Message-ID:

You plan things that you do not even attempt because of your extreme caution.

comp / comp.unix.programmer / big thanks to

Subject: big thanks to
From: Wolfgang Agnes
Newsgroups: comp.unix.programmer, comp.misc, comp.unix.bsd.freebsd.misc
Followup: comp.unix.bsd.freebsd.misc
Organization: A noiseless patient Spider
Date: Fri, 8 Nov 2024 14:18 UTC

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: wagnes@jemoni.to (Wolfgang Agnes)
Newsgroups: comp.unix.programmer,comp.misc,comp.unix.bsd.freebsd.misc
Subject: big thanks to
Followup-To: comp.unix.bsd.freebsd.misc
Date: Fri, 08 Nov 2024 11:18:52 -0300
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <87a5e93j1v.fsf@jemoni.to>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 08 Nov 2024 15:18:53 +0100 (CET)
Injection-Info: dont-email.me; posting-host="0ce90ff5ab76d8fd78c052ae41c9ffd2";
logging-data="3399516"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19i1etQw4FKNX8/oo7tm9CdbkIFhCHx2W0="
Cancel-Lock: sha1:1OqiJy3ghTr4XklLCSw93oCLhtk=
sha1:XZGK8D6QpxfhpuROUFAFtIkK8FI=

View all headers

I wanted to send a

BIG THANKS

Jan Mojžíš

for having written

https://github.com/janmojzis/tlswrapper

which is a TLS wrapper written in the UNIX way. I've been looking for a
program like that for a little while to be able to continue to use
Daniel J. Bernstein's tcpserver (wrapped in TLS).

And another thank-you for the fact that tlswrapper can read a single
file including the full chain of certificates and the private key of the
server.

(*) FreeBSD

I could not find a precompiled package of tlswrapper in FreeBSD's pkg
collection. Perhaps I should make that contribution.

(*) The ucspi-ssl package

There's sslserver from the ucspi-ssl package at

https://www.fehcom.de/ipnet/ucspi-ssl.html

but it hasn't been easy to compile it.

(*) inetd and xinetd

I did look at the current state of affairs of inetd and xinetd and it
looks like they ignore TLS completely. Perhaps they shouldn't?

Subject: Re: big thanks to
From: Lawrence D'Oliv
Newsgroups: comp.unix.programmer, comp.misc, comp.unix.bsd.freebsd.misc
Organization: A noiseless patient Spider
Date: Fri, 8 Nov 2024 21:16 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.unix.programmer,comp.misc,comp.unix.bsd.freebsd.misc
Subject: Re: big thanks to
Date: Fri, 8 Nov 2024 21:16:42 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 9
Message-ID: <vglv3q$3bsio$4@dont-email.me>
References: <87a5e93j1v.fsf@jemoni.to>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 08 Nov 2024 22:16:43 +0100 (CET)
Injection-Info: dont-email.me; posting-host="8804b559eebfef5f2e93c08a58445e57";
logging-data="3535448"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/YOrFQnn15v6UNvOzfz4cP"
User-Agent: Pan/0.160 (Toresk; )
Cancel-Lock: sha1:NbBcXq7GTPRoIXlYbGiMvVuLlNw=

View all headers

On Fri, 08 Nov 2024 11:18:52 -0300, Wolfgang Agnes wrote:

> (*) inetd and xinetd
>
> I did look at the current state of affairs of inetd and xinetd and it
> looks like they ignore TLS completely. Perhaps they shouldn't?

If you look at the tlswrapper docs, you’ll see that it can be invoked via
inetd (or systemd), and it in turn wraps the actual service process.

Subject: Re: big thanks to
From: Wolfgang Agnes
Newsgroups: comp.unix.programmer, comp.misc, comp.unix.bsd.freebsd.misc
Followup: comp.misc
Organization: A noiseless patient Spider
Date: Fri, 8 Nov 2024 23:45 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: wagnes@jemoni.to (Wolfgang Agnes)
Newsgroups: comp.unix.programmer,comp.misc,comp.unix.bsd.freebsd.misc
Subject: Re: big thanks to
Followup-To: comp.misc
Date: Fri, 08 Nov 2024 20:45:51 -0300
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <87cyj5xpao.fsf@jemoni.to>
References: <87a5e93j1v.fsf@jemoni.to> <vglv3q$3bsio$4@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 09 Nov 2024 00:46:03 +0100 (CET)
Injection-Info: dont-email.me; posting-host="1bf8505bfe380987e2cf5b5206c6b9a3";
logging-data="3591036"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19ycPedVaQWyj1xIhhuFviDyY90goyGYNM="
Cancel-Lock: sha1:3YOd9xLSOKmMnCWMI4qM3S54/X4=
sha1:GsT08Vn28RZ2mXrXJhOxczuc/nc=

View all headers

Lawrence D'Oliveiro <ldo@nz.invalid> writes:

D> On Fri, 08 Nov 2024 11:18:52 -0300, Wolfgang Agnes wrote:
>
>> (*) inetd and xinetd
>>
>> I did look at the current state of affairs of inetd and xinetd and it
>> looks like they ignore TLS completely. Perhaps they shouldn't?
>
> If you look at the tlswrapper docs, you’ll see that it can be invoked via
> inetd (or systemd), and it in turn wraps the actual service process.

