNe0eeQUElNmjst3gztr8VMzQaPS6a5cq9x9xzh1gzN7EH4ZOKnxSZz5
otOy6AED0sEupy6Jc7Acc9sYQn0svi/TksiGjbG/flID05g8lsjCeDagt/laiM/FMt+cSx7xtHh
8n0ohAzAvbBmF5jXSF05j35x6qKfQotgLO5YI4cgDTlSGLNw0ZLmdayhr/Rgl9L7lgb+ZOyx0NB
T3K56c2KDaD/DV3C8YCM7Ik7IpqnBCRj3sE22P5uMnWw2ZNVH03kBe9KVZbYSoI6LHuserF8TRr
3+fWuM3m4SUcNmwoJ7rTfJWdEOJyZhvJ3ivOIBhSA/JxpsDw668ZeJa49zJclD0vChxKY85RyCK
KBJM5yDiIAiANUhXJ8EnCAKptp2sC/5BjaYVk4ea45G0qGDnTQ1gULv4lq4M/qw3BLfKvxEA0v0
VQSszzHY3nG9BBQOWoxS37pt7ftwveVTZphWVPbQlic59ZciaZd86PkbI6vNV1pXm3wD4so6+wA
c7H5e0+0mhNCIx6ByYTN+hGHFMVQ3lLQ3ELaKkSkGYDhewMrz4ZTGWOq2ewpcLovVNkE+8Wc9ZP
HjoHKE7Pi/wQ9G8f4o+Ka0WzEMNIHDEvD/lLqSprjUAS38V8k8UPyFdOQMcKaQRBc60D8/F5/Z9
mwOXfrXrfkAMu9oxa4CCjFmYRVEV4YSgHkaFgQ74qA8xqFU3yLLdE4DGlOCFlzT9fqfvG5Gfkb/
gUaXMPoVjV7/0bwvlyct1edcqBLT5Y6WnGKlo2ZcqmNb6xC5vOJXQ==";
mail-complaints-to="abuse@neodome.net"
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse@dizum.com>.
Comments: This message was transferred to Usenet via mail2news gateway at
<mail2news@neodome.net>. Please send questions and concerns to
<admin@neodome.net>. Report inappropriate use to <abuse@neodome.net>.
Injection-Date: Sun, 7 Jan 2024 14:35:01 +0000 (UTC)
From: J...@M (D)
Message-ID: <879f4360c37366ed1912e3a3261b1150@dizum.com>
Date: Sun, 7 Jan 2024 15:34:50 +0100 (CET)
Content-Transfer-Encoding: 7bit
Newsgroups: news.software.readers
Sender: Nomen Nescio <nobody@dizum.com>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org>
Path: i2pn2.org!i2pn.org!news.nntp4.net!news.neodome.net!mail2news
 by: D - Sun, 7 Jan 2024 14:34 UTC

On Sun, 7 Jan 2024 04:22:08 -0700, david <this@is.invalid> wrote:
>Using <news:1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>, Bernd Rose
>wrote:
>
>>> Is a login even required for news.neodome.net?
>>
>> AFAICT, for posting: yes, for reading: no.
>
>A lot of news servers are that way (for example, news.dizum.net:119).
>But you need an account and port 563 to post to them most of the time.

using remailers for posting works most of the time ... no account needed

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<uneesr$urrt$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1772&group=news.software.readers#1772

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: ron...@nospam.me (Ronald)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 10:10:20 -0500
Organization: To protect and to server
Message-ID: <uneesr$urrt$1@paganini.bofh.team>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <1aoeg6pf0gpop.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 15:10:20 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1011581"; posting-host="R8jzoRbLjiM/r2rQyny/kg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:uVLBdnVhmTVeMyZNz8oayCXR4WYUeRaErcGJ5num1Z8=
X-Notice: Filtered by postfilter v. 0.9.3
 by: Ronald - Sun, 7 Jan 2024 15:10 UTC

On Sun, 7 Jan 2024 15:19:58 +0100, Bernd Rose wrote:

>> Does that mean I could have omitted stunnel altogether and just used the
>> 40tude dialog user setup with "Host = news.neodome.net" & "Port = 563"?
>
> Maybe and no. Dialog.exe was compiled 2005 and uses (at best) encryption
> methods that have been developed until then. (It is a bit more complicated,
> because it may profit from /some/ updates to OS encryption functions. But
> in the whole, Dialog encryption is stuck in 2005.)

I understand what you just said as I too had believed Dialog needed to have
Stunnel added in order to do the encryption part.

Dialog does allow me to set news.neodome.net:563 with SSL. And that works.
Even though the certificate (we think) has expired.

