Hello Henrik, the cert I'm using works fine with pound 2.8 on CentOS 6 (openssl 1.0.1e) I'm getting the error with pound 3.0e which no longer uses openssl but mbedtls.
Alessandro ________________________________ From: Henrik Rosenke via pound <pound@apsis.ch> Sent: Thursday, October 15, 2020 21:15 To: pound@apsis.ch <pound@apsis.ch> Cc: Henrik Rosenke <rose...@dssgmbh.de> Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hello Robert and Alessandro, we get a similar error with a few Certificates after upgrading from pound 2.7 to pound 2.8 on FreeBSD with openssl 1.0.2u. A Tomcat behind the pound is reading the X-SSL-Certificate Header and the header seems to get truncated on a few certificates. Which Version did you upgrade from? i tried to set the MAXBUF (pound.h) from 4096 to 8192 (this seems to be also set in the new 3. Version) but this doesnt help. I will try to gather more Information about this error. We first thought that the length of the Certificate is the Problem (good cert 1666 bytes, bad cert 1672 bytes) but thats not the case. Other longer Certificates will work but a few others wont, i dont see a pattern there. Kind Regards, Henrik Am 15.10.20 um 20:42 schrieb pound-requ...@apsis.ch: > Send pound mailing list submissions to > pound@apsis.ch > > To subscribe or unsubscribe via the World Wide Web, visit > https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch > or, via email, send a message with subject or body 'help' to > pound-requ...@apsis.ch > > You can reach the person managing the list at > pound-ow...@apsis.ch > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pound digest..." > > > Today's Topics: > > 1. Re: Pound-3.0e: Error when reading PEM file (Alessandro Baldoni) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 15 Oct 2020 06:56:42 +0000 > From: Alessandro Baldoni <alessandro.bald...@romagnafaentina.it> > To: "pound@apsis.ch" <pound@apsis.ch> > Cc: Robert Segall <ro...@apsis.ch> > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > Message-ID: > > <pr3pr10mb428607cf756463b946a8e33cfd...@pr3pr10mb4286.eurprd10.prod.outlook.com> > > Content-Type: text/plain; charset="us-ascii" > > Hello Robert, here is the output of pound and che content of the PEM file. I > also tried converting the PEM to DER but the error is the same. > > debug option 5 /root/Pound-3.0e/src/config.c:631 > start get_others /root/Pound-3.0e/src/config.c:563 > start get_backends /root/Pound-3.0e/src/config.c:123 > addr pound.comunefaenza.local /root/Pound-3.0e/src/config.c:139 > port 885 /root/Pound-3.0e/src/config.c:142 > push /root/Pound-3.0e/src/config.c:168 > addr easytraffic.comunefaenza.local /root/Pound-3.0e/src/config.c:139 > port 80 /root/Pound-3.0e/src/config.c:142 > push /root/Pound-3.0e/src/config.c:168 > start get_http /root/Pound-3.0e/src/config.c:277 > addr 192.168.1.72 /root/Pound-3.0e/src/config.c:291 > port 888 /root/Pound-3.0e/src/config.c:294 > start get_services /root/Pound-3.0e/src/config.c:209 > HeadRequire Host: .*apps.* /root/Pound-3.0e/src/config.c:237 > URL .