Hey Robert,
Thanks for looking into this. Maybe there's something wrong with the
procedure I am doing?
I've just tested on a Fedora 31. Here is how it was tested (with the same
certificate sent in the last email):
- Backend with container to speed up the configuration:
# podman run -d -p 8080:80 --name apache8080 -v /var/www/html:/var/www/html
php:7.2-apache
# echo '<? echo "YEA!"; ?>' >/var/www/html/index.php
- Pound configuration:
# chmod + r /etc/ssl/self-signed/cert.pem
# mkdir /etc/pound/
# vim /etc/pound/pound.yaml:
Backends:
- &be
Address: 127.0.0.1
Port: 8080
HTTPListeners:
- Address: 0.0.0.0
Port: 80
Services:
- Backends:
- *be
HTTPSListeners:
- Address: 0.0.0.0
Port: 443
Services:
- Backends:
- *be
Certificates:
- "/etc/ssl/self-signed/cert.pem"
- Installing dependencies
# dnf install -y cmake gcc libyaml-devel nanomsg-devel mbedtls-devel
pcre-devel openssl-devel openssl systemd-units automake autoconf
gperftools-devel
- Compiling
# mkdir tmp; cd tmp; wget https://www.apsis.ch/pound/Pound-3.0d.tgz; tar
xzvf Pound-3.0d.tg; cd Pound-3.0d/build
# cmake .. && make
- Running
# ./pound -c && ./pound -d 1000
- last 5 lines from the debug:
7FB0DBB58700 peer address 127.0.0.1
/root/tmp/Pound/Pound-3.0d/src/http.c:525
7FB0DC359700 peer address 127.0.0.1
/root/tmp/Pound/Pound-3.0d/src/http.c:525
7FB0DBB58700 start sni /root/tmp/Pound/Pound-3.0d/src/util.c:157
7FB0DBB58700 sni for testing.mytest.com
/root/tmp/Pound/Pound-3.0d/src/util.c:165
Segmentation fault (core dumped)
- Breno
On Tue, 6 Oct 2020 at 08:46, Robert Segall <[email protected]> wrote:
> Hallo Breno
>
> We tested with your certificate and it runs fine, thus: CANNOT
> REPRODUCE (temporarily). I suggest you have a look at other things,
> such as your environment and compilation.
>
> If somebody is running the same OS version (CentOS 8.2.2004) please try
> to have a look and let us know.
>
> On Mon, 2020-10-05 at 17:09 -0400, Breno Brand Fernandes wrote:
> > Hi Robert,
> >
> > Sure, you're welcome.
> >
> > To be frank, in my tests I was using a *real* certificate, used by
> > the
> > local environment we have running here and because of that, I can't
> > share
> > it.
> > So this time I self-generated the certificate. I used a fictitious
> > domain.
> > And generated it with:
> >
> > 1 openssl req -x509 -nodes -newkey rsa:2048 -keyout cert.key -out
> > cert.crt
> > 2 openssl x509 -inform PEM -in cert.crt >> cert.pem
> >
> > It was tested both Pound and Pound3 with the exact configuration
> > mentioned
> > in the previous email.
> > I've got the same error. The pem certificate file is here [1].
> >
> > The output of running pound with debugging is here [2].
> >
> > 1 https://pastebin.com/aMdxtd1P
> > 2 https://pastebin.com/DGAFHDLE
> >
> > Please, let me know if there's anything else I could help you with.
> >
> > - Breno
> --
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-32-512 30 19
>
>
> --
> pound mailing list
> [email protected]
> https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
>
--
pound mailing list
[email protected]
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