Does SSL NOT check certificates to see if they've expired?

> If the NNTP server still supports at least one of these old encryption
> methods, then connecting directly to the server on port 563 from Dialog
> (with SSL ticked /on/) would work. (Neodome seems to.) Quite a few NNTP
> servers disabled all these old (and insecure) encryption methods, though.
> With them, direct encrypted connection from Dialog will /not/ work.

I guess that's what's happening since Neodome on port 563 with SSL works.
But not without SSL (at least in the one set of tests that I ran today).

> Using sTunnel in any case will not only ensure, that encrypted connection
> to a server will succeed with contemporary encryption methods. It will also
> prevent usage of outdated (insecure) methods. Therefore, even /if/ a server
> still permits encrypted connection directly from Dialog, it is better to
> use the workaround via sTunnel.

I agree. I am using Stunnel for other encrypted news servers.

It's just that when you helped me debug the Neodome connection, it turns
out that the Neodome self-signed certificates have apparently expired.


>> If I test that out, does it matter if the SSL box is checked or not?
>> (I never understood what the difference was with or with that SSL checked.)
>
> The SSL box indicates, whether encryption should be used when sending
> information to the target address (server and port) configured inside
> Dialog. If you enter the external NNTP server name and its port, you need
> to check with the provider, whether encryption is supported or not. Usually,
> port 119 means "no encryption" (SSL box off) and port 563 means "encryption"
> (SSL box on).
>
> If you enter a local (sTunnel) address, you /could/ encrypt this local
> connection, as well. You'd need to configure sTunnel for local encryption,
> though, and you'd need to permit the usage of outdated encryption methods
> for this, as well. This makes no sense, whatsoever. Therefore, any local
> connection (your localhost:55555 for example) should be configured without
> encryption (SSL box off). This has no influence on the encryption state
> for the outgoing connection to the NNTP server, which /will/ be encrypted
> by sTunnel, as long as you don't explicitly tell it to /not/ do it. (Which,
> again, wouldn't make any sense...)

I think I see what you're saying SSL does. It's a LOCAL encryption.

So if I checked the Dialog SSL box AND if I used Stunnel, it would be twice
encrypted, is that what I'm hearing you say will be happening?

If the Dialog SSL checkbox is "local encryption", what's Stunnel doing?
Is it doing encryption not locally?

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<unef61$2fqac$1@i2pn2.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1773&group=news.software.readers#1773

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!.POSTED!not-for-mail
From: thi...@is.invalid (david)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 08:15:14 -0700
Organization: i2pn2 (i2pn.org)
Message-ID: <unef61$2fqac$1@i2pn2.org>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <une1gv$2f589$1@i2pn2.org> <879f4360c37366ed1912e3a3261b1150@dizum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 7 Jan 2024 15:15:14 -0000 (UTC)
Injection-Info: i2pn2.org;
logging-data="2615628"; mail-complaints-to="usenet@i2pn2.org";
posting-account="CaHBDtkhV1D5Bt+NHXWn2/AL80wOBYc5Yj9RDiDOZCs";
User-Agent: Unison/2.1.10
X-Spam-Checker-Version: SpamAssassin 4.0.0
 by: david - Sun, 7 Jan 2024 15:15 UTC

Using <news:879f4360c37366ed1912e3a3261b1150@dizum.com>, D wrote:

>>A lot of news servers are that way (for example, news.dizum.net:119).
>>But you need an account and port 563 to post to them most of the time.
>
> using remailers for posting works most of the time ... no account needed

I don't get it.
Every time I mention dizum or mixmin someone mentions remailers.

Yet you can READ from both of them using your news reader alone.
No email is ever involved.

It used to be you could POST to both of them also, before the spammers
drove them nuts and their news admins had to turn off posting.

But even then, you could POST to both of them using Dialog & Stunnel.
Email is NEVER involved.

So why do people always bring up "remailers" when I mention mixmin/dizum?
Call me confused.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<7up0tqsi60su.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1774&group=news.software.readers#1774

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 16:56:18 +0100
Message-ID: <7up0tqsi60su.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <1aoeg6pf0gpop.dlg@b.rose.tmpbox.news.arcor.de> <uneesr$urrt$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="203524"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (d4fe10d9.135.326)
Cancel-Lock: sha1:h0N5sLAfCBj6zkq5vWltKal6Nb8=
X-User-ID: eJwFwYcBgDAMA7CXwM5ozyHD/5+A5Iw3Oi08zOWae+m6WhLF2ULJcinUF7OfhT25yEH5cOftGvQptT+hY0pdVqQD4Pb5AQn9GvI=
 by: Bernd Rose - Sun, 7 Jan 2024 15:56 UTC

On Sun, 7th Jan 2024 10:10:20 -0500, Ronald wrote:

> Dialog does allow me to set news.neodome.net:563 with SSL. And that works.
> Even though the certificate (we think) has expired.

