Hi Robert, Sure, you're welcome.
To be frank, in my tests I was using a *real* certificate, used by the local environment we have running here and because of that, I can't share it. So this time I self-generated the certificate. I used a fictitious domain. And generated it with: 1 openssl req -x509 -nodes -newkey rsa:2048 -keyout cert.key -out cert.crt 2 openssl x509 -inform PEM -in cert.crt >> cert.pem It was tested both Pound and Pound3 with the exact configuration mentioned in the previous email. I've got the same error. The pem certificate file is here [1]. The output of running pound with debugging is here [2]. 1 https://pastebin.com/aMdxtd1P 2 https://pastebin.com/DGAFHDLE Please, let me know if there's anything else I could help you with. - Breno On Mon, 21 Sep 2020 at 04:36, Robert Segall <ro...@apsis.ch> wrote: > Hallo Beno > > Many thanks for the report. I would need two additional things in order > to understand this: > > 1. Your certificate (human-readable dump if possible). > 2. Running Pound with high debug level, to see exactly what it does. > > Please post these and we'll take it from there. > > On Thu, 2020-09-17 at 14:20 -0400, Breno Brand Fernandes wrote: > > Hi all, > > > > I've been testing Pound 3.0d and I found some issues. > > Would you mind helping me out? Maybe I'm missing something. > > > > I list below the environment and tests that were produced. > > > > - The environment: > > OS: CentOS Linux release 8.2.2004 (Core) > > Kernel version: 4.18.0-193.14.2.el8_2.x86_64 > > > > Pound 2.8 > > /etc/pound.cfg: > > User "pound" > > Group "pound" > > Control "/var/lib/pound/pound.cfg" > > > > ListenHTTP > > Address 0.0.0.0 > > Port 80 > > Service > > BackEnd > > Address 127.0.0.1 > > Port 8080 > > End > > End > > End > > > > ListenHTTPS > > Address 0.0.0.0 > > Port 443 > > Cert "/etc/ssl/cert.pem" > > Service > > BackEnd > > Address 127.0.0.1 > > Port 8080 > > End > > End > > End > > > > Pound 3.0d > > /etc/pound/pound.yaml: > > Backends: > > - &be > > Address: 127.0.0.1 > > Port: 8080 > > > > HTTPListeners: > > - Address: 0.0.0.0 > > Port: 80 > > Services: > > - Backends: > > - *be > > > > HTTPSListeners: > > - Address: 0.0.0.0 > > Port: 443 > > Services: > > - Backends: > > - *be > > Certificates: > > - "/etc/ssl/cert.pem" > > > > Nginx 1.14.1: Default configuration listening in the port 8080 only > > with > > the module php-fpm enabled. No ssl configuration. > > Apache 2.4.37: Default configuration listening in the port 8080 only > > with > > the module php-fpm enabled. No ssl configuration. > > > > - The tests & results: > > 1 Pound 2.8 and Nginx or Apache with PHP configured. > > HTTP/HTTPS: > > - Html pages work through. > > - PHP pages work through. > > > > 2 Pound 3.0d and Nginx or Apache with PHP configured. > > HTTP: > > - Html pages work through. > > - PHP pages partially load. Using curl -v, it is possible to see > > errors > > related to encoding: Malformed encoding found in chunked-encoding. > > HTTPS: > > Either HTML or PHP pages throw a core dump in the function > > do_sni. > > > > You can see the backtrace here [1]. > > > > Another thing I noted is that some options from Pound 2 seem to be > > missing > > on Pound 3 or I couldn't find them in the man file. E.g. Alive, xHTTP > > values, HeadRemove, RewriteLocation, AddHeader vs HeadAdd, > > SSLHonorCipherOrder, SSLAllowClientRenegotiation, XSSLHeaders, > > Disable (for > > SSL/TSL protocols), among others (see man pound vs man pound3). > > > > Are we planing on having those options on Pound 3 as well? > > > > PS: I built an RPM for Pound 3 on el8 here [2]. > > It is just a draft and might require improvement. > > > > 1 > > https://copr.fedorainfracloud.org/coprs/brandfbb/Pound3-Experimental/ > > 2 https://pastebin.com/WfuB8a9F > > > > Thanks in advance. > > > > - Breno > -- > Robert Segall > Apsis GmbH > Postfach, Uetikon am See, CH-8707 > Tel: +41-32-512 30 19 > > > -- > pound mailing list > pound@apsis.ch > https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch >
-- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch