Article delegate-en/4685 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4684@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Bad Request with SNI
02 Dec 2009 09:20:03 GMT "Bernhard Rauh" <pjejabdyi-p5lznxlk4zxr.ml@ml.delegate.org>


Hallo Yutaka,

no - sorry! I've oversight, but now after input make:

...
/usr/bin/make -f Makefile.go libcfi.a SHELL="/bin/sh" HDRDIR="-I../gen
-I../include "
make[4]: Entering directory `/root/delegate/delegate9.9.6/filters'
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c dl.c -o dl.o
cc -O2 -x c++ -DQS  -I../gen -I../gen -I../include  -c cfi.c -o cfi.o
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c cafe.c -o
cafe.o
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c backup.c -o
backup.o
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c dping.c -o
dping.o
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c swft.c -o
swft.o
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c pdft.c -o
pdft.o
./mkstab < sslway.c > sslway_dl.c
cc -O2 -x c++ -DQS  -I../gen -I../src -I../gen -I../include  -c sslway_dl.c
-o sslway_dl.o
sslway_dl.c: In function ‚void set_vhost(SSL*)‚:
sslway_dl.c:1952: error: expected primary-expression before ‚||‚ token
sslway_dl.c:1953: error: expected `;' before ‚)‚ token
make[4]: *** [sslway_dl.o] Fehler 1
make[4]: Leaving directory `/root/delegate/delegate9.9.6/filters'
make[3]: *** [libx] Fehler 2
make[3]: Leaving directory `/root/delegate/delegate9.9.6/filters'
mkmake: ERROR LOG is left at /root/delegate/delegate9.9.6/filters/mkmake.err
mkmake: ERROR LOG is left at /root/delegate/delegate9.9.6/filters/mkmake.err
make[2]: *** [../lib/libcfi.a] Fehler 2
make[2]: Leaving directory `/root/delegate/delegate9.9.6/src'
make[1]: *** [start0] Fehler 2
make[1]: Leaving directory `/root/delegate/delegate9.9.6/src'
mkmake: ERROR LOG is left at /root/delegate/delegate9.9.6/src/mkmake.err
mkmake: ERROR LOG is left at /root/delegate/delegate9.9.6/src/mkmake.err
make: *** [all] Fehler 2

Here the episode in ./filters/sslway.c

}
static void set_vhost(SSL *conSSL){
        const char *vhost;
        /*
        if( vhost = getenv("SERVER_NAME") ){
        /*
        if( (vhost = getenv("SERVER_HOST")) /* destination host */
         || (vhost = getenv("SERVER_NAME")) /* incoming I.F. */
        ){
                TRACE("-- TLSxSNI: send %s",vhost);
                SSL_set_tlsext_host_name(conSSL,vhost);
        }
}

The parameter SSLTUNNEL is necessary, because the connection is only
possible with an upstream-proxy.

Cheers,
Bernhard

-----UrsprŁngliche Nachricht-----
Von: Yutaka Sato [mailto:feedback@delegate.org] 
Gesendet: Mittwoch, 2. Dezember 2009 09:19
An: feedback@delegate.org
Cc: pjejabdyi-p5lznxlk4zxr.ml@ml.delegate.org
Betreff: Re: [DeleGate-En] Bad Request with SNI

Bernhard,

In message <004801ca7326$e2bc6770$a8353650$@rauh@genia-sec.de> on
12/02/09(17:10:17)
you "Bernhard Rauh" <pjejabdyi-p5lznxlk4zxr.ml@ml.delegate.org> wrote:
 |below the logfile from the test with the parameter TLSCONF=-vd.
 |At the client-browser the message "Bad Request - Your browser sent a
request
 |that this server could not understand." will be shown.

 |12/02 09:24:33.21 [2661] 1+1: ## SSLway -- TLSxSNI: send 192.168.1.222
...
 |12/02 09:24:33.48 [2661] 1+1: HTTP error request: GET / HTTP/1.0^M
 |12/02 09:24:33.48 [2661] 1+1: HTTP error status: 400 Bad Request

Did you applied the patch?
And what you will get if without the SSLTUNNEL=... option?

 |*** dist/src/delegate9.9.6/filters/sslway.c	Tue Nov 17 16:28:00 2009
 |--- ./filters/sslway.c	Wed Dec  2 02:57:08 2009
 |***************
 |*** 1945,1951 ****
 |--- 1945,1956 ----
 |  }
 |  static void set_vhost(SSL *conSSL){
 |  	const char *vhost;
 |+ 	/*
 |  	if( vhost = getenv("SERVER_NAME") ){
 |+ 	*/
 |+ 	if( (vhost = getenv("SERVER_HOST")) /* destination host */
 |+ 	 || (vhost = getenv("SERVER_NAME")) /* incoming I.F. */
 |+ 	){
 |  		TRACE("-- TLSxSNI: send %s",vhost);
 |  		SSL_set_tlsext_host_name(conSSL,vhost);
 |  	}

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


GENIA-SEC IT-Sicherheitsmanagement GmbH
Lerchenstr. 40
86830 Schwabmuenchen

Telefon: 00000/000-00X
Telefax: 00000/000-00X
Web: http://www.genia-sec.de/
________________________________________________
Geschaeftsfuehrer: Dipl.-Inform. Christian Brinz   Sitz der Gesellschaft: Schwabmuenchen   Handelsregister: AG Augsburg, HRB 17726


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V