Hi,

I am having problems with the following very simple configuration for pound on
FreeBSD 6.4 (amd64):

ListenHTTPS
  Address 192.41.170.47
  Port 443
  Cert "/usr/local/ssl/crt/pound/www2.cs.ait.ac.th"
  CAlist "/usr/local/ssl/ca/ait-itserv.crt"
  Service
    Backend
      Address localhost
      Port 8080
    End
  End
End

ListenHTTPS
  Address 192.41.170.48
  Port 443
  Cert "/usr/local/ssl/crt/pound/zope2.cs.ait.ac.th"
  CAlist "/usr/local/ssl/ca/csim-ca.crt"
  Service
    Backend
      Address localhost
      Port 8080
    End
  End
End

If I use only one HTTPS listener, it works fine, whichever the
listener I use, so I understand that my certificates are correct.

If I use the 2 listerners, I got the error:

line 16: SSL_CTX_use_certificate_chain_file
"/usr/local/ssl/crt/pound/zope2.cs.ait.ac.th" failed - aborted
error:0906D06C:PEM routines:PEM_read_bio:no start line

If I swap the two listerners, I get the same error.

It could be that OpenSSL does not support threads on FreeBSD, but the
I understand that pound should not build.

A related question:

Configure for pound mentions:

  --with-ssl=directory    location of OpenSSL package

What directory is it? /usr/local/include, /usr/local/lib, something
else?

TIA,

Olivier

Hi,

Replying to myself...

> If I use the 2 listerners, I got the error:
> 
> line 16: SSL_CTX_use_certificate_chain_file
"/usr/local/ssl/crt/pound/zope2.cs.ait.ac.th" failed - aborted
> error:0906D06C:PEM routines:PEM_read_bio:no start line
> 
> If I swap the two listerners, I get the same error.
> 
> It could be that OpenSSL does not support threads on FreeBSD, but the
> I understand that pound should not build.

It seems that it waas due to the lack of thread support in the stock
OpenSSl that comes with FreeBSD. That's weird because the packaged
version builds with thread by default.

I have it working now.

Olivier