On 2/3/2010 8:33 AM, Farhan Ahmed wrote:[...]

I think CAlist isn't what you need, just use the cert directive, and 
'cat' the intermediate cert onto your own.  So:

$ ca foo.key foo.crt intermediate.cert > foo.pem

That's all there is to it.
[...]

----- Original Message ----- 
From: "Farhan Ahmed" <farhan.mobin(at)gmail.com>
To: <pound(at)apsis.ch>
Sent: Wednesday, February 03, 2010 8:33 AM
Subject: [Pound Mailing List] Chain Certificate

[...]


I had to install a new chained cert recently and I had to have them in this 
order for it to work, other orders did not work:

-----BEGIN PRIVATE KEY-----
Server key (pasted in the new key here)
-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
Server certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
 Intermediate CA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
Root CA
-----END CERTIFICATE----- 

[...]

--------------------------------------------------------------------------------



Internal Virus Database is out of date.
Checked by AVG - www.avg.com
Version: 8.5.421 / Virus Database: 270.14.16/2435 - Release Date: 10/14/09 
06:33:00

Thanks

Sent from my iPhone

On Feb 3, 2010, at 9:11 AM, "Brian Mastrobuono" <brianm(at)winkflash.com>
 
wrote:
[...][...][...][...][...]

Thanks Brian. It worked for me.

Farhan

Sent from my iPhone

On Feb 3, 2010, at 9:11 AM, "Brian Mastrobuono" <brianm(at)winkflash.com>
 
wrote:
[...][...][...][...][...]

Hi All,
Can anybody please help me on understanding the logic of source ip-hashing
followed in Pound.From the documentation it is not clear to me and I am
newbie to C language.
Thanks in advance.
-Raj.

On Thu, Jan 28, 2010 at 6:57 PM, Dave Steinberg <dave(at)redterror.net>
wrote:
[...][...][...][...][...]

On Feb 2, 2010, at 23:31 , Joe Gooch wrote:
[...]

This turned out to be a diffutils issue, not an error in my code :)

Cheers, Peter

On Tue, 2010-02-02 at 22:53 +0000, Joe Gooch wrote:[...]

Thanks Joe. Would it be OK to put the link on the Pound page?[...]

On Tue, 2010-02-02 at 21:54 +0000, Joe Gooch wrote:[...]

Correct. We'll fix that in the next release.
[...]

I don't think that's right. Disabled is disabled.[...]

> -----Original Message-----[...]

In this case, disabled is not disabled. :)

Use case 1) 2 Backends, 1 of which is Disabled

Tot_pri is >0
Sessions are consulted
All new requests (session cache misses) are sent to the active backend.
All requests that match a session to the disabled backend are still sent to the
disabled backend.
   (hence, disabled is not disabled, it just means it isn't receiving NEW
sessions)

Use case 2)  2 Backends, Both are disabled
Tot_pri = 0
Sessions are NOT consulted.  get_backend ALWAYS returns svc->emergency. 
Existing sessions are NOT sent to their "stuck" backend.  This is inconsistent
with case 1.



Expected behavior:
Sessions are consulted
All new requests (session cache misses) are sent to the svc->emergency
backend.
All requests that match a session are still sent to their appropriate disabled
backend.



The existing code is only correct when sessions are not used.  Unless my
expected behavior is not the intended behavior, in which case, use case 1 is,
at best, inconsistent.


Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540

Sure!

Thanks.

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540

[...]

Let's try that again...

Sure!

Thanks.

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540

[...]

Hopefully this isn't garbled...
[...]

In this case, disabled is not disabled. :)

Use case 1) 2 Backends, 1 of which is Disabled

Tot_pri is >0
Sessions are consulted
All new requests (session cache misses) are sent to the active backend.
All requests that match a session to the disabled backend are still sent to the
disabled backend.
   (hence, disabled is not disabled, it just means it isn't receiving NEW
sessions)

Use case 2)  2 Backends, Both are disabled
Tot_pri = 0
Sessions are NOT consulted.  get_backend ALWAYS returns svc->emergency. 
Existing sessions are NOT sent to their "stuck" backend.  This is inconsistent
with case 1.



Expected behavior:
Sessions are consulted
All new requests (session cache misses) are sent to the svc->emergency
backend.
All requests that match a session are still sent to their appropriate disabled
backend.



