❦ 25 novembre 2015 20:36 +0100, Lukas Tribus <[email protected]> :
>>> I don't know. I got pre made packages from "http://haproxy.debian.net >>> jessie-backports-1.6 main" maintained by Vincent Bernat if I'm correct. >> >> I think there's something wrong with that binary. I will try to reproduce >> the problem with it. > > > Confirmed. The 1.6.2 binary (haproxy) from the jessie-backports-1.6 > repository has these problems, but the 1.6.2 that I just compiled from > source on this platform (./haproxy) works just fine: > > root@debianvm:/home/lukas/haproxy-1.6.2# haproxy -f /home/lukas/ssl.cfg -c > [ALERT] 328/203304 (9873) : SSLv3 support requested but unavailable. > Configuration file is valid > root@debianvm:/home/lukas/haproxy-1.6.2# ./haproxy -f /home/lukas/ssl.cfg -c > Configuration file is valid > root@debianvm:/home/lukas/haproxy-1.6.2# > > > Vincent, can you take a look? After twiddling a bit around, it seems that enabling Lua support trigger this bug. This invocation does trigger the bug: make USE_OPENSSL=1 TARGET=linux2628 USE_LUA=1 LUA_INC=/usr/include/lua5.3 While this one doesn't: make USE_OPENSSL=1 TARGET=linux2628 I traced the problem back to the end of hlua.c (line 7058 for v1.6.2) : >>> print args $1 = {[0] = 0x4caee5 "ssl", [1] = 0x4b4ab4 "verify", [2] = 0x4b4fc1 "none", [3] = 0x4cad1a "force-sslv3", [4] = 0x0} Those args are defined line 6478. The "force-sslv3" should just be removed I think (or at least #ifdef). -- Be careful of reading health books, you might die of a misprint. -- Mark Twain
