(First, for you git freaks, Petr Kovar just made some welcome changes to "configure.in", but don't forget to re-run "autogen.sh" followed by running the newly generated "configure" script before recompiling pan, or you won't see his latest changes. Thanks Petr :)
I'm still having some very confusing problems from upgrading gnutls-2 to gnutls-3 and I'm wondering if anyone else can reproduce them. Heinrich never intended pan to use gnutls-2, but I've been using it ever since he added the gnutls support many moons ago and it's been working perfectly -- until I upgraded to gnutls-3. (The version he used from the beginning.) I have two for-pay nntp accounts (both dirt cheap, of course ;) but pan will accept only one of those servers when using nntps on port 563 *and* gnutls-3.x.x. (Both accounts work correctly when I use gnutls-2.x.x.) The one that works "correctly" with gnutls-3 is news.us.usenet-news.net (seems to be a readnews.com reseller). The server that works correctly (no quote marks) with gnutls-2 but fails with gnutls-3 is news.budgetnews.net (the server cert is issued to hitnews.eu, and gnutls-2 issues a warning about the mismatched names, but pan accepts the cert anyway, as it should). Pan's gnutls-3 behavior with the broken server is really quite bizarre IMO, and I'm having trouble debugging the problem. Just for starters, pan makes multiple nntps connections to the broken server but won't actually use any of them, and keeps making new nntps connections every 10-15 seconds or so as a result (netstat shows them as open sockets connected to port 563 of the news server). Second bizarre behavior is the way pan saves the cert for the "working" server: pan stores a cert file containing exactly 6 bytes, like this: # hexdump -C news.us.usenet-news.net.pem 00000000 e8 ea b9 28 a1 7f |...(..| 00000006 In spite of this bizarre cert, pan makes a working nntps connection to that server every time and doesn't complain about anything. Third bizarre behavior of pan+gnutls-3 is that the "broken" server is not *always* broken, but works intermittently, sometimes for days at a time, and then breaks again for reasons I can't understand. I just started pan again at 17:30 PST and it connected perfectly to the 'broken' server and stored its 6-byte cert file right beside the 'working' server's 6-byte cert file, like this: #hexdump -C news.budgetnews.net.pem 00000000 78 aa 0b f9 f7 7f |x.....| 00000006 Did the start of a new day in UTC time make the critical difference? I need new eyeballs to look at this problem and give me new ideas, because I'm completely stumped :( _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