The existing code is only correct when sessions are not used.  Unless my
expected behavior is not the intended behavior, in which case, use case 1 is,
at best, inconsistent.


Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540

Let's try that again...

Sure!

Thanks.

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540

[...]

Forcing western European... hopefully outlook and the pound list won't choke on
this one.

A lot of effort to tell Rob that yes, he can post a link to my patches!

My apologies for the garbles messages fellow netizens.

Joe

[...]

Resend, ungarbled.
[...]

In this case, disabled is not disabled. :)

Use case 1) 2 Backends, 1 of which is Disabled

Tot_pri is >0
Sessions are consulted
All new requests (session cache misses) are sent to the active backend.
All requests that match a session to the disabled backend are still sent to the
disabled backend.
   (hence, disabled is not disabled, it just means it isn't receiving NEW
sessions)

Use case 2)  2 Backends, Both are disabled
Tot_pri = 0
Sessions are NOT consulted.  get_backend ALWAYS returns svc->emergency. 
Existing sessions are NOT sent to their "stuck" backend.  This is inconsistent
with case 1.



Expected behavior:
Sessions are consulted
All new requests (session cache misses) are sent to the svc->emergency
backend.
All requests that match a session are still sent to their appropriate disabled
backend.



The existing code is only correct when sessions are not used.  Unless my
expected behavior is not the intended behavior, in which case, use case 1 is,
at best, inconsistent.

Joe

Upgrading to OpenBSD 4.6 and Pound 2.5 has *not* changed this behavior.

-HKS

On Wed, Jan 6, 2010 at 5:38 PM, (private) HKS <hks.private(at)gmail.com>
wrote:[...][...]
>>> This message recently began appearing in my logs. It tends to come
in
>>> clumps of 3-4 within a minute.
>>>
>>> pound: (7db89400) Can't read BIO_f_base64
>>>
>>> This message appears in the authorization-header-handling code if
>>> Pound can't read the username (or something - my C skills are very
>>> subpar). What generally causes this?[...][...]

Please download and apply http://users.k12system.com/mrwizard/pound/pound-2.5-base64.patch.bz2

NOTE: this will add additional log messages that will include user/password
information in your logs... but it'll also give you a better idea of what's
going on.

I've found a couple cases where this type of error occurs:
1) A browser or server putting the base64 value in ""
2) A browser URL escaping + and / characters as %2b and %2d

This patch takes care of the second... I ran into the first only when I changed
authentication to read a cookie, so it shouldn't be a problem for Auth Basic. 
If it is, you'll see it in the logs.

Joe

[...]

Please download and apply http://users.k12system.com/mrwizard/pound/pound-2.5-base64.patch.bz2

NOTE: this will add additional log messages that will include user/password
information in your logs... but it'll also give you a better idea of what's
going on.

I've found a couple cases where this type of error occurs:
1) A browser or server putting the base64 value in ""
2) A browser URL escaping + and / characters as %2b and %2d

This patch takes care of the second... I ran into the first only when I changed
authentication to read a cookie, so it shouldn't be a problem for Auth Basic. 
If it is, you'll see it in the logs.

Joe

[...]

Hello,

So I did the export:

export ac_cv_func_malloc_0_nonnull=yes

Then I did "make clean", "./configure", and "make clean" and then make.
Success:

gcc  -pthread -o pound pound.o http.o config.o svc.o -lssl -lcrypto -lresolv
-ldl   -lm -ltcmalloc
gcc -DF_CONF=\"/usr/local/etc/pound.cfg\" -DVERSION=\""2.5"\" -DC_SSL=\"""\"
-DC_T_RSA=\""0"\" -DC_MAXBUF=\""0"\" -DC_OWNER=\"""\" -DC_GROUP=\"""\"
-DC_SUPER=\""0"\" -DC_CERT1L=\"""\" -g -O2 -pthread -DUPER -DNEED_STACK
-DHAVE_SYSLOG_H=1 -pthread  -D_REENTRANT -D_THREAD_SAFE -Wstrict-prototypes
-pipe   -c -o poundctl.o poundctl.c
gcc  -pthread -o poundctl poundctl.o -lssl -lcrypto -lresolv -ldl   -lm
-ltcmalloc

Thanks!
[...]