search

graygnuorg / pound

Light-weight reverse proxy, load balancer and HTTPS front-end for Web servers.
GNU General Public License v3.0
43 stars 13 forks source link

4.13: "out of memory" when BIO_read() returns -1 #35

Closed leres closed 4 weeks ago

leres commented 4 weeks ago

I use pound to allow some legacy IOT devices access a reset API running on apache. I'm using self-signed certs. My config disables TLSv1, requires a client cert for incoming, and connects to apache on 80/http (on localhost). Nothing works after upgrading from 4.11 to 4.13 and syslog shows a bunch of "out of memory" errors.

The call to lognomem() is happening at the add_ssl_headers() call in send_to_backend() and is because add_ssl_headers() returns -1 when the get_line() call fo X509_get_subject_name returns COPY_READ_ERR because BIO_read returns -1.

I suspect the "out of memory" error message is plain wrong but otherwise don't understand why this no longer works for me. I've attached an approximation of my config.

pound.cfg.txt

graygnuorg commented 4 weeks ago

Thanks for reporting. I fixed it in commit 0208af3d7691180fac3705b46d035c3141fb6267. Please pull.

leres commented 4 weeks ago

That solves the issue, thanks for the quick fix!