2013

Emeric Brun Fri, 26 Apr 2013 03:04:15 -0700

Hi don't understand:

You said using openssl version 0.9.8y, but haproxy -vv shows OpenSSL 1.0.0a.


Emeric

On 04/25/2013 04:45 PM, Connelly, Zachary (CGI Federal) wrote:

Lukas (et al),

Here’s what I have so far:

1.use latest snapshot from [1] – *I’ll* *work on this today*

2.provide the output of haproxy –vv – *Output below*

Sharing sig_handlers with pipe

Sharing pendconn with pipe

HA-Proxy version 1.5-dev18 2013/04/03

Copyright 2000-2013 Willy Tarreau <[email protected]>

Build options :

   TARGET  = linux26

   CPU     = generic

   CC      = gcc

   CFLAGS  = -g -O0

   OPTIONS = USE_OPENSSL=1 USE_PCRE=1

Default settings :

   maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes

Built without zlib support (USE_ZLIB not set)

Compression algorithms supported : identity

Built with OpenSSL version : OpenSSL 1.0.0a 1 Jun 2010

OpenSSL library supports TLS extensions : yes

OpenSSL library supports SNI : yes

OpenSSL library supports prefer-server-ciphers : yes

Available polling systems :

       epoll : pref=300,  test result OK

        poll : pref=200,  test result OK

      select : pref=150,  test result OK

Total: 3 (3 usable), will use epoll.

3.can you tell us OS, kernel and openssl version? *Linux 5.5,
2.6.18-164.11.1.el5, openssl version 0.9.8y*

4.compile haproxy with debug and without compiler optimizations: make
DEBUG=-DDEBUG_FULL CFLAGS="-g -O0" TARGET=[...] *Done*

5.catch a backtrace of the crash with gdb (see [2] if you need details)
– *Will work on this once #1 is complete from above*

Thanks for the assistance so far,

Zack

*From:*Lukas Tribus [mailto:[email protected]]
*Sent:* Wednesday, April 24, 2013 12:36 PM
*To:* Connelly, Zachary (CGI Federal); Baptiste
*Cc:* [email protected]
*Subject:* RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013

Hi!

Please also note that the second SOAP call made that fails
the handshake also causes the HAProxy server to crash.


Could you:
- use latest snapshot from [1]
- provide the output of haproxy -vv
- can you tell us OS, kernel and openssl version?
- compile haproxy with debug and without compiler optimizations:
     make DEBUG=-DDEBUG_FULL CFLAGS="-g -O0" TARGET=[...]
- catch a backtrace of the crash with gdb (see [2] if you need details)


Regards,
Lukas

[1] http://haproxy.1wt.eu/download/1.5/src/snapshot/
[2] http://www.mail-archive.com/[email protected]/msg09472.html

Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013

Reply via email to