Quoting Kevin Chadwick <m8il1i...@gmail.com>:
On Thu, 26 Mar 2015 08:30:23 +0100
mxb wrote:
>
> Thank you for the suggestion. I was not aware of "pound."
I?d rather go for relayd. Which is out of the box. No need to install ?yet
another port and make sure it is up2date?.
httpd is based on relayd code which would reduce the scope of the test
(a cluestick).
When I try "https://10.0.128.67/index.html"; - I get a nice message from
firefox asking me to accept a problem certificate (this was expected,
the certificate is the "correct" one), and when I do accept the
certificate, I get the index page.
So, I am not sure what is wrong, but it appears httpd is not responding
to https requests, even with the "listen on tls" line in the
configuration file.
Is there anything for me to look at/consider in trying to correct this?
I don't understand what you are saying by '"correct" one' but to me this
suggests you have issues even with pound and perhaps I would try
another browser or firefox on another client and try another
certificate perhaps from another CA or install a newer snapshot or
re-install a release before wondering if there is an issue with httpd
or libressl whilst monitoring the list to see if anyone else has an
issue?
Thankfully re-install on OpenBSD is super quick but you do have to
follow www.openbsd.org/current.html for snapshots and I think
www.openbsd.org/plus.html for release upgrades (4.5 -> 4.6 etc.)
Hello:
I am sorry, I have been unable to try some of the suggestions today as
of yet. I am a bit busy at work, and probably won't be able to look
at this until tomorrow.
However, I wanted to clarify my comment.
When I said "correct" one in regards to the certificate working with
https and pound, my comment was intended only to imply that any
"issues" were purposefully induced ones.
As I said, the new machine with the httpd issue is going to replace
another machine. To make my like easy going forward, I installed a
certificate for the machine as it will be in the future, not as it is
now.
So, when firefox connects with https to the machine, it is connecting
to 10.0.128.67, but gets a certificate back saying 10.0.128.100; and
warns me of the inconsistency. This is a completely expected issue,
and I do verify that the "10.0.128.100" certificate is being presented
form the "10.0.128.67" machine.
There was NO other problem using pound. With pound, as well as a
https connection to the "old" machine with the "new" certificate, the
browser opens the https connection with no problems. Also, as I noted
yesterday, the browser's hanging behaivor stops the second afer I kill
the httpd process.
I have also tried to connect with IE from a windows machine, and get
the same results (http is ok, https hangs).
I missed the "-d -v" flags for httpd (i feel a bit stupid, it's right
there in the man page), and was going to fire up httpd and see what
happens when the secure connection is initiated. Hopefully, tomorrow.
Thanks
Ted
