> You have probably compiled Pound against a version of OpenSSL without
> OCSP support (I seem to recall that it is optional).
it's built by default, now ...
certain, having verified, that my locally built openssl
which openssl
/usr/local/ssl/bin/openssl
openssl version
OpenSSL 0.9.8n 24 Mar 2010
DOES, in fact, contain ocsp support, I'd configure the POund-2.5 build with,
./configure --with-ssl=/usr/local/ssl
per your question, I checked,
ldd `which pound`
linux-gate.so.1 => (0xf57fe000)
libpcreposix.so.0 => /lib/libpcreposix.so.0 (0xb76e1000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7696000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7524000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb750d000)
libdl.so.2 => /lib/libdl.so.2 (0xb7508000)
libm.so.6 => /lib/libm.so.6 (0xb74df000)
libpthread.so.0 => /lib/libpthread.so.0 (0xb74c5000)
libc.so.6 => /lib/libc.so.6 (0xb7365000)
libpcre.so.0 => /lib/libpcre.so.0 (0xb7336000)
libz.so.1 => /lib/libz.so.1 (0xb7321000)
/lib/ld-linux.so.2 (0xb7711000)
and note that it STILL links the system ssl/crypto libs ...
Looking in Pound's configure ...
...
# Check whether --with-ssl was given.
if test "${with_ssl+set}" = set; then
withval=$with_ssl; CPPFLAGS="-I${with_ssl}/include ${CPPFLAGS}";
LDFLAGS="-L${with_ssl}/lib ${LDFLAGS}"; C_SSL="${with_ssl}"
else
...
identifies the problem -- no correct rpath support, or
specified/required flags for other-SSL usage.
rebuilding with,
setenv LDFLAGS "`pkg-config --libs-only-L openssl`
-Wl,-rpath,`pkg-config --libs-only-L openssl | sed s'/-L//'`
`pkg-config --libs-only-l openssl`"
setenv CPPFLAGS "-I/usr/local/include `pkg-config openssl --cflags`
-I/usr/include"
./configure --with-ssl=/usr/local/ssl
where,
pkg-config --libs "libcrypto" && \
pkg-config --libs "libssl" && \
pkg-config --libs "openssl" && \
pkg-config --cflags "openssl"
-L/usr/local/ssl/lib -lcrypto -ldl -lz
-L/usr/local/ssl/lib -lssl -lcrypto -ldl -lz
-L/usr/local/ssl/lib -lssl -lcrypto -ldl -lz
-I/usr/local/ssl/include
the build now results, correctly, in
ldd pound
linux-gate.so.1 => (0xf57fe000)
libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0.9.8
(0xb7873000)
libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8
(0xb771a000)
libdl.so.2 => /lib/libdl.so.2 (0xb76ea000)
libz.so.1 => /lib/libz.so.1 (0xb76d5000)
libpcreposix.so.0 => /lib/libpcreposix.so.0 (0xb76d1000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb76bb000)
libm.so.6 => /lib/libm.so.6 (0xb7692000)
libpthread.so.0 => /lib/libpthread.so.0 (0xb7678000)
libc.so.6 => /lib/libc.so.6 (0xb7518000)
/lib/ld-linux.so.2 (0xb78bd000)
libpcre.so.0 => /lib/libpcre.so.0 (0xb74e8000)
> In any case, what you see is pure OpenSSL - Pound has nothing to do with it.
strange, then, that it all works fine with other SSL-using apps.
after newly-rebuilt, linked-to-local-ssl-with-ocsp-support, pound
install, and pound- service restart, testing the 2 CAcert versions --
both with additional OCSP trust, and without -- the results are as
above.
pound restarts OK with CAcert.pem, but fails (with the error above)
with CAcert-trusted.pem.
again, verifying both Certs in apache2+mod_ssl, all is OK with BOTH certs.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