That makes sense.

Subject: Re: big thanks to
From: Alexis
Newsgroups: comp.unix.programmer
Organization: A noiseless patient Spider
Date: Sun, 10 Nov 2024 10:14 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: flexibeast@gmail.com (Alexis)
Newsgroups: comp.unix.programmer
Subject: Re: big thanks to
Date: Sun, 10 Nov 2024 21:14:22 +1100
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <87r07je6pt.fsf@gmail.com>
References: <87a5e93j1v.fsf@jemoni.to>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Sun, 10 Nov 2024 11:14:23 +0100 (CET)
Injection-Info: dont-email.me; posting-host="1f6fd63a4b15a9bf7562f646dafe508f";
logging-data="358018"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+/e2w8ybCSafl0v6nLaaw5ry0+3ji0bW4="
User-Agent: Gnus/5.13 (Gnus v5.13)
Cancel-Lock: sha1:eWqAUBpwOZdh/MBIliAJSVVdr20=
sha1:PiCsOW3m9fZddodzxWF8lixiCoo=

View all headers

Wolfgang Agnes <wagnes@jemoni.to> writes:

> https://github.com/janmojzis/tlswrapper
>
> which is a TLS wrapper written in the UNIX way. I've been looking for a
> program like that for a little while to be able to continue to use
> Daniel J. Bernstein's tcpserver (wrapped in TLS).

You might be interested in reading about Laurent Bercot's s6-networking
suite, if you're not already aware of it:

https://skarnet.org/software/s6-networking/

For example, s6-tlsserver:

https://skarnet.org/software/s6-networking/s6-tlsserver.html

> s6-tlsserver is an UCSPI server tool for TLS/SSL connections over INET
> domain sockets. It acts as a TCP super-server that listens to
> connections, accepts them, and for each connection, establishes a TLS
> transport over it, then executes into a program.

Alexis.

Subject: Re: big thanks to
From: Wolfgang Agnes
Newsgroups: comp.unix.programmer
Organization: A noiseless patient Spider
Date: Mon, 11 Nov 2024 22:07 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: wagnes@jemoni.to (Wolfgang Agnes)
Newsgroups: comp.unix.programmer
Subject: Re: big thanks to
Date: Mon, 11 Nov 2024 19:07:51 -0300
Organization: A noiseless patient Spider
Lines: 25
Message-ID: <87v7wtpgp4.fsf@jemoni.to>
References: <87a5e93j1v.fsf@jemoni.to> <87r07je6pt.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Mon, 11 Nov 2024 23:07:51 +0100 (CET)
Injection-Info: dont-email.me; posting-host="3b9c4e065a5e8a9a86df711005fd4432";
logging-data="1266041"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/CgbTTCK4l8veBM2g5WPqNU9uNkkxXTTk="
Cancel-Lock: sha1:/PF3kGm3IDJitUAW87Jka3GciSg=
sha1:dg+fELRA335KW7P9gHDidhQnr+E=

View all headers

Alexis <flexibeast@gmail.com> writes:

> Wolfgang Agnes <wagnes@jemoni.to> writes:
>
>> https://github.com/janmojzis/tlswrapper
>>
>> which is a TLS wrapper written in the UNIX way. I've been looking for a
>> program like that for a little while to be able to continue to use
>> Daniel J. Bernstein's tcpserver (wrapped in TLS).
>
> You might be interested in reading about Laurent Bercot's s6-networking
> suite, if you're not already aware of it:
>
> https://skarnet.org/software/s6-networking/
>
> For example, s6-tlsserver:
>
> https://skarnet.org/software/s6-networking/s6-tlsserver.html
>
>> s6-tlsserver is an UCSPI server tool for TLS/SSL connections over INET
>> domain sockets. It acts as a TCP super-server that listens to
>> connections, accepts them, and for each connection, establishes a TLS
>> transport over it, then executes into a program.

Awesome! (Should've asked here many years ago!) Thanks for posting.

Subject	Author
big thanks to	Wolfgang Agnes
Re: big thanks to	Lawrence D'Oliveiro
Re: big thanks to	Wolfgang Agnes
Re: big thanks to	Alexis
Re: big thanks to	Wolfgang Agnes