On Thu, Apr 02, 2015 at 11:35:16PM +0200, Lukas Tribus wrote: > >> Please provide the output of "haproxy -vv" of the 1.5.11 executable. > >> > >> I guess you have an ABI problem between openssl 1.0.1 and 1.0.2. > > > > I wonder if we are not seeing a case not covered by CVE-2015-0290 : > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290 > > And linking haproxy 1.5.11 against openssl 1.0.1 would bypass this new > 1.0.2 feature for the time being. Likely that combination is safe.
FWIW, I recently saw openvpn crashing when built with openssl 1.0.2 and not with 1.0.1. I later found that it was also using an older liblzo and that 1.0.1 + recent lzo was OK, but I have not retried 1.0.2 with it yet. Thus all I don't yet know if 1.0.2 was responsible for the crashes and I didn't have time to debug it nor retry yet. In your case it's the same problem : two changes at once. I'd try with 1.0.1 first and only then upgrade to 1.0.2 if 1.0.1 proves to be safe. Regards, Willy
