Hi Joe
we are using a pre-compiled pound package from a solaris repository:
http://www.blastwave.org/jir/pkgcontents.ftd?software=pound2&style=brief&state=5&arch=sparc
we download the binaries for sparc or intel machine accordingly.
The information about the package:
software pound2
pkgname CSWpound2
description 2.x branch of the Pound reverse proxy, load balancer and
HTTPS front-end for Web server(s)
vendor url http://www.apsis.ch/pound/
version 2.4.4
revision 2009-01-15
The apache configuration to add the certificate in the HEADER that
goes to the pound is:
in general config:
SSLOptions +StdEnvVars +ExportCertData +CompatEnvVars +StrictRequire
RequestHeader set SSL_CLIENT_CERT %{SSL_CLIENT_CERT}e
in the location that goes through the pound
<Location /application/html/acceso>
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
ProxyPass http://localhost:50238/application/html/acceso
ProxyPassReverse http://localhost:50238/application/html/acceso
</Location>
best regards
José
On Tue, May 25, 2010 at 12:40 AM, Joe Gooch <[email protected]> wrote:
> What options did you give to configure when you compiled pound? (line 6-8ish
> of config.log)
> Which HTTP header contains the certificate?
>
> Thanks.
> Joe
>
> Confidentiality Notice:
> This e-mail transmission may contain confidential and legally privileged
> information that is intended only for the individual named in the e-mail
> address. If you are not the intended recipient, you are hereby notified that
> any disclosure, copying, distribution, or reliance upon the contents of this
> e-mail message is strictly prohibited. If you have received this e-mail
> transmission in error, please reply to the sender, so that proper delivery
> can be arranged, and please delete the message from your mail box.
>
>> -----Original Message-----
>> From: Jose Negreira [mailto:[email protected]]
>> Sent: Monday, May 24, 2010 6:22 PM
>> To: [email protected]
>> Subject: [Pound Mailing List] http header 2048 bytes certificate
>> truncated by pound
>>
>> Hi
>> we are from Galicia, a region in northwest of Spain.
>> We are using pound balancer and I would like to subscribe the
>> mailinglist
>> in order to try to get some help with http header certificates through
>> pound.
>>
>> In our tests it seems certificates of 2048 bytes (like id card from
>> Spain)
>> are trucated when passing through pound (lost 53 bytes) at http header.
>> Pound is listening just http, no https.
>> Other http header certificates (of 1024 bytes long) goes through pound
>> without problem.
>> If I remove the pound between apache and backend, 2048 bytes
>> certificates then work.
>>
>> the configuration is simply:
>>
>> #balancer for webspace
>> ListenHTTP
>> Address localhost
>> Port 50328
>> Service
>> BackEnd
>> Address 10.61.10.53
>> Port 28082
>> Timeout 180
>> Priority 5
>> End
>> Emergency
>> Address 10.61.10.63
>> Port 28082
>> End
>> End
>> End
>>
>>
>> many thanks in advance
>>
>> Jose Negreira
>> Xunta de Galicia
>> Spain
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to
>> [email protected].
>> Please contact [email protected] for questions.
>
> --
> To unsubscribe send an email with subject unsubscribe to [email protected].
> Please contact [email protected] for questions.
>
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.