Hallo Sandrino Thank you for the report. I am a bit baffled by this, so let's try some debugging:
1. what version on mbedtls are you using? 2. Could you please send the certificate(s) you are using (without the private keys please!) 3. What is the exact request you are sending? The SEGV happens when Pound tries to match the host you are requesting to the SNI data in the certificate(s) you provided. On Thu, 2021-05-06 at 19:13 +0200, Sandrino Torelli via pound wrote: > Hello Robert, > > when accessing my URL in HTTPS pound is dying in a segfault. > In HTTP everything seems to work perfectly. > > I'm using a let's encrypt certificate. > > For the test I have installed a fresh gentoo box. > > my pound.yaml : > > Global: > - User: nobody > Group: nobody > > Backends: > - &Pound-101 > Address: 127.0.0.1 > Port: 81 > - &Web-101 > Address: 10.10.10.3 > Port: 80 > > HTTPListeners: > > HTTPSListeners: > - Address: xxx.xxx.xxx.xxx > Port: 443 > Certificates: > - "/etc/letsencrypt/live/test.xyz.lu/pound-fullkeychain.pem" > Services: > - HeadRequire: test.xyz.lu > Backends: > - *Web-101 > > The log from launch to the segfault : > > debug option 9 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:632 > config file option /etc/pound.yaml /var/tmp/portage/www- > servers/pound-3.0/work/Pound-3.0/src/config.c:622 > start get_others /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:564 > start get_backends /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:123 > addr 127.0.0.1 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:139 > port 81 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:142 > push /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:168 > addr 10.10.10.3 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:139 > port 80 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:142 > push /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:168 > start get_https /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:489 > address xxx.xxx.xxx.xxx /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:510 > port 443 /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:513 > start get_certificates /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:451 > start get_one(/etc/letsencrypt/live/test.xyz.lu/pound- > fullkeychain.pem) /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:376 > get_one add pattern test.xyz.lu /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:403 > get_one add pattern test.xyz.lu /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:424 > get_one: added 2 patterns /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:436 > start get_services /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:209 > HeadRequire test.xyz.lu /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/config.c:237 > push /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:258 > push /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/config.c:552 > Prepare backends /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/pound.c:153 > Prepare listeners /var/tmp/portage/www-servers/pound-3.0/work/Pound- > 3.0/src/pound.c:185 > Prepare services for listener 0 /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/pound.c:188 > Starting resurrector thread /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/util.c:80 > 7F7883296640 start service /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:45 > 7F7883296640 Null session: /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:52 > 7F7880290640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7880290640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F787FA8F640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F787FA8F640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F787F28E640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F787F28E640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F7880A91640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7880A91640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F7881292640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7881292640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F7881A93640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7881A93640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F7882294640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7882294640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F7882A95640 thr_http start /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:535 > 7F7882A95640 start loop /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/http.c:539 > 7F787F28E640 peer address xxx.xxx.xxx.xxx /var/tmp/portage/www- > servers/pound-3.0/work/Pound-3.0/src/http.c:549 > 7F787F28E640 start sni /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/util.c:157 > 7F787F28E640 sni for test.xyz.lu /var/tmp/portage/www-servers/pound- > 3.0/work/Pound-3.0/src/util.c:165 > Segmentation fault > > Should you need more information I would be happy to provide them. > > Best Regards > > Sandrino > > -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