*/google0a441f3c9d875eed.html /root/Pound-3.0e/src/config.c:228 > push /root/Pound-3.0e/src/config.c:258 > push /root/Pound-3.0e/src/config.c:320 > start get_https /root/Pound-3.0e/src/config.c:488 > address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 > port 890 /root/Pound-3.0e/src/config.c:512 > start get_certificates /root/Pound-3.0e/src/config.c:451 > start get_one(/etc/pound/comune.faenza.ra.it.pem) > /root/Pound-3.0e/src/config.c:377 > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid key tag > or value > > -----BEGIN CERTIFICATE----- > MIIHizCCBXOgAwIBAgIQS02wKH/WeiTmw37ODrURRTANBgkqhkiG9w0BAQsFADCB > iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl > IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB > Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIw > MDgxNDE1NTEyMFoXDTIxMDcwNTA2NTEyMFowgZcxCzAJBgNVBAYTAklUMRAwDgYD > VQQIDAdSYXZlbm5hMQ8wDQYDVQQHDAZGYWVuemExJjAkBgNVBAoMHVVuaW9uZSBk > ZWxsYSBSb21hZ25hIEZhZW50aW5hMR0wGwYDVQQLDBRTZXJ2aXppbyBJbmZvcm1h > dGljYTEeMBwGA1UEAwwVKi5jb211bmUuZmFlbnphLnJhLml0MIIBIjANBgkqhkiG > 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp08Nr2L9tpgft1KJxN4NvoOmTW4qwyioYzv > 74Hp4kghjq5dh1xAAUbyGvRN3e/4RpTUaWGkB0BwTxwz2hXYtI8Pb+96XFVsaiOt > ecOwN7FlZNk7DHhySTxUIocWLrCbMW1weyT9fDy9dKZhg5CO+S+EPv2Hqq2QehHC > 6rTWrOJ/rezjJbNdY3wcB2E4fsz5ClWDlBMCiIIqhT9lqajXTgq89eDWGqUeG6gN > JWpvYq7PqcBWYULHiyL/1A/Vj20ksydSdtG/QHf3492n9mRe3oL19VJ2XyG5BY6r > C94bdoM/2pdkVqfsrbb3sJip6Dte7AujAowxkNn7EOoirKteMQIDAQABo4IC3TCC > AtkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSfirG18bHegvQnfL6Izd6pQ4Gj > SzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0 > YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGhvdmczMDEGCCsGAQUFBzABhiVodHRw > Oi8vb2NzcDA5LmFjdGFsaXMuaXQvVkEvQVVUSE9WLUczMDUGA1UdEQQuMCyCFSou > Y29tdW5lLmZhZW56YS5yYS5pdIITY29tdW5lLmZhZW56YS5yYS5pdDBRBgNVHSAE > SjBIMDwGBiuBHwETATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz > Lml0L2FyZWEtZG93bmxvYWQwCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMC > BggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDkuYWN0YWxp > cy5pdC9SZXBvc2l0b3J5L0FVVEhPVi1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBTL > O/sXravPyQYjMI5Kn4MlYd6ObDAOBgNVHQ8BAf8EBAMCBaAwggEEBgorBgEEAdZ5 > AgQCBIH1BIHyAPAAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA > AXPttEI5AAAEAwBIMEYCIQDIjAXgqi/N5OeuN5Ly86EjojiYQ2KQZos33qajjafu > PQIhAOnqKe72kuGNqJII3qwJw9VSqSw/zGeBZbpnd9fP8HDCAHUAfT7y+I//iFVo > JMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAFz7bRCEgAABAMARjBEAiAPYpVRbrLk > gLs8zzHklHEDwh5d5uHKjKOr98u25uqpLQIgMUjQKd8Lr6T6KZpjJGgBljEs0JHJ > T4JhDxHUV+T6gMwwDQYJKoZIhvcNAQELBQADggIBACc9oUHkROnDHQJYEEhlQqfh > pkS6dQv9lsiLGTDWkUEFbmXgSfZmoh8us7HcxD5X+OQTYAsdYmTOe4Lglr99KuZR > DRoC0RZrNQrHGyTsUCEp+nJsvEO83CWzEMDxBD9QXWTu3NTJbFjyEYk4YkMto/3I > SVExTHBQS1RK0tMZ8KHxBXIgc74DJS57xl6KT1dJzJzxfBTO8KmRQ3nm0m9jZPzM > vpEV7he2JRwN27k7iPtPqcsRKw/r6/bWgrMflQqR43KYvmT5OjYCNNB8OSXSsNsh > r6ZBlhlUknGPoCf/Fp5j0+6R8uL38BSi6Undi4zqXvegJXSjK+p0nqh4M//D17/v > BKTThShfs/VvsgBXSnOu3Zo4QG3OEszStHzdWBkgF8zamIx6lY9DRF9jij+JfVu9 > I4akOlKW+RdHgWDYvqGpSBVYT6mCLtXWIdrVNwshOY+p85KdCf647BigPKgxqSgH > EjRyDWVE05vXhvIWtZsVKLmFLQxpwvHxTCagJRS2UcYfSmuxVihiesTD6H36qPDf > SR3DUpohUd3Kk1gBYQPiY1qJJdRlvzSprXut3p+mpm/Q+yz/BhCKZGH5UiIxLG38 > DwneyyNs8WoT/DnXNG2caaCv9AtCCK9u0+f+Rmbz5lWmk6sUHFarTN9/RZKjIWrW > KK6QawmLAQnPNOe2nX2J > -----END CERTIFICATE----- > -----BEGIN CERTIFICATE----- > MIIHdTCCBV2gAwIBAgIQXDs/N638KP4Pz9Or+D+FUTANBgkqhkiG9w0BAQsFADBr > MQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg > Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0 > aW9uIFJvb3QgQ0EwHhcNMjAwNzA2MDcyMDU1WhcNMzAwOTIyMTEyMjAyWjCBiTEL > MAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNh > biBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtBY3Rh > bGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMIICIjANBgkq > hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs73Ch+t2owm3ayTkyqy0OPuCTiybxTyS > 4cU4y0t2RGSwCNjLh/rcutO0yoriZxVtPrNMcIRQ544BQhHFt/ypW7e+t8wWKrHa > r3BkKwSUbqNwpDWP1bXs7IJTVhHXWGAm7Ak1FhrrBmtXk8QtdzTzDDuxfFBK7sCL > N0Jdqoqb1V1z3wsWqAvr4KlSCFW05Nh4baWm/kXOmb8U+XR6kUmuoVvia3iBhotR > TzAHTO9SWWkgjTcir/nhBvyL2RoqkgYyP/k50bznaVOGFnFWzfl0XnrM/salfCBh > O0/1vNaoU8elR6AtbdCFAupgQy95GuFIRVS8n/cF0QupfPjUl+kGSLzvGAc+6oNE > alpAhKIS/+P0uODzRrS9Eq0WX1iSj6KHtQMNN4ZKsS4nsuvYCahnAc0QwQyoduAW > iU/ynhU9WTIEe1VIoEDE79NPOI2/80RqbZqdpAKUaf0FvuqVXhEcjiJJu+d0w9YN > b7gurd6xkaSXemW/fP4idBiNkd8aCVAdshGQYn6yh+na0Lu5IG88Z2kSIFcXDtwy > zjcxkW86pwkO6GekEomVBNKcv0Cey2Smf8uhpZk15TSCeyFDrZBWH9OsDst/Tnhz > pN156Huw3M3RRdEegt33fcyPykgt0HThxrEv9DwOzhs6lCQ5RNQJO7ZvZF1ZiqgT > FOJ6vs1xMqECAwEAAaOCAfQwggHwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw > FoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUF > BzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMEUGA1Ud > IAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz > Lml0L2FyZWEtZG93bmxvYWQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB > MIHjBgNVHR8EgdswgdgwgZaggZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMu > aXQvY24lM2RBY3RhbGlzJTIwQXV0aGVudGljYXRpb24lMjBSb290JTIwQ0EsbyUz > ZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNh > dGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3Rh > bGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwHQYDVR0OBBYE > FJ+KsbXxsd6C9Cd8vojN3qlDgaNLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B > AQsFAAOCAgEAJbygMnKJ5M6byr5Ectq05ODqwNMtky8TEF3O55g6RHhxblf6OegZ > 4ui4+ElHNOIXjycbeuUGuFA4LScCC9fnI1Rnn8TI2Q7OP5YWifEfnrdp99t/tJzQ > hfdi7ZTdRRZZGV9x+grfR/RtjT2C3Lt9X4lcbuSxTea3PHAwwi0A3bYRR1L5ciPm > eAnYtG9kpat8/RuC22oxiZZ5FdjU6wrRWkASRLiIwNcFIYfvpUbMWElaCUhqaB2y > YvWF8o02pnaYb4bvTCg4cVabVnojUuuXH81LeQhhsSXLwcdwSdew0NL4zCiNCn2Q > iDZpz2biCWDggibmWxsUUF6AbqMHnwsdS8vsKXiFQJHeAdNAhA+kwpqYAdhUiCdj > RTUdtRNUucLvZEN1OAvVYyog9xYCfhtkqgXQROMANP+Z/+yaZahaP/Vgak/V00se > Hdh7F+B6h5HVdwdh+17E2jl+aMTfyvBFcg2H/9Qjyl4TY8NW/6v0DPK52sVt8a35 > I+7xLGLPohAl4z6pEf2OxgjMNfXXCXS33smRgz1dLQFo8UpAb3rf84zkXaqEI6Qi > 2P+5pibVFQigRbn4RcE+K2a/nm2M/o+WZTSio+E+YXacnNk71VcO82biOof+jBKT > iC3Xi7rAlypmme+QFBw9F1J89ig3smV/HaN8tO0lfTpvm7Zvzd5TkMs= > -----END CERTIFICATE----- > -----BEGIN RSA PRIVATE KEY----- > -----END RSA PRIVATE KEY----- > > > > [Unione della Romagna Faentina] > [cid:3fc5fe72-f36b-49e1-8f93-362975ba17bc] dr. Alessandro Baldoni > [cid:cc9ddba0-6197-4edf-8b6a-8a82c90c2e10] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:af5282a0-32fb-422d-bb9c-84ee30423b6c] 0546 691224 > [cid:7ca1bc1b-f1f0-4482-9894-ed41171a30d5] > alessandro.bald...