Subj : secure binkp
To   : Oli
From : Al
Date : Thu Dec 12 2019 01:52 am

Hello Oli,

 Ol> this should work with binkley
 Ol> node 1:153/757.2 -pipe "openssl s_client -quiet -alpn binkp -connect
 Ol> *H:*I" equinoxbbs.ddns.net:24555

 Ol> but it doesn't.

[...]

 Ol> + 07:12 [1060] call to 1:153/757.2@fidonet
 Ol> + 07:12 [1060] External command 'openssl s_client -quiet -alpn binkp
 Ol> -connect equinoxbbs.ddns.net:24555' started, pid 1061 07:12 [1060]
 Ol> connected + 07:12 [1060] outgoing session with
 Ol> equinoxbbs.ddns.net:24555 - 07:12 [1060] hiding aka
 Ol> 21:1/151@fsxnet depth=0 C = ZZ, O = The Rusty MailBox, CN =
 Ol> trmb.synchro.net verify error:num=66:EE certificate key too
 Ol> weak verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN =
 Ol> trmb.synchro.net verify error:num=20:unable to get local issuer
 Ol> certificate verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN
 Ol> = trmb.synchro.net verify error:num=21:unable to verify the first
 Ol> certificate verify return:1
 Ol> 1996181520:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
 Ol> small:../ssl/statem/statem_clnt.c:2150:

 Ol> ncat doesn't work either. I'm mostly offline for the next couple of
 Ol> days or weeks. And I will not read much of the fsx/fidonet mails.

That is a default self signed cert. Also is was a bit old so I've deleted those
 and created new ones.

I does actually work between binkit mailers but we may need to up that a bit to
 work with binkd. I'll try getting a cert from letsencrypt. That may work
better.

Thanks for testing and we'll catch you back here when you can make it.

 Ttyl :-),
         Al

--- GoldED+/LNX 1.1.5-b20180707
 * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

.