Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls config needs ServerName #22

Open
larryy opened this issue Mar 9, 2018 · 0 comments
Open

tls config needs ServerName #22

larryy opened this issue Mar 9, 2018 · 0 comments

Comments

@larryy
Copy link

larryy commented Mar 9, 2018

Trying to post to a server that uses SSL, I set up my config like so:

[server "us.bintube.com"]
Address=us.bintube.com
Port=563

... (personal and unrelated info omitted) ...

; Encryption - 'on', 'off', whatever.
TLS=on

; Ignore SSL errors like self-signed certificates. This is a pretty bad idea.
InsecureSSL=off

When I tried to post, I got this error message:

CRITICAL [us.bintube.com] Error while connecting: tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config

Agreeing with your observation that ignoring SSL errors was "a pretty bad idea", I tried to fix the problem without doing that. I changed simplenntp/simplenntp.go, line 73 from this:

tlsConn := tls.Client(conn, &tls.Config{InsecureSkipVerify: insecureSSL})

to this:

tlsConn := tls.Client(conn, &tls.Config{InsecureSkipVerify: insecureSSL, ServerName: address})

and it fixed the problem. I don't see how this can hurt, and it seems likely to always be necessary when using SSL, but I know next to nothing about nntp, SSL, or go, so I'm just letting you know my experience and my workaround. If this is a good, general fix, hopefully you'll release it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@larryy