Emeric,
I'm not sure about that either actually. We definitely only have 0.9.8~ versions on the box and I explicitly reference the 0.9.8y library when I compile the executable: TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 ADDLIB=-L/usr/local/openssl-0.9.8y/lib LDFLAGS+=-ldl Zack -----Original Message----- From: Emeric Brun [mailto:[email protected]] Sent: Friday, April 26, 2013 6:04 AM To: Connelly, Zachary (CGI Federal) Cc: Lukas Tribus; Baptiste; [email protected] Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013 Hi don't understand: You said using openssl version 0.9.8y, but haproxy -vv shows OpenSSL 1.0.0a. Emeric On 04/25/2013 04:45 PM, Connelly, Zachary (CGI Federal) wrote: > Lukas (et al), > > Here's what I have so far: > > 1.use latest snapshot from [1] - *I'll* *work on this today* > > 2.provide the output of haproxy -vv - *Output below* > > Sharing sig_handlers with pipe > > Sharing pendconn with pipe > > HA-Proxy version 1.5-dev18 2013/04/03 > > Copyright 2000-2013 Willy Tarreau <[email protected]<mailto:[email protected]>> > > Build options : > > TARGET = linux26 > > CPU = generic > > CC = gcc > > CFLAGS = -g -O0 > > OPTIONS = USE_OPENSSL=1 USE_PCRE=1 > > Default settings : > > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = > 200 > > Encrypted password support via crypt(3): yes > > Built without zlib support (USE_ZLIB not set) > > Compression algorithms supported : identity > > Built with OpenSSL version : OpenSSL 1.0.0a 1 Jun 2010 > > OpenSSL library supports TLS extensions : yes > > OpenSSL library supports SNI : yes > > OpenSSL library supports prefer-server-ciphers : yes > > Available polling systems : > > epoll : pref=300, test result OK > > poll : pref=200, test result OK > > select : pref=150, test result OK > > Total: 3 (3 usable), will use epoll. > > 3.can you tell us OS, kernel and openssl version? *Linux 5.5, > 2.6.18-164.11.1.el5, openssl version 0.9.8y* > > 4.compile haproxy with debug and without compiler optimizations: make > DEBUG=-DDEBUG_FULL CFLAGS="-g -O0" TARGET=[...] *Done* > > 5.catch a backtrace of the crash with gdb (see [2] if you need > details) - *Will work on this once #1 is complete from above* > > Thanks for the assistance so far, > > Zack > > *From:*Lukas Tribus [mailto:[email protected]] > *Sent:* Wednesday, April 24, 2013 12:36 PM > *To:* Connelly, Zachary (CGI Federal); Baptiste > *Cc:* [email protected]<mailto:[email protected]> > *Subject:* RE: Follow-up on thread 'SSL handshake failure' from > 2/5/2013 > > Hi! > > >> Please also note that the second SOAP call made that fails the >> handshake also causes the HAProxy server to crash. > > Could you: > - use latest snapshot from [1] > - provide the output of haproxy -vv > - can you tell us OS, kernel and openssl version? > - compile haproxy with debug and without compiler optimizations: > make DEBUG=-DDEBUG_FULL CFLAGS="-g -O0" TARGET=[...] > - catch a backtrace of the crash with gdb (see [2] if you need > details) > > > Regards, > Lukas > > [1] http://haproxy.1wt.eu/download/1.5/src/snapshot/ > [2] http://www.mail-archive.com/[email protected]/msg09472.html >
