Re: [Pound Mailing List] pound failing to load valid CAcert in CAfile - error:0906D06C:PEM routines:PEM_read_bio:no start line

2010-03-30 Thread Robert Segall
On Fri, 2010-03-26 at 10:29 -0700, PGNet Dev wrote: pound restarts OK with CAcert.pem, but fails (with the error above) with CAcert-trusted.pem. again, verifying both Certs in apache2+mod_ssl, all is OK with BOTH certs. Are you sure you fully understand what CAlist is for? Do you really need

Re: [Pound Mailing List] Allow unsanitized requests for openvpn?

2010-03-30 Thread Robert Segall
On Mon, 2010-03-29 at 16:13 -0400, Matt Van Mater wrote: Hello all, I have Pound set up to listen on a single IP address for HTTPS connections and then based on the Service's HeadRequire section I redirect the connection to a port on localhost, then I have Stunnel re-encrypt it and send it

Re: [Pound Mailing List] Re: Pound segfaults on first request

2010-03-30 Thread Robert Segall
On Mon, 2010-03-29 at 11:55 -0400, (private) HKS wrote: This seems to be related to configuring with --with-maxbuf384 on a 64-bit box (I don't have any 64-bit non-FreeBSD boxes, so I can't test that). If I leave that out or use --with-maxbuf92, there is no initial segfault. Any idea

Re: [Pound Mailing List] Allow unsanitized requests for openvpn?

2010-03-30 Thread Matt Van Mater
Hmm. Can you give a few example rejected requests (so I can grep the logs and try to find them)? On Tue, Mar 30, 2010 at 10:50 AM, Robert Segall ro...@apsis.ch wrote: On Mon, 2010-03-29 at 16:13 -0400, Matt Van Mater wrote: Hello all, I have Pound set up to listen on a single IP address

Re: [Pound Mailing List] pound failing to load valid CAcert in CAfile - error:0906D06C:PEM routines:PEM_read_bio:no start line

2010-03-30 Thread PGNet Dev
On Tue, Mar 30, 2010 at 7:48 AM, Robert Segall ro...@apsis.ch wrote: In any case, I would suggest you post a bug report at OpenSSL - all Pound does is to load your certificates. SSL_load_client_CA_file() returns an error when presented with a trusted certificate. Apparently not when used in

Re: [Pound Mailing List] Re: Pound segfaults on first request

2010-03-30 Thread (private) HKS
On Tue, Mar 30, 2010 at 10:54 AM, Robert Segall ro...@apsis.ch wrote: On Mon, 2010-03-29 at 11:55 -0400, (private) HKS wrote: This seems to be related to configuring with --with-maxbuf 384 on a 64-bit box (I don't have any 64-bit non-FreeBSD boxes, so I can't test that). If I leave that out or

[Pound Mailing List] Pound 2.5 build w/ openssl 1.0.0 fails @ pound.h:34 0: error: expected specifier-qualifier-list before ‘LHASH ’; OK w/ 0.9.8...

2010-03-30 Thread PGNet Dev
fyi, cd Pound-2.5 with openssl 0.9.8k, /usr/bin/openssl version OpenSSL 0.9.8k 25 Mar 2009 ./configure --with-ssl=/usr ... make ldd ./pound | egrep ssl|crypto libssl.so.0.9.8 = /usr/lib/libssl.so.0.9.8

[Pound Mailing List] Re: [Pound Mailing List] Pound 2.5 build w/ openssl 1.0.0 fails @ pound.h:340: error: expected specifier-qualif ier-list before ‘LHASH’; OK w/ 0.9.8...

2010-03-30 Thread PGNet Dev
fyi, the PATCH available here, http://www.apsis.ch/pound/pound_list/archive/2010/2010-02/1266065082000 seems to do the trick, ldd ./pound | egrep crypto|ssl libssl.so.1.0.0 = /usr/local/ssl/lib/libssl.so.1.0.0 (0xb76de000) libcrypto.so.1.0.0 =