Article delegate-en/4821 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4819@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSL-Problem
31 May 2010 07:17:30 GMT "Bernhard Rauh" <pjejabdyi-qjiq2j53zdzr.ml@ml.delegate.org>


Dear Yutaka,

I have tested the new version (delegate9.9.8-pre4) and it work's very well!

Also I have configured the delegate like this and it work's fine:
|[argument for DeleGate]
 |  STLS=fsv
 |[files]
 |  DGROOT/etc/certdir/me.pem            ... certificate
 |  DGROOT/etc/certdir/me-key.pem        ... private key
 |  DGROOT/etc/certdir/me-key.pas        ... password
 |
 |See <URL:http://www.delegate.org/delegate/Manual.htm#CERTDIR>

Thank's for your support!

Cheers,
Bernhard

-----Ursprüngliche Nachricht-----
Von: Yutaka Sato [mailto:feedback@delegate.org] 
Gesendet: Mittwoch, 26. Mai 2010 19:52
An: feedback@delegate.org
Cc: pjejabdyi-qjiq2j53zdzr.ml@ml.delegate.org
Betreff: Re: [DeleGate-En] SSL-Problem

Bernhard,

In message <_A4818@delegate-en.ML_> on 05/27/10(00:12:42) I wrote:
 |Bernhard,
 |
 |In message <004701cafcda$71b703d0$55250b70$@rauh@genia-sec.de> on
05/26/10(22:50:46)
 |you "Bernhard Rauh" <pjejabdyi-qjiq2j53zdzr.ml@ml.delegate.org> wrote:
 | |I have generated the log-files for two versions - see attachment.
 |
 |Thank you for your logging.  In the logging, I saw that your sslway does
 |not load the certificate specified in the argument.  And I could reproduce
 |it happens in DeleGate versions after 9.9.7-pre1.  I'll modify DeleGate
 |to get those arguments again but...

Firstly I doubted that maybe I disabled sslway arguments intentionally in
the revision, but reviewing the code I found that it was just my mistake :-)
I'll fix it as the enclosed patch in the next release.
But anyway you are not recommended to use old fashined FSV="sslway
arguments"

 | | |The 9.9.6-configuration with the parameters FSV="sslway -cert
$DIR/$CERT
 | | |-pass pass:$PASS"  works well.  
 |
 |Specifying SSL or TLS configuration with the FSV parameter has become
 |almost obsolete today.  The currently recommeded way is putting files and
 |argument as follows:
 |
 |[argument for DeleGate]
 |  STLS=fsv
 |[files]
 |  DGROOT/etc/certdir/me.pem            ... certificate
 |  DGROOT/etc/certdir/me-key.pem        ... private key
 |  DGROOT/etc/certdir/me-key.pas        ... password
 |
 |See <URL:http://www.delegate.org/delegate/Manual.htm#CERTDIR>

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** dist/src/delegate9.9.8-pre3/src/filter.c	Sat Mar 13 13:21:33 2010
--- ./src/filter.c	Thu May 27 02:42:59 2010
***************
*** 369,374 ****
--- 369,378 ----
  		if( snihost[0] && ac < elnumof(av) ){
  			refQStr(ap,argb);
  			ap = argb+strlen(argb);
+ 			if( 0 < ac ){
+ 				/* 9.9.8 not to overwrite av[] (9.9.7-pre1)
*/
+ 				ap = av[ac-1] + strlen(av[ac-1]) + 1;
+ 			}
  			av[ac++] = ap;
  			av[ac] = 0;
  			sprintf(ap,"SNIHOST=%s",snihost);


GENIA-SEC IT-Sicherheitsmanagement GmbH
Lerchenstr. 40
86830 Schwabmuenchen

Telefon: 00000/000-00X
Telefax: 00000/000-00X
Web: http://www.genia-sec.de/
________________________________________________
Geschaeftsfuehrer: Dipl.-Inform. Christian Brinz   Sitz der Gesellschaft: Schwabmuenchen   Handelsregister: AG Augsburg, HRB 17726


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V