That's not the point. It works, because Dialog doesn't check for expiration
of any server certificate *and* because Neodome still supports outdated and
insecure encryption methods.
> Does SSL NOT check certificates to see if they've expired?

The "SSL" check box is just a name for a setting indicating, that Dialog
should use a connection handshake for an encrypted transmission. In the
background several major encryption methods (SSLv2..SSLv3, TLSv1) with
a multitude of handshake methods, cipher suites, and so on can be chosen.
It is up to the handshake between the NNTP server and your client, which
encryption method is used in the end.

Certificate checking is mostly part of the handshake process and shall
ensure, that connection is established to the correct server and not to
an imposter. Dialog does /some/ checking, but offers more leeway than
most current certificate checking implementations.

There's another risk, btw.: Sometimes current certificate checks fail with
Dialog, because it doesn't have a large enough buffer space reserved for
the certificate data. Very large certificates do not fit, which leads to
wrong checksums and missing certificate data. Connection to servers with
such large certificates will fail, even when they still support some old
encryption methods.
>> The SSL box indicates, whether encryption should be used when sending
>> information to the target address (server and port) configured inside
>> Dialog. If you enter the external NNTP server name and its port, you need
>> to check with the provider, whether encryption is supported or not. Usually,
>> port 119 means "no encryption" (SSL box off) and port 563 means "encryption"
>> (SSL box on).
>>
>> If you enter a local (sTunnel) address, you /could/ encrypt this local
>> connection, as well. You'd need to configure sTunnel for local encryption,
>> though, and you'd need to permit the usage of outdated encryption methods
>> for this, as well. This makes no sense, whatsoever. Therefore, any local
>> connection (your localhost:55555 for example) should be configured without
>> encryption (SSL box off). This has no influence on the encryption state
>> for the outgoing connection to the NNTP server, which /will/ be encrypted
>> by sTunnel, as long as you don't explicitly tell it to /not/ do it. (Which,
>> again, wouldn't make any sense...)
>
> I think I see what you're saying SSL does. It's a LOCAL encryption.

That's not what I wrote. It is a setting, whether encryption should be used
when connecting to the target address shown in the entry fields beside it.
If this is a local IP-address:port combination (e. g. localhost:55555), than
it sets/unsets local encryption. If, OTOH, it is an external IP-address:port
combination (e. g. news.neodome.net:563), than it sets/unset an outgoing
encryption.
> So if I checked the Dialog SSL box AND if I used Stunnel, it would be twice
> encrypted, is that what I'm hearing you say will be happening?

No. If you set SSL in Dialog, then the data would be encrypted in Dialog,
sent encrypted to sTunnel, would be decrypted by sTunnel and afterwards
newly encrypted (most likely with another method) by sTunnel. Then sent
encrypted to the NNTP server, which again needs to decrypt it.

Encryption between Dialog and sTunnel is - of course - superfluous: With
access to your PC the unencrypted data is found on either end of the
connection (Dialog and sTunnel). Nobody will hack into the /transmission/
between Dialog and sTunnel to get to the data...
Bernd

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<13wzj2991cacs$.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1775&group=news.software.readers#1775

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 10:09:11 -0600
Organization: Usenet Elder
Lines: 23
Sender: V@nguard.LH
Message-ID: <13wzj2991cacs$.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net wyWR73EPeJunCUzp8l585QmZY2CHoAt1r1EVySjkfFWALeT/0v
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:W9Ebz0ck2p5eICDNJQa1qCtfDSY= sha256:wG5dqQ3ae+0Rmoems28qbDntVHDRH+KhA06EeLvm5DY=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 16:09 UTC

Bernd Rose <b.rose.tmpbox@arcor.de> wrote:

> VanguardLH wrote:
>
>> Is a login even required for news.neodome.net?
>
> AFAICT, for posting: yes, for reading: no.

Would think it was the other way around: no login needed for reading,
login perhaps required for posting.

Their archived web page says:
- 3 of their servers are read only for non-neodome.* newsgroups, and
require login (user=test, pass=test) to post only to their neodome.*
newsgroups.
- 2 of those look to be for onion/Tor connects.
- The 4th server (top of their list) doesn't mention any restriction on
reading or posting for any newsgroup, and no mention of login.

