You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Jean Baptiste Favre <we...@jbfavre.org> on 2013/10/09 17:08:10 UTC
ATS & SSL termination
I'm new to trafficserver.
Using ATS 3.2.5 on Debian 7.0 Wheezy, I need to be able to cache content
from SSL requests.
These requests are made by an internal application against externals
services, mostly using HTTPS.
So, my application will be the client and external services origin server.
Using HTTP proxy, requests work but content is not cached which, I
think, is obviously OK since client will established CONNECT tunnel
which makes ATS unable to see content.
>From my understanding, I need to set up SSL termination.
I followed:
http://trafficserver.apache.org/docs/trunk/admin/security-options/#UsingSSLTermination
For now, I use self-signed SSL certificate generated with:
openssl req -x509 -newkey rsa:2048 -keyout keypriv.pem -out cert.pem
-days 365
And passphrase is removed with
openssl rsa -in keypriv.pem -out key.pem
Between Client & ATS, here's what I use for configuration:
CONFIG proxy.config.http.server_ports STRING 80:ipv4 443:ipv4:ssl
CONFIG proxy.config.http.connect_ports STRING 443 563
CONFIG proxy.config.ssl.client.certification_level INT 0
CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver
CONFIG proxy.config.ssl.server.cert.filename STRING cert.pem
CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver
CONFIG proxy.config.ssl.server.private_key.filename STRING key.pem
Still from my understanding, I don't need any specific option for ATS to
origin server connections since ATS will act as client and therefore do
not need any certificate.
But, it does not work. Using curl, here's what I get:
curl -vvv -k --proxy https://my_proxy:443 "https://secure.website.tld/"
* About to connect() to proxy my_proxy port 443 (#0)
* Trying xxx.yyy.uuu.ttt...
* connected
* Connected to my_proxy (xxx.yyy.uuu.ttt) port 443 (#0)
* Establish HTTP proxy tunnel to secure.website.tld:443
> CONNECT secure.website.tld:443 HTTP/1.1
> Host: secure.website.tld:443
> User-Agent: curl/7.26.0
> Proxy-Connection: Keep-Alive
>
* Easy mode waiting response from proxy CONNECT
And here's what I get on ATS side:
Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Server {0x2b3cb358d700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x2b3cb358d700} ERROR: SSL::7:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
I bet I missed a point, but can't find which one.
Any help appreciated,
Jean-Baptiste
Re: ATS & SSL termination
Posted by Jean Baptiste Favre <we...@jbfavre.org>.
Hello Alan,
I succeed this morning to use curl with my ATS setup thanks to --resolve
option as well :)
But, that leads me to another problem: as it is, I'll have to make my
DNS resolver lying for the external services I want to send requests to
since I don't think php curl extension supports --resolve option.
Or maybe remap.config could help.
I'll check that as well,
Regards,
Jean-Baptiste
On 10/10/2013 16:14, Alan M. Carroll wrote:
> Thursday, October 10, 2013, 3:31:18 AM, you wrote:
>
>> Hello,
>> I thought curl did actually sent SSL, but it seems it's not because I
>> don't see any SSL Handshake in curl output :-/
>
>> I guess curl tries to use HTTP tunnel even if I specify a HTTPS proxy
>> with export https_proxy="https://my_proxy:443/" or using commandline
>> option -x/--proxy with same value.
>
> I think I got around that by using the --resolve feature of curl to force it to use a proxy via HTTPS (and not CONNECT).
>
>
> !DSPAM:5256b67b155711343720734!
>
>
Re: ATS & SSL termination
Posted by "Alan M. Carroll" <am...@network-geographics.com>.
Thursday, October 10, 2013, 3:31:18 AM, you wrote:
> Hello,
> I thought curl did actually sent SSL, but it seems it's not because I
> don't see any SSL Handshake in curl output :-/
> I guess curl tries to use HTTP tunnel even if I specify a HTTPS proxy
> with export https_proxy="https://my_proxy:443/" or using commandline
> option -x/--proxy with same value.
I think I got around that by using the --resolve feature of curl to force it to use a proxy via HTTPS (and not CONNECT).
Re: ATS & SSL termination
Posted by Jean Baptiste Favre <we...@jbfavre.org>.
Hello,
I thought curl did actually sent SSL, but it seems it's not because I
don't see any SSL Handshake in curl output :-/
I guess curl tries to use HTTP tunnel even if I specify a HTTPS proxy
with export https_proxy="https://my_proxy:443/" or using commandline
option -x/--proxy with same value.
