Just this morning, I was setting up TLS on a LDAP host, but slapd
refused to start afterwards with a bizarre error message:
TLS init def ctx failed: -207
The key and certificate was freshly generated using openssl on my
laptop (running wheezy, so OpenSSL 1.0.0d-3). After a bit of
googling, I discovered that -207 is gnutls-esque for "Base64 error".
Of course, the key looks just fine and decodes fine using base64,
openssl base64 and even gnutls's own certtool.
Now, certtool also spits out what it considers the right base64
version of the key and I noticed it differed. Using the one
certtool output seems to work, though, so if you ever run into this
problem try running the key through certtool --infile foo.pem -k and
use the base64 representation it outputs.
It's sometimes necessary to be able to access HTTP resources from
inside VCL. Some use cases include authentication or authorization
where a service validates a token and then tell Varnish whether to
proceed or not.
To do this, we recently implemented libvmod_curl which is a set of
cURL bindings for VCL so you can fetch remote resource easily. HTTP
would be the usual method, but cURL also supports other protocols such
as LDAP or POP3.
The API is very simple, to use it you would do something like:
require curl;
sub vcl_recv {
curl.fetch("http://authserver/validate?key=" + regsub(req.url, ".*key=([a-z0-9]+), "\1"));
if (curl.status() != 200) {
error 403 "Go away";
}
}
Other methods you can use are curl.header(headername) to get the
contents of a given header and curl.body() to get the body of the
response. See the README file in the source for more information.