Their web site disappeared a couple years ago, so I have no idea if
their conditions on use have changed since then, but no way to check
since they don't have a web site anymore. Maybe they put announcements
in their own neodome.* newsgroups.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1oeuwghky110e.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1776&group=news.software.readers#1776

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 10:16:29 -0600
Organization: Usenet Elder
Lines: 40
Sender: V@nguard.LH
Message-ID: <1oeuwghky110e.dlg@v.nguard.lh>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <une2f9$u6e8$1@paganini.bofh.team> <bhfzdp41wd3j$.dlg@b.rose.tmpbox.news.arcor.de> <une9ka$uj1c$1@paganini.bofh.team> <uneagl$uk7s$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net XQlI1L9MaejxC4Eu0UoLVQ0RymXMQ0StcoviQH+gwBgzC6Os/g
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:ghRQkZjIJrBrNhb73mq1mYVRuTo= sha256:n4ymB5jh8LOACNxaWGBqYM5SoewByue1J/6/f/skP7s=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Sun, 7 Jan 2024 16:16 UTC

Ronald <ronald@nospam.me> wrote:

> On Sun, 7 Jan 2024 08:40:27 -0500, Ronald wrote:
>
>> Does that mean I could have omitted stunnel altogether and just used the
>> 40tude dialog user setup with "Host = news.neodome.net" & "Port = 563"?
>>
>> If I test that out, does it matter if the SSL box is checked or not?
>> (I never understood what the difference was with or with that SSL checked.)
>
> I tested posting to Neodome using Dialog without Stunnel.
>
> This failed.
> Host: news.neodome.net
> Port: 563
> SSL: unchecked
> Username: abcdefg
> Password: xxxxxxx
> Allwd. conn.: 2
> Use pipelining (unchecked)
>
> This worked.
> Host: news.neodome.net
> Port: 563
> SSL: checked
> Username: abcdefg
> Password: xxxxxxx
> Allwd. conn.: 2
> Use pipelining (unchecked)
>
> So Vanguard was correct that Stunnel wasn't needed to post.
> But it did not work without checking the Dialog "SSL" checkbox.
>
> What did that Dialog "SSL" checkbox do to make it work?

I figured sTunnel was superflous since Dialong can use SSL to make
connections. The point of sTunnel is to use it with programs that don't
support secured connnections, like really old NNTP, email, or other
clients too old to have added SSL, or they are only supporting SSL3
which got deprecated, or encryption algorithms that got dropped.

Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)

<1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=1777&group=news.software.readers#1777

 copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: b.rose.t...@arcor.de (Bernd Rose)
Newsgroups: news.software.readers
Subject: Re: (Dialog) How do I debug a 40tude "socket error" (what's a socket error?)
Date: Sun, 7 Jan 2024 17:25:42 +0100
Message-ID: <1qbx3cveahlxr$.dlg@b.rose.tmpbox.news.arcor.de>
References: <und7gj$srbd$1@paganini.bofh.team> <und84c$ssl1$1@paganini.bofh.team> <302brvey53rn$.dlg@b.rose.tmpbox.news.arcor.de> <undopl$tmdk$1@paganini.bofh.team> <undpsb$tok8$1@paganini.bofh.team> <6ucf31mc6a5g$.dlg@b.rose.tmpbox.news.arcor.de> <ng3o9ylbddtr$.dlg@v.nguard.lh> <1kgyqw4a9o4nj.dlg@b.rose.tmpbox.news.arcor.de> <13wzj2991cacs$.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Info: solani.org;
logging-data="204606"; mail-complaints-to="abuse@news.solani.org"
User-Agent: 40tude_Dialog/2.0.15.41 (9b6cd798.68.389)
Cancel-Lock: sha1:gMpWB3JzFResBqiRspqsFb6So1k=
X-User-ID: eJwFwQkBwDAIA0BLDU8ocqAD/xJ250rwhdFpvr6JwkVH4yMLa2QG9OTK08he5MRRVI3f3PYtg82MvEvT2ztH5JNyC5Pv/bPEGZU=
 by: Bernd Rose - Sun, 7 Jan 2024 16:25 UTC

On Sun, 7th Jan 2024 10:09:11 -0600, VanguardLH wrote:

> Bernd Rose <b.rose.tmpbox@arcor.de> wrote:
>
>> VanguardLH wrote:
>>
>>> Is a login even required for news.neodome.net?
>>
>> AFAICT, for posting: yes, for reading: no.
>
> Would think it was the other way around: no login needed for reading,
> login perhaps required for posting.

That's what I wrote. ;-)

Bernd

Pages:12
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor