/ Zope / Apsis / Pound Mailing List / Archive / 2004 / 2004-04 / Pound/SSL Startup Error Follow Up

[ << ] [ >> ]

[ HTTP pthread_create: Cannot allocate memory / ... ] [ Re: Pound/SSL Result / Jonathan Cyr ... ]

Pound/SSL Startup Error Follow Up
Jonathan Cyr <cyrj(at)cyr.info>		 2004-04-15 22:25:08 [ SNIP ] 
Evidently, no one has any advice on my specific issue.

Maybe a few other questions will help me solve this...  figure out what 
to check or try next...

1)  Are there optional components of OpenSSL that Pound needs, that the 
SuSE YAST2 installer may have not installed with OpenSSL, I read a 
reference to a developer library (somewhere)?

2) In the instructions for installing OpenSSL from tarball on SuSE 9.0, 
you apparently don't have to define your OpenSSL home directory, and use 
some sort of "shared" parameter.  Does this change how you might 
configure Pound with the SSL-home-directory configure script parameter?  
Should I have installed it from a tarball, rather than the SuSE installer?

3) Does anyone have Pound 1.7 running on SuSE 9.0, give me hope... I've 
seen the nightmares on this list from RedHat 9.0, any nightmares with 
SuSE 9.0?

4) Are there any good resources for running OpenSSL in a non-Apache way, 
Pound seems to use OpenSSL like an IMAP or Jabber server would?  The 
Safari bookshelf from OReilly has a few books, Linux Security Cookbook, 
and the Using OpenSSL book, somewhat helpful, bu t  no answer for me.

I apologize for the newbie nature of these questions, but I had Pound 
1.3 running on RedHat AS2.1 for 8-9 months problem-free (still working 
except for broken certs), before Verisign moved its certificates and 
broke the chain of certificates, RedHat's modified OpenSSL couldn't be 
upgraded...

<whine continued>...

Just trying to get a newer solution in place, and I had it all working 
before... grrrrr!

Thanks for any help you may have,

-Jonathan Cyr
cyrj(at)cyr.info



Jonathan Cyr wrote:

>Hello,
>
>Having problems with startup of Pound.  I am running SuSE 9.0, kernel 2.4.21,
with OpenSSL 0.9.7b., and Pound 1.7.  
>
>The first instance on port 80 starts fine, so I know Pound is set up correctly
for normal web traffic.
>
>Config file:
>
># Main listening ports
>ListenHTTPS 192.168.0.25,443 /usr/share/ssl/certs/combo1.pem
>User root
>Group adm
>RootJail /var/pound/jail
>Client 15
>Alive 60
>HTTPSHeaders 0 ""
>LogLevel 3
>
>.(continues on)
>
>When started on 443, the log shows starting... then
>
>Apr  7 16:15:20 echo1 pound: SSL_CTX_use_certificate_chain_file failed -
aborted
>
>I used the suggested self-signed openssl command in the Pound SSL Section of
the documentation.
>
>openssl req -x509 -newkey rs:1024 -keyout test.pem -out test.pem \
>            -days 365 -nodes
>
>The OpenSSL discussion group seems to be down, I'm thinking OpenSSL is the
culprit here.
>
>Also, After I have a self-signed certificate working, I need to generate a CSR
for Verisign, what command would I use for that, with Pound... there are so
many variants in OpenSSL documentation and help sources.  
>
>Help greatly appreciated,
>
>-Jonathan Cyr
> cyrj(at)cyr.info
>
>
>
>  
>
Re: Pound/SSL Startup Error Follow Up
Robert Segall <roseg(at)apsis.ch>		 2004-04-16 15:42:32 [ SNIP ] 
On Thu, 2004-04-15 at 22:25, Jonathan Cyr wrote:
> Evidently, no one has any advice on my specific issue.

Evidently? Maybe it's just that nobody thinks we should discuss OpenSSL
issues on a Pound mailing list.

> Maybe a few other questions will help me solve this...  figure out
> what to check or try next...
> 
> 1)  Are there optional components of OpenSSL that Pound needs, that
> the SuSE YAST2 installer may have not installed with OpenSSL, I read a
> reference to a developer library (somewhere)?

If it compiled you don't need anything else - as far as Pound is
concerned.

> 2) In the instructions for installing OpenSSL from tarball on SuSE
> 9.0, you apparently don't have to define your OpenSSL home directory,
> and use some sort of "shared" parameter.  Does this change how you
> might configure Pound with the SSL-home-directory configure script
> parameter?  Should I have installed it from a tarball, rather than the
> SuSE installer?

No.

> 3) Does anyone have Pound 1.7 running on SuSE 9.0, give me hope...
> I've seen the nightmares on this list from RedHat 9.0, any nightmares
> with SuSE 9.0?

We have Pound running on an older SuSE and a bunch of other distros.

> 4) Are there any good resources for running OpenSSL in a non-Apache
> way, Pound seems to use OpenSSL like an IMAP or Jabber server would? 
> The Safari bookshelf from OReilly has a few books, Linux Security
> Cookbook, and the Using OpenSSL book, somewhat helpful, bu t  no
> answer for me. 

Maybe reading up some more on OpenSSL would be helpful - again, these
are not Pound issues. Besides, you don't "run" OpenSSL.

> I apologize for the newbie nature of these questions, but I had Pound
> 1.3 running on RedHat AS2.1 for 8-9 months problem-free (still working
> except for broken certs), before Verisign moved its certificates and
> broke the chain of certificates, RedHat's modified OpenSSL couldn't be
> upgraded... 
> 
> <whine continued>... 
> 
> Just trying to get a newer solution in place, and I had it all working
> before... grrrrr!
> 
> Thanks for any help you may have,

I suggest you take this off-list. Send me your cert file (if it is
self-signed, as you'll need a new one afterwards) via private mail and
I'll have a look at it.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-1-920 4904
MailBoxer