[cups] SSL in cups 2.3.3op2

Jörg Thümmler listen at vordruckleitverlag.de
Mon Oct 9 01:56:47 PDT 2023 

Am 09.10.23 um 09:33 schrieb Mark Dm:
> Douglas Kosovic,
> 
> Yes I can get there https://10.0.0.250:631 and the page loads although it
> says "certificate invalid"
> 
> When I try to use the CUPS client for Android and auto detect the printer ,
> I get:
> "Clear text is no longer allowed on Android 9. Please enable SSL/TLS on the
> CUPS server/printer"
> 
> If I manually enter the IP address in the CUPS client for androids "IP or
> Hostname field no search finds a printer.
> 
> If I manually enter the printer URL in cups client for android with
> "https:" it does not print and sometimes crashes android client.
> 
> Mopria does not recognize it at all nor does the android generic printer
> driver, and as far as I can best recall they did before.
> 
> I have tried so many things I think I am at my wits end with this and
> ready to just revert to my old stretch install, as the problems with CUPS
> are many and seem insurmountable..  I wasted all of my time getting so much
> other software migrated only to find that CUPS would be what hinders me.
> That is not good when part of the core OS is what is holding you back. I
> think it should be a strong message to CUPS devs.
> 
> Mark
> 
> On Sun, Oct 8, 2023 at 8:17 PM Douglas Kosovic <doug at uq.edu.au> wrote:
> 
>> Hi Mark,
>>
>>> Upgraded to Bullseye on Raspberry Pi 3B+  fromStretch. Far too
>>> many issues with CUPS 2.3.3op2.
>>>
>>> I need to get SSL activated so that Android 9 and up can print
>>
>> CUPS supports both ipp and (TLS/SSL encrypted) ipps for printing out of
>> the box, so don't think this is the issue.
>>
>>> I have found several pages on the internet with the same topic,
>>> some say you only need to add the certificates and add some
>>> lines to cupsd.conf that point to them but that apparently
>>> does not work . One page said they are automatically generated.
>>
>> You can check encryption is working with CUPS by going to the CUPS
>> server's web interface using https instead of http, e.g. :
>>
>>     https://localhost:631
>>
>> ipp and ipps use that same port 631.
>>
>> (Assuming 'WebInterface Yes' is set in /etc/cups/cupsd.conf which I
>> believe it is by default)
>>
>> Android and Windows uses Mopria certified printers for driverless
>> printing, while Apple uses AirPrint.
>>
>> In the "What printers does my Android device support?" from the following
>> Android printing FAQ :
>> https://mopria.org/androidfaq
>>
>> It states "By default, your Android 8 and higher device supports all
>> printers that are Mopria certified. Your Android device will automatically
>> discover any nearby Mopria certified printer."
>>
>> The following page describes when Mopria compatibility was added :
>> https://github.com/OpenPrinting/cups/pull/126
>>
>> So you need CUPS 2.4 or later's Mopria capability for printing with
>> Android 8 or later (unless the Debian CUPS packages backported Mopria
>> compatibility to earlier versions of CUPS).
>>
>>> Too many changes in CUPs and not enough complete documentation.
>>> This is what gives linux a bad name. We need full and complete
>>> documentation for each specific version of CUPS
>>
>> The CHANGES.md file the OpenPrinting github CUPS repository is a good
>> place to see the changes between versions:
>> https://github.com/openprinting/cups
>>
>> Going to https://localhost:631 will have docs for the specific version
>> you are using.
>>
>>> I also need to know if SAMBA driver support has been removed.
>>
>> Microsoft has announced that they plan to drop support for print drivers
>> and encouraging moving to driverless Mopria compliant printers that was
>> first made possible with the release of Windows 10 21H2.
>>
>>
>> https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windows
>>
>> SAMBA doesn't support Windows type 4 print drivers (i.e. no support for
>> the IPP Class inbox driver), only type 3 which is  prone to the fallout of
>> the "PrintNightmare" critical security vulnerability that affected
>> Microsoft Windows. Do a google search for "SAMBA PrintNightmare".
>>
>> If you setup a IPP Everywhere or driverless queue on CUPS 2.4 or later,
>> Windows 10 21H2 or later should be able to find and add it without the need
>> for any drivers.
>>
>>
>>
>>
>>
>> Cheers,
>> Doug
>> _______________________________________________
>> cups mailing list
>> cups at cups.org
>> https://lists.cups.org/mailman/listinfo/cups
>>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups

Hi,

assume you have certifikates in /etc/cups/ssl ... they are named as your 
host is (<hostname>.key, <hostname>.crt) and they are valid?

-- 
cu

jth

More information about the cups mailing list