On Fri, 2010-03-26 at 10:29 -0700, PGNet Dev wrote:
pound restarts OK with CAcert.pem, but fails (with the error above)
with CAcert-trusted.pem.
again, verifying both Certs in apache2+mod_ssl, all is OK with BOTH certs.
Are you sure you fully understand what CAlist is for? Do you really need
On Mon, 2010-03-29 at 16:13 -0400, Matt Van Mater wrote:
Hello all,
I have Pound set up to listen on a single IP address for HTTPS connections
and then based on the Service's HeadRequire section I redirect the
connection to a port on localhost, then I have Stunnel re-encrypt it and
send it
On Mon, 2010-03-29 at 11:55 -0400, (private) HKS wrote:
This seems to be related to configuring with --with-maxbuf384 on a
64-bit box (I don't have any 64-bit non-FreeBSD boxes, so I can't test
that). If I leave that out or use --with-maxbuf92, there is no
initial segfault.
Any idea
Hmm. Can you give a few example rejected requests (so I can grep the logs
and try to find them)?
On Tue, Mar 30, 2010 at 10:50 AM, Robert Segall ro...@apsis.ch wrote:
On Mon, 2010-03-29 at 16:13 -0400, Matt Van Mater wrote:
Hello all,
I have Pound set up to listen on a single IP address
On Tue, Mar 30, 2010 at 7:48 AM, Robert Segall ro...@apsis.ch wrote:
In any case, I would suggest you post a bug report at OpenSSL - all
Pound does is to load your certificates. SSL_load_client_CA_file()
returns an error when presented with a trusted certificate.
Apparently not when used in
On Tue, Mar 30, 2010 at 10:54 AM, Robert Segall ro...@apsis.ch wrote:
On Mon, 2010-03-29 at 11:55 -0400, (private) HKS wrote:
This seems to be related to configuring with --with-maxbuf 384 on a
64-bit box (I don't have any 64-bit non-FreeBSD boxes, so I can't test
that). If I leave that out or
fyi,
cd Pound-2.5
with openssl 0.9.8k,
/usr/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009
./configure --with-ssl=/usr ...
make
ldd ./pound | egrep ssl|crypto
libssl.so.0.9.8 = /usr/lib/libssl.so.0.9.8
fyi, the PATCH available here,
http://www.apsis.ch/pound/pound_list/archive/2010/2010-02/1266065082000
seems to do the trick,
ldd ./pound | egrep crypto|ssl
libssl.so.1.0.0 = /usr/local/ssl/lib/libssl.so.1.0.0 (0xb76de000)
libcrypto.so.1.0.0 =