Will dig into it,
Regards,
Jean-Baptiste
On 09/10/2013 19:48, James Peach wrote:
> On Oct 9, 2013, at 9:25 AM, Jean Baptiste Favre <we...@jbfavre.org> wrote:
>
>> Hello James,
>> Thanks for your quick reply.
>>
>> I added following line into ssl_multicert.config:
>> dest_ip=* ssl_cert_name=cert.pem ssl_key_name=key.pem
>>
>> Then run /usr/bin/traffic_server -T ssl and get these logs when
>> launching curl command:
>>
>> Server {0x7ffebb655700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent]
>> event 202 netvc 0x22574d0
>> Server {0x7ffebb655700} DEBUG: (ssl) IP context is (nil), default
>> context 0x7ffebc0a5170
>> Server {0x7ffebb655700} DEBUG: (ssl)
>> SSLNetVConnection::sslServerHandShakeEvent, error
>> Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>> Server {0x7ffebb655700} DEBUG: (ssl)
>> SSLNetVConnection::sslServerHandShakeEvent, error
>> Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>
>> Will continue debugging tomorrow,
>
> Are you positive that the curl command you are using is actually sending SSL, rather than HTTP?
>
>>
>> Regards,
>> Jean-Baptiste
Re: ATS & SSL termination
Posted by James Peach <jp...@apache.org>.
On Oct 9, 2013, at 9:25 AM, Jean Baptiste Favre <we...@jbfavre.org> wrote:
> Hello James,
> Thanks for your quick reply.
>
> I added following line into ssl_multicert.config:
> dest_ip=* ssl_cert_name=cert.pem ssl_key_name=key.pem
>
> Then run /usr/bin/traffic_server -T ssl and get these logs when
> launching curl command:
>
> Server {0x7ffebb655700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent]
> event 202 netvc 0x22574d0
> Server {0x7ffebb655700} DEBUG: (ssl) IP context is (nil), default
> context 0x7ffebc0a5170
> Server {0x7ffebb655700} DEBUG: (ssl)
> SSLNetVConnection::sslServerHandShakeEvent, error
> Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
> Server {0x7ffebb655700} DEBUG: (ssl)
> SSLNetVConnection::sslServerHandShakeEvent, error
> Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>
> Will continue debugging tomorrow,
Are you positive that the curl command you are using is actually sending SSL, rather than HTTP?
>
> Regards,
> Jean-Baptiste
>
>
> On 09/10/2013 17:22, James Peach wrote:
>> On Oct 9, 2013, at 8:08 AM, Jean Baptiste Favre <we...@jbfavre.org> wrote:
>>
>>> I'm new to trafficserver.
>>> Using ATS 3.2.5 on Debian 7.0 Wheezy, I need to be able to cache content
>>> from SSL requests.
>>>
>>> These requests are made by an internal application against externals
>>> services, mostly using HTTPS.
>>> So, my application will be the client and external services origin server.
>>>
>>> Using HTTP proxy, requests work but content is not cached which, I
>>> think, is obviously OK since client will established CONNECT tunnel
>>> which makes ATS unable to see content.
>>>
>>> From my understanding, I need to set up SSL termination.
>>> I followed:
>>> http://trafficserver.apache.org/docs/trunk/admin/security-options/#UsingSSLTermination
>>
>> Sorry, these docs have not been updated. The SSL termination configuration is described more accurately here:
>>
>> https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#using-ssl-termination
>> https://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html
>>
>> You need to specify the SSL certificates in ssl_multicert.config. If you need additional debugging on the server end, you can set the "ssl" diagnostic tag.
>>
>>>
>>> For now, I use self-signed SSL certificate generated with:
>>> openssl req -x509 -newkey rsa:2048 -keyout keypriv.pem -out cert.pem
>>> -days 365
>>>
>>> And passphrase is removed with
>>> openssl rsa -in keypriv.pem -out key.pem
>>>
>>> Between Client & ATS, here's what I use for configuration:
>>>
>>> CONFIG proxy.config.http.server_ports STRING 80:ipv4 443:ipv4:ssl
>>> CONFIG proxy.config.http.connect_ports STRING 443 563
>>> CONFIG proxy.config.ssl.client.certification_level INT 0
>>> CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver
>>> CONFIG proxy.config.ssl.server.cert.filename STRING cert.pem
>>> CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver
>>> CONFIG proxy.config.ssl.server.private_key.filename STRING key.pem
>>>
>>> Still from my understanding, I don't need any specific option for ATS to
>>> origin server connections since ATS will act as client and therefore do
>>> not need any certificate.
