Also, perhaps running it with -v, or setting LogFacility -, (or both) will yield a bigger picture... That'll output all the logs on the console. (so you'll see debug and info and everything else on the same screen) In your msg below I'm not seeing the LOG_DEBUG messages from SNI... So maybe syslog is filtering those out, or saving them elsewhere...
Joe > -----Original Message----- > From: Joe Gooch > Sent: Thursday, February 02, 2012 9:00 AM > To: '[email protected]' > Subject: RE: [Pound Mailing List] Pound 2.6f and SSLHonorCipherOrder > > It still won't segfault for me. :-/ > > "ip" in this context means instruction pointer, not internet protocol. > http://stackoverflow.com/questions/2549214/interpreting-segfault- > messages > > addr2line -e pound 08051f5c > /root/download/Pound-2.6f/config.c:808 > > Which, is square in the middle of the SNI checking. > > At the top of your config.c (say around line 74) can you do #undef > SSL_CTRL_SET_TLSEXT_SERVERNAME_CB > > And recompile? That should disable SNI. (Which IIRC you weren't using > anyway) > > And then let me know if you still see segfaults. > > Further, could you provide the subject of all the certificates you're > using? I.e. the output of: > openssl x509 -noout -in yourpemfile.pem -subject > > > Joe > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: Thursday, February 02, 2012 7:56 AM > > To: [email protected] > > Subject: Re: RE: RE: [Pound Mailing List] Pound 2.6f and > > SSLHonorCipherOrder > > > > Hi Joe, > > > > yes we did fix the patchfile. I did some further investigation on > this > > and there are some news I have to share. First some answers for your > > questions: > > >1) Does this happen on every request for you? Or is it sporadic? > > no, its much more than just sporadic, some request get answered and > > some not. > > >2) 32 or 64 bit? I can whip up a i386 chroot if need be > > it´s plain 32 bit > > >3) Looking at the packages below do you see any blatant differences > > >between my setup and yours > > no, but I will put my list in a special mail to send it directly with > > the tar-archive of our pound-directory to you > > >4 4) Anything else you can think of to help me track this down for > > you? > > Yes, I could zero in the problem a bit. First a bit about our setup: > > The pound is in dmz-A, the webserver is in dmz-B, and the requesting > > Client comes a) from the internet or b) from the internal network. > > When we start the pound everything works fine, as long as the > requests > > are coming from the internal network and the request is send to an IP > > of the dmz-A network. So everything worked with this setup for the > > internal network. But when there are requests from the internet, we > > get segfaults. The request is received from the firewall which does a > > NAT to pass the external IP of the website to the internal IP of the > > dmz-A network. And some requests are working (as I can see in the > > logfile of > > pound) and some cause segfaults. We can only test this by switching > > between the pound and our loadbalancer-appliance (as this one works, > > we are sure the NAT is not a problem) the productive path. So maybe > > there is a problem with some IP´s which cause the segfault. The > > segfaults appear even when there is no SSLHonorCipherOrder enabled. > > I´m not deep into this segfault thing, but there the word "ip" > mentioned: > > Feb 2 11:45:52 pilotpound kernel: pound[28641]: segfault at 4 ip > > 08051f5c sp b7610ce0 error 4 in pound[8048000+18000] > > > > Is there anything else I can do to support you ? > > > > Kind Regards > > > > fatcharly > > > > > > > > > -------- Original-Nachricht -------- > > > Datum: Wed, 1 Feb 2012 21:18:04 +0000 > > > Von: Joe Gooch <[email protected]> > > > An: "\'[email protected]\'" <[email protected]> > > > Betreff: RE: RE: [Pound Mailing List] Pound 2.6f and > > >SSLHonorCipherOrder > > > > > > > -- > > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen > > Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de > > > > -- > > To unsubscribe send an email with subject unsubscribe to > > [email protected]. > > Please contact [email protected] for questions.
