[cups] SSL in cups 2.3.3op2

Mark Dm markosjal at gmail.com
Wed Oct 11 11:33:22 PDT 2023 

Jorg,
Its already on the same subnet. Also Encrypted android printing applies
only to Android 9 and up from what I read.

I have basically concluded that it is the intention of Apple to remove
functionality from CUPS . MacOS no longer uses CUPS so there is no
motivation for Apple to care if it works. So we now have the fox guarding
the hen house.

On Tue, Oct 10, 2023 at 11:47 PM Jörg Thümmler <listen at vordruckleitverlag.de>
wrote:

> Hi Mark,
>
> I'm really no expert in ssl things...
>
> as I wrote, you need accessable webspace / server for let's encrypt
> certs (maybe you already have this somewhere)
>
> depending on the webservers system you will find certificates somewhere,
> on debian linux I have them in /etc/ssl. They are pem type, I somwhere
> read, you can build other types from this. No clue, how cups handles
> this...
>
> Another question: I have a Opensuse linux 15.1 running here, cups is
> 2.2.7 still. Installed Mopria on my Android phone. Having a wlan
> 192.168.0... here, where my phone can find the cups 2.2.7 server, as it
> has an ip in this range too and the dhcp server gives an ip in same
> range to my phone.
> Starting Mopria - all printers accessable from this cups server are
> shown. Printing some pdf or graphic file leads to warning "this printer
> can't be accessed by encrypted connections" (or something similar, maybe
> I do not remember correctly and I translated from german) with the
> possibility to cancel or accept. Accepted... and it prints out... tried
> with a local attached hp 401 and a hp 402, that is in this lan...
> OK, my phone is an android 6 still but I loaded down the mopria app some
> minutes ago.
> Maybe it's a way to configure your wlan dhcp to put your phone into the
> same c-net (same ip range) and you can allow unencrypted printing too?
>
> cu
> --
>
> jth
>
> Am 11.10.23 um 07:49 schrieb Mark Dm:
> > Douglass,
> >
> > There is no "bookworm" release on download page.
> > https://www.raspberrypi.com/software/operating-systems/  Also that link
> you
> > sent about CUPS SSL is exactly the issue I have on Android however I can
> > never get the message to trust the server. I have tried having android
> > client find printer, providing only IP and I entered printer URL as both
> > http and https. I never see the screen on link page for untrusted SSL.
> >
> >
> > Jorg,
> > I have no idea how to apply a Lets Encrypt certificate for a domain to a
> > LAN device .
> >
> >
> > As for this version of CUPS I think it is a HUGE FAIL. Makes me wonder if
> > this is the new norm for CUPS while Apple breaks printing in Linux
> >
> >
> > On Tue, Oct 10, 2023 at 8:54 PM Douglas Kosovic <doug at uq.edu.au> wrote:
> >
> >> Hi Mark,
> >>
> >> The new Debian 12 (Bookworm) based Raspberry Pi OS might be the simplest
> >> option for you as it comes with cups 2.4.2-3+deb12u4, so will work with
> >> Android Mopria Print Service and Windows 10/11 inbox IPP driver unlike
> the
> >> earlier CUPS versions.
> >>
> >> The following is a summary of the issues with the Android CUPS client.
> >>
> >> The Android CUPS client v1.5 was published in 2018 and is available on
> the
> >> Google Play Store:
> >>
> >>
> https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint
> >>
> >> has commits in GitHub after the 1.5.0 tag (so after that published
> >> version) that allows clear text traffic:
> >>    https://github.com/BenoitDuffez/AndroidCupsPrint/commits/develop
> >>
> >> so one option is to build the latest Android CUPS client from source
> code
> >> and side load on the Android device.
> >>
> >> Although the Android CUPS client v1.5 release notes claims it is able to
> >> handle self-signed certificates, there still appears to be issues
> according
> >> to the following:
> >>     https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157
> >>
> >> an ugly workaround for the Google Play Store published version is
> >> described in the above link.
> >>
> >>
> >>
> >>
> >> Cheers,
> >> Doug
> >>
> >> -----Original Message-----
> >> From: Douglas Kosovic <doug at uq.edu.au>
> >> Sent: Wednesday, October 11, 2023 12:23 AM
