Hi Guys, I've not applied any patches to the download as this was a direct 'wget' from the Git repository. As follows is the OpenSSL v1.0.0 Centos 6.4 x64 build
[root@localhost ~]# wget https://github.com/horms/haproxy/archive/agent-check-20130806.zip [root@localhost ~]# unzip agent-check-20130806 [root@localhost ~]# cd haproxy-agent-check-20130806/ [root@localhost ~]# make TARGET=linux26 USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 [root@localhost haproxy-agent-check-20130806]# ./haproxy -vv HA-Proxy version 1.5-dev19 2013/06/17 Copyright 2000-2013 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing OPTIONS = USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built without zlib support (USE_ZLIB not set) Compression algorithms supported : identity Built with OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 Running on OpenSSL version : OpenSSL 1.0.0-fips 29 Mar 2010 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 7.8 2008-09-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_F REEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. ~Regards, Scott On 13 August 2013 15:23, Willy Tarreau <[email protected]> wrote: > Hey Scott, > > On Sun, Aug 11, 2013 at 10:22:15AM +0200, Lukas Tribus wrote: > > Hi Scott, > > > > > src/ssl_sock.c:796: error: āstruct checkā has no member named 'xprt' > > > > Strange, I cannot reproduce this. > > > > > > > > > Now if I edit src/ssl_sock.c line 796 and comment out > > > 'srv->check.xprt = &ssl_sock;' and replace it with 'srv->xprt = > &ssl_sock;' > > > HAProxy and OpenSSL compile correctly > > > > I'm not entirely sure what this exactly does, but I would imagine that > this > > breaks health checks on ssl enabled backends. > > Lukas is right here. Are you sure you didn't apply a patch or something > to your version ? Because clearly this cannot happen, there is a "check" > field in the "server" struct, and this "check" struct contains an "xprt" > field. So I don't see how the build can fail. Your change does not fix > the issue, it applies the check protocol to the nominal traffic instead > of applying it to the health checks. > > Regards, > Willy > > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
