Hi Willy, We are seeing build failures of 1.5 w/ SSL on Debian's Hurd builder machines due to the use of PATH_MAX (which is undefined in Hurd) when loading SSL certificates. You can see the build log here:
https://buildd.debian.org/status/fetch.php?pkg=haproxy&arch=hurd-i386&ver=1.5%7Edev19-1&stamp=1372199388 The attached patch should fix this issue, by modifying the code in question to use a dynamically allocated buffer while checking against PATH_MAX if appropriate. Regards, Apollon
>From 865e8c1ed5bc8dfa61eff6c33e5b59b6a554db96 Mon Sep 17 00:00:00 2001 From: Apollon Oikonomopoulos <apoi...@gmail.com> Date: Mon, 12 Aug 2013 12:22:26 +0300 Subject: [PATCH] BUG/MINOR: ssl_sock.c: use PATH_MAX only when defined bind_parse_crt() unconditionally uses PATH_MAX, which is not guaranteed to be defined by POSIX. In fact, GNU Hurd does not have a limit on path sizes and thus leaves PATH_MAX undefined, causing OpenSSL-enabled builds on Hurd to fail. We fix this by using dynamic allocation of the path buffer and checking the actual path length whenever PATH_MAX is defined. --- src/ssl_sock.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index ce1712d..655dc77 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2543,17 +2543,25 @@ static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct /* parse the "crt" bind keyword */ static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err) { - char path[PATH_MAX]; + char *path; + size_t path_length; if (!*args[cur_arg + 1]) { memprintf(err, "'%s' : missing certificate location", args[cur_arg]); return ERR_ALERT | ERR_FATAL; } if ((*args[cur_arg + 1] != '/' ) && global.crt_base) { - if ((strlen(global.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > PATH_MAX) { + path_length = strlen(global.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1; +#ifdef PATH_MAX + if (path_length > PATH_MAX) { memprintf(err, "'%s' : path too long", args[cur_arg]); return ERR_ALERT | ERR_FATAL; } +#endif + if ((path = malloc(path_length)) == NULL) { + memprintf(err, "'%s' : unable to allocate path buffer", args[cur_arg]); + return ERR_ALERT | ERR_FATAL; + } sprintf(path, "%s/%s", global.crt_base, args[cur_arg + 1]); if (ssl_sock_load_cert(path, conf, px, err) > 0) return ERR_ALERT | ERR_FATAL; -- 1.7.10.4