world leader in high performance signal processing
Trace: » pound

pound – the SSL wrapper for HTTP web server boa

What is pound

The Pound program is a HTTPS front-end and load balancer for Web servers. It was developed to allow for a convenient SSL wrapper for those Web servers that do not offer it natively and to enable distributing the load among several Web-servers. As in blackfin uClinux, the Web server is boa. And to have pound working, boa is required to be run firstly.

Enable SSL library for pound

As a https wrapper, the pound program needs openssl library enabled. The library package can be downloaded from http://www.openssl.org. The openssl library patch named libssl_bfin_patch under the uClinux-dist/bfin_patch/libssl_patch is generated against openssl-0.9.8.tar.gz.

Howto and Man pages

Using Pound in blackfin uclinux

  • Add SSL library

Download openssl-0.9.8c.tar.gz from http://www.openssl.org.

tar zxf  openssl-0.9.8c.tar.gz.
patch –p0  <  /your/uClinux/path/bfin_patch/libssl_patch/libssl_bfin.patch
rm –rf  /your/uClinux/path/lib/libssl
mv  openssl-0.9.8c  /your/uClinux/path/lib/libssl
  • Build libssl and pound into image

Under Customize Vendor/User Settings

Library Configuration  ---> 
   [*] Build libSSL 
blackfin app programs  ---> 
   [*] pound 

Then make as usual.

  • Running Pound

Booting the kernel that is built, we can check if the pound programme and config files exist as expected.

root:~>ls bin/pound
root:~>ls /etc/pound/mycert.pem
root:~>ls /usr/local/etc/pound.cfg

The we start the programme.

root:~> ifconfig eth0 10.100.4.50
root:~> boa –c /etc &
root:~> pound &

Note: Pound begins caculating encryption keys(RSA) which takes about thirty seconds during which https connection has not been ready.

Here we use the cetification mycert.pem that made by ourselves, it has been install under /etc/pound, and the corresponding root CA to install in client web browser is cacert.pem. It is already put under user/blkfin-apps/pound. To install it,for example, in Firefox, select Edit→ Preferences→Advenced→Certificates→Manage Certificates→Authorities. Select ‘Import’ button, add this pem file, then we can see it listed in the table.

Then enter the URL:https://10.100.4.50/index.html, the homepage would be shown through https connection. We can check the page infomation by select menu 'Tools'→'Page Info'→Security. If it tells you the page is encrypted, the pound has been working now.