[Chilli] OpenSSL & redirssl etc

Timothy nzkbuk at gmail.com
Fri Apr 23 15:07:33 UTC 2010


Hi David,

I look to still be having the problem.

When running in debug & connecting via http to a static file in
/etc/chilli/www

redir.c: 2524: 0 (Debug) Calling redir_getstate()
redir.c: 2550: 0 (Debug) Receiving HTTP Request
redir.c: 1497: 0 (Debug) The path: www/test.html
redir.c: 1567: 0 (Debug) Host: <removed>:3990
redir.c: 1584: 0 (Debug) User-Agent: Mozilla/5.0 (Windows; U; Windows NT
5.1; en-GB; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)
redir.c: 1550: 0 (Debug) end of http-request
redir.c: 1693: 0 (Debug) Serving file test.html
redir.c: 2598: 0 (Debug) Processing HTTP Request
redir.c: 2318: 0 (Debug) close_exit
chilli.c: 73: 0 (Debug) received 18 signal

When trying with https:// I get

redir.c: 1385: 0 (Debug) HTTP request timeout!
redir.c: 1706: 0 (Debug) -->> Setting userurl=[http:///]
redir.c: 2598: 0 (Debug) Processing HTTP Request
redir.c: 2839: 0 (Debug) Processing received request
redir.c: 3051: 0 (Debug) redir_accept: Original request
redir.c: 3072: 0 (Debug) ---->>> resetting challenge:
c62d84b69bd8916fc3a536a63e7b5976
redir.c: 3083: 0 (Debug) ---->>> challenge: c62d84b69bd8916fc3a536a63e7b5976
redir.c: 2318: 0 (Debug) close_exit
chilli.c: 73: 0 (Debug) received 18 signal




Compiled with ENABLE_CHILLIPROXY ENABLE_CHILLIRADSEC ENABLE_CHILLIXML
ENABLE_IEEE8021Q ENABLE_JSON ENABLE_LEAKYBUCKET ENABLE_SESSGARDEN
HAVE_OPENSSL

I think there may need to be some additional items for radsec config
still (remote server(s) and port(s), I might be misreading the defaults
and functions file though). I can see where radsec is configured to
listen on localhost. Does HS_RADPROXY=on cause coova-chilli to speak to
the local proxy and then HS_RADIUS= is the remote server ?

    [ -n "$HS_SSLKEYFILE" -a -n "$HS_SSLCERTFILE" ] && {
        addconfig2 "sslkeyfile $HS_SSLKEYFILE"
        addconfig2 "sslcertfile $HS_SSLCERTFILE"
    }

Should that contain sslcafile.

Maybe I've just been looking at this too long and not thinking clearly
enough

Tim

David Bird wrote:
> Hi Tim,
>
> You are always encouraged to check against the current subversion; and
> to restate your problem if it persists. I'm testing various features
> now, including redirssl, uamuissl, and radsec, and have success. I'm
> currently configured with:  ./configure --enable-largelimits
> --enable-proxyvsa --enable-miniportal --enable-chilliredir
> --enable-chilliproxy --enable-binstatusfile --with-poll
> --enable-chilliradsec --with-openssl , btw, I took your off-line
> suggestion and you'll find this also in the subversion version:
>
> $ chilli --help
> coova-chilli 1.2.3-rc1
>
> ...
>
> Compiled with ENABLE_BINSTATFILE ENABLE_CHILLIPROXY ENABLE_CHILLIRADSEC
> ENABLE_CHILLIREDIR ENABLE_CHILLIXML ENABLE_IEEE8021Q ENABLE_JSON
> ENABLE_LARGELIMITS ENABLE_LEAKYBUCKET ENABLE_MINIPORTAL ENABLE_PROXYVSA
> ENABLE_SESSGARDEN ENABLE_STATFILE HAVE_OPENSSL USING_POLL 
>
> David
>
> On Tue, 2010-04-20 at 13:23 +0100, Timothy wrote:
>   
>> Hi,
>>
>> A while ago there were some issues with REDIRSSL and OpenSSL (matrix SSL
>> worked fine)
>> The error was ssl_error_rx_record_too_long
>> Has anyone been able to get this working correctly with openssl (rather
>> than matrix) or is this issue still outstanding ?
>>
>> I'm trying to get UAMUISSL working but I get the
>> ssl_error_rx_record_too_long.
>>
>> Tim
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>     
>
>
>   



More information about the Chilli mailing list