@romagnafaentina.it > [cid:2e3e3331-f4e0-4191-a7a9-3625725bf282] p...@cert.romagnafaentina.it > ________________________________ > From: Robert Segall via pound <pound@apsis.ch> > Sent: Tuesday, October 13, 2020 18:29 > To: pound@apsis.ch <pound@apsis.ch> > Cc: Robert Segall <ro...@apsis.ch> > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > Please run Pound with debug level 5 and show the result here, as well > as the PEM file in question (leave out the CONTENT of the private key) > and/or the certificate in human-readable form. > > On Tue, 2020-10-13 at 16:21 +0000, Alessandro Baldoni via pound wrote: >> Hello, I'm a pound 2 user and I'm trying out pound 3.0e. >> In my test environment, when pound tries to read a PEM file (public >> certificate+ca+private key) I get the error: >> >> SNI: can't read key /etc/pound/comune.faenza.ra.it.pem >> >> I've tinkered a bit with the source to get a more readable error: >> >> SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid >> key tag or value >> >> The same file is correctly used by pound 2. >> >> Kind regards, >> >> Alessandro > -- > Robert Segall > Apsis GmbH > Postfach, Uetikon am See, CH-8707 > Tel: +41-32-512 30 19 > > > -- > pound mailing list > pound@apsis.ch > https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment.htm> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-Unione del.png > Type: image/png > Size: 21962 bytes > Desc: Outlook-Unione del.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-iuz4ttgy.png > Type: image/png > Size: 1906 bytes > Desc: Outlook-iuz4ttgy.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment-0001.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-rkyhxjrk.png > Type: image/png > Size: 1931 bytes > Desc: Outlook-rkyhxjrk.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment-0002.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-dh0zjzts.png > Type: image/png > Size: 1814 bytes > Desc: Outlook-dh0zjzts.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment-0003.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-mxxog4vz.png > Type: image/png > Size: 1901 bytes > Desc: Outlook-mxxog4vz.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment-0004.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Outlook-qjuzmenv.png > Type: image/png > Size: 1969 bytes > Desc: Outlook-qjuzmenv.png > URL: > <https://admin.hostpoint.ch/pipermail/pound_apsis.ch/attachments/20201015/4b865b0e/attachment-0005.png> > > ------------------------------ > > Subject: Digest Footer > > pound mailing list > pound@apsis.ch > https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch > > > ------------------------------ > > End of pound Digest, Vol 11, Issue 6 > ************************************ -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
-- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