>>>
>>> But, it does not work. Using curl, here's what I get:
>>> curl -vvv -k --proxy https://my_proxy:443 "https://secure.website.tld/"
>>> * About to connect() to proxy my_proxy port 443 (#0)
>>> * Trying xxx.yyy.uuu.ttt...
>>> * connected
>>> * Connected to my_proxy (xxx.yyy.uuu.ttt) port 443 (#0)
>>> * Establish HTTP proxy tunnel to secure.website.tld:443
>>>> CONNECT secure.website.tld:443 HTTP/1.1
>>>> Host: secure.website.tld:443
>>>> User-Agent: curl/7.26.0
>>>> Proxy-Connection: Keep-Alive
>>>>
>>> * Easy mode waiting response from proxy CONNECT
>>>
>>> And here's what I get on ATS side:
>>> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
>>> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
>>> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
>>> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
>>> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>> Server {0x2b3cb358d700} ERROR: SSL ERROR: SSL_ServerHandShake.
>>> Server {0x2b3cb358d700} ERROR: SSL::7:error:1407609B:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>>
>>> I bet I missed a point, but can't find which one.
>>>
>>> Any help appreciated,
>>> Jean-Baptiste
>>
>>
>> !DSPAM:525574d3155718310332580!
>>
>>
>
Re: ATS & SSL termination
Posted by Jean Baptiste Favre <we...@jbfavre.org>.
Hello James,
Thanks for your quick reply.
I added following line into ssl_multicert.config:
dest_ip=* ssl_cert_name=cert.pem ssl_key_name=key.pem
Then run /usr/bin/traffic_server -T ssl and get these logs when
launching curl command:
Server {0x7ffebb655700} DEBUG: (ssl) [SSLNextProtocolAccept:mainEvent]
event 202 netvc 0x22574d0
Server {0x7ffebb655700} DEBUG: (ssl) IP context is (nil), default
context 0x7ffebc0a5170
Server {0x7ffebb655700} DEBUG: (ssl)
SSLNetVConnection::sslServerHandShakeEvent, error
Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Server {0x7ffebb655700} DEBUG: (ssl)
SSLNetVConnection::sslServerHandShakeEvent, error
Server {0x7ffebb655700} ERROR: SSL ERROR: SSL_ServerHandShake.
Server {0x7ffebb655700} ERROR: SSL::5:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
Will continue debugging tomorrow,
Regards,
Jean-Baptiste
On 09/10/2013 17:22, James Peach wrote:
> On Oct 9, 2013, at 8:08 AM, Jean Baptiste Favre <we...@jbfavre.org> wrote:
>
>> I'm new to trafficserver.
>> Using ATS 3.2.5 on Debian 7.0 Wheezy, I need to be able to cache content
>> from SSL requests.
>>
>> These requests are made by an internal application against externals
>> services, mostly using HTTPS.
>> So, my application will be the client and external services origin server.
>>
>> Using HTTP proxy, requests work but content is not cached which, I
>> think, is obviously OK since client will established CONNECT tunnel
>> which makes ATS unable to see content.
>>
>> From my understanding, I need to set up SSL termination.
>> I followed:
>> http://trafficserver.apache.org/docs/trunk/admin/security-options/#UsingSSLTermination
>
> Sorry, these docs have not been updated. The SSL termination configuration is described more accurately here:
>
> https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#using-ssl-termination
> https://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html
>
> You need to specify the SSL certificates in ssl_multicert.config. If you need additional debugging on the server end, you can set the "ssl" diagnostic tag.
>
>>
>> For now, I use self-signed SSL certificate generated with:
>> openssl req -x509 -newkey rsa:2048 -keyout keypriv.pem -out cert.pem
>> -days 365
>>
>> And passphrase is removed with
>> openssl rsa -in keypriv.pem -out key.pem
>>
>> Between Client & ATS, here's what I use for configuration:
>>
>> CONFIG proxy.config.http.server_ports STRING 80:ipv4 443:ipv4:ssl
>> CONFIG proxy.config.http.connect_ports STRING 443 563
>> CONFIG proxy.config.ssl.client.certification_level INT 0
>> CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver
>> CONFIG proxy.config.ssl.server.cert.filename STRING cert.pem
>> CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver
>> CONFIG proxy.config.ssl.server.private_key.filename STRING key.pem
>>
>> Still from my understanding, I don't need any specific option for ATS to
>> origin server connections since ATS will act as client and therefore do
>> not need any certificate.