> >> To: The CUPS user discussion list. <cups at cups.org>
> >> Subject: Re: [cups] SSL in cups 2.3.3op2
> >>
> >> Hi Mark,
> >>
> >> I built cups 2.4.7-1 from Debian sid and the Android Mopria Print
> Service
> >> is able to find the print queue as does Windows 11, but the Android
> Default
> >> Print Service wasn't able to. I was getting some errors when I try to
> >> print, but that is another story and still looking into it.
> >>
> >> Going back to the original issue using the so called Android CUPS client
> >> (which I think is a bit of a misleading name as it isn't built using
> CUPS
> >> or any libraries from CUPS).
> >>
> >> I wonder if the "Clear text is no longer allowed on Android 9. Please
> >> enable SSL/TLS on the CUPS server/printer" from that client means you
> need
> >> to you need to add "Encryption Required" to all <Location> directives in
> >> the /etc/cups/cupsd.conf file.
> >>
> >> Anyway, that issue is described in the Android CUPS client's github
> issues
> >> :
> >> https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157
> >>
> >> I'm not able to install that Android CUPS client as the Google Play
> store
> >> claims I don't have any compatible devices.
> >>
> >> In regards to certificates, deleting the certificates under
> /etc/cups/ssl/
> >> and restarting CUPS will regenerate new self-signed certificate, but
> looks
> >> like the Android CUPS client has issues with self-signed certificates.
> >> Possibly could use the Let's Encrypt certificate service, which has
> >> certificates stored in the /etc/letsencrypt/live directory
> >>
> >>
> >>
> >> Cheers,
> >> Doug
> >>
> >> -----Original Message-----
> >> From: Douglas Kosovic <doug at uq.edu.au>
> >> Sent: Tuesday, October 10, 2023 3:20 PM
> >> To: The CUPS user discussion list. <cups at cups.org>
> >> Subject: Re: [cups] SSL in cups 2.3.3op2
> >>
> >> Hi Mark,
> >>
> >>> Upgraded to Bullseye on Raspberry Pi 3B+  from Stretch. Far too many
> >>> issues with CUPS 2.3.3op2.
> >>
> >> Okay, I have CUPS 2.3.3op2-3 on a Raspberry Pi, added a print queue,
> then
> >> tried with Android 10, but had no success finding the print queue.
> >>
> >> 'avahi-browse --all -r' wasn't listing any mDNS advertisement for the
> >> print queue, so I added the following line to /etc/cups/cupsd.conf :
> >>
> >> BrowseDNSSDSubTypes _cups,_universal,_print
> >>
> >> iOS was then able to find the print queue, but still no luck with
> Android.
> >> The output of 'avahi-browse --all -r' doesn't have mopria-certified in
> the
> >> mDNS advertisement for the print queue which I suspect is the problem.
> >>
> >> When I get home tonight, I'm thinking of doing a backport build of CUPS
> >> 2.4.7-1 from Debian Sid to see if things work. With CUPS 2.4 it
> definitely
> >> mDNS advertises mopria-certified for the print queues.
> >>
> >>  From the following page, I get the impression even with the default
> >> Android Print Service that they mention, it only works with printers
> that
> >> advertise they are mopria-certified :
> >>    https://mopria.org/androidfaq
> >>
> >>
> >>> If I manually enter the printer URL in cups client for android with
> >>> "https:" it does not print and sometimes crashes android client.
> >>
> >> I suspect the Android CUPS client you are referring to is the following
> :
> >> https://github.com/BenoitDuffez/AndroidCupsPrint
> >>
> >>
> https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint
> >>
> >> That Android CUPS client has nothing to do with the OpenPrinting CUPS
> and
> >> uses cups4j which is written in Java. I suspect the TLS/SSL certificate
> >> issues you are having are because of that client.
> >>
> >>
> >>
> >>
> >> Cheers,
> >> Doug
> >>
> >>
> >> _______________________________________________
> >> cups mailing list
> >> cups at cups.org
> >> https://lists.cups.org/mailman/listinfo/cups
> >> _______________________________________________
> >> cups mailing list
> >> cups at cups.org
> >> https://lists.cups.org/mailman/listinfo/cups
> >>
> > _______________________________________________
> > cups mailing list
> > cups at cups.org
> > https://lists.cups.org/mailman/listinfo/cups
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
>

More information about the cups mailing list