Thursday, February 18, 2010

rpm strip out debug symbol

When I build the rpm, it always extract out the debug symbols by running:
rpm --eval %__spec_install_post
/usr/lib/rpm/brp-compress
/usr/lib/rpm/brp-strip
/usr/lib/rpm/brp-strip-static-archive
/usr/lib/rpm/brp-strip-comment-note

which is very frustrating. You can disable it by using:
%define __spec_install_port /usr/lib/rpm/brp-compress
%define debug_package %{nil} 
However, I already have a version installed in the production.
I got core file, but cannot get useful backtrace. So this time, 
I have all these debug options enabled:
-ggdb -g3 -O0 
 










Posted by



at





1 comment:
  

















Labels:

















          

        

          

        

Friday, February 5, 2010


          

        









send https request via a proxy which is chain to another proxy using ssl










I am trying to send a https request via a proxy which is chain to another proxy by setting the cache_peer ssl in the first proxy and https_port in the second proxy. The upstream proxy gives me this error:


2010/02/05 16:31:39| clientNegotiateSSL: Error negotiating SSL connection on FD 21: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:http

s proxy request (1/-1)



This is the error defined in the openssl Library: SSL_R_HTTP_PROXY_REQUEST.



Let me have a background how the https via proxy works:

(1) The browser send a CONNECT request to the proxy

(2) The proxy open the 443 on the https web server

(3) Then the proxy sends the HTTP/1.0 200 connect established to the browser

(4) At this point, all the message will be relayed from this connection.



In our case, as the upstream is also a proxy, so it will forward "CONNECT xxx:443 HTTP/1.0 ...." to the upstream proxy directly, which is not SSL traffic and rejected by the upstream.




















Posted by



at





No comments:
  

















Labels:

















          

        

          

        

Thursday, February 4, 2010


          

        









Configure polygraph to test https reverse proxy










You can configure the polygraph to test https reverse proxy:

(1) Set up the https_port for the reverse proxy (You have to disable the client certificate authentication as the polygraph does not support it.)

(2) In the workload file, add these tags:


SslWrap wrap = { 

    protocols = [ "SSLv2":40%, "SSLv3", "TLSv1" ];

    root_certificate = "/opt/exampleca/cacert.pem";    
   ciphers = [ "ALL:HIGH": 100% ];

    rsa_key_sizes = [ 1024bit ];



    session_resumption = 40%;

    session_cache = 100;

}; 



Proxy pxySsl = {

    addresses = [ '10.191.237.4:8888' ];

    server.ssl_wraps = [ wrap ];

};

use(pxySsl);
Also add this to  Robot:

    ssl_wraps = [ wrap ];









Posted by



at





No comments:
  

















Labels:

















        

      









Subscribe to:
Posts (Atom)