>>
>> But, it does not work. Using curl, here's what I get:
>> curl -vvv -k --proxy https://my_proxy:443 "https://secure.website.tld/"
>> * About to connect() to proxy my_proxy port 443 (#0)
>> * Trying xxx.yyy.uuu.ttt...
>> * connected
>> * Connected to my_proxy (xxx.yyy.uuu.ttt) port 443 (#0)
>> * Establish HTTP proxy tunnel to secure.website.tld:443
>>> CONNECT secure.website.tld:443 HTTP/1.1
>>> Host: secure.website.tld:443
>>> User-Agent: curl/7.26.0
>>> Proxy-Connection: Keep-Alive
>>>
>> * Easy mode waiting response from proxy CONNECT
>>
>> And here's what I get on ATS side:
>> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>> Server {0x2b3cb358d700} ERROR: SSL ERROR: SSL_ServerHandShake.
>> Server {0x2b3cb358d700} ERROR: SSL::7:error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>>
>> I bet I missed a point, but can't find which one.
>>
>> Any help appreciated,
>> Jean-Baptiste
>
>
> !DSPAM:525574d3155718310332580!
>
>
Re: ATS & SSL termination
Posted by James Peach <jp...@apache.org>.
On Oct 9, 2013, at 8:08 AM, Jean Baptiste Favre <we...@jbfavre.org> wrote:
> I'm new to trafficserver.
> Using ATS 3.2.5 on Debian 7.0 Wheezy, I need to be able to cache content
> from SSL requests.
>
> These requests are made by an internal application against externals
> services, mostly using HTTPS.
> So, my application will be the client and external services origin server.
>
> Using HTTP proxy, requests work but content is not cached which, I
> think, is obviously OK since client will established CONNECT tunnel
> which makes ATS unable to see content.
>
> From my understanding, I need to set up SSL termination.
> I followed:
> http://trafficserver.apache.org/docs/trunk/admin/security-options/#UsingSSLTermination
Sorry, these docs have not been updated. The SSL termination configuration is described more accurately here:
https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#using-ssl-termination
https://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html
You need to specify the SSL certificates in ssl_multicert.config. If you need additional debugging on the server end, you can set the "ssl" diagnostic tag.
>
> For now, I use self-signed SSL certificate generated with:
> openssl req -x509 -newkey rsa:2048 -keyout keypriv.pem -out cert.pem
> -days 365
>
> And passphrase is removed with
> openssl rsa -in keypriv.pem -out key.pem
>
> Between Client & ATS, here's what I use for configuration:
>
> CONFIG proxy.config.http.server_ports STRING 80:ipv4 443:ipv4:ssl
> CONFIG proxy.config.http.connect_ports STRING 443 563
> CONFIG proxy.config.ssl.client.certification_level INT 0
> CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver
> CONFIG proxy.config.ssl.server.cert.filename STRING cert.pem
> CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver
> CONFIG proxy.config.ssl.server.private_key.filename STRING key.pem
>
> Still from my understanding, I don't need any specific option for ATS to
> origin server connections since ATS will act as client and therefore do
> not need any certificate.
>
> But, it does not work. Using curl, here's what I get:
> curl -vvv -k --proxy https://my_proxy:443 "https://secure.website.tld/"
> * About to connect() to proxy my_proxy port 443 (#0)
> * Trying xxx.yyy.uuu.ttt...
> * connected
> * Connected to my_proxy (xxx.yyy.uuu.ttt) port 443 (#0)
> * Establish HTTP proxy tunnel to secure.website.tld:443
>> CONNECT secure.website.tld:443 HTTP/1.1
>> Host: secure.website.tld:443
>> User-Agent: curl/7.26.0
>> Proxy-Connection: Keep-Alive
>>
> * Easy mode waiting response from proxy CONNECT
>
> And here's what I get on ATS side:
> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
> Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
> Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
> Server {0x2b3cb358d700} ERROR: SSL ERROR: SSL_ServerHandShake.
> Server {0x2b3cb358d700} ERROR: SSL::7:error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423:
>
> I bet I missed a point, but can't find which one.
>
> Any help appreciated,
> Jean-Baptiste