Hi,
Commit 405ff31e31eb1cbdc76ba0d93c6db4c7a3fd497a
(BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL) is causing
trouble (with centos7 + openssl-1.0.1e-60.el7.x86_64).
If I have a backend server with ssl and httpchk enabled I get a crash:
(gdb) bt
#0 0x00007ffff7218419 in sk_free () from /lib64/libcrypto.so.10
#1 0x00007ffff719f199 in int_free_ex_data () from /lib64/libcrypto.so.10
#2 0x00007ffff75641fd in SSL_free () from /lib64/libssl.so.10
#3 0x000000000040e332 in ssl_sock_close (conn=0x723ac0) at src/ssl_sock.c:4012
#4 0x000000000045d1b6 in conn_force_close (conn=0x723ac0)
at include/proto/connection.h:151
#5 wake_srv_chk (conn=0x723ac0) at src/checks.c:1406
#6 0x000000000049b6e6 in conn_fd_handler (fd=<optimized out>)
at src/connection.c:141
#7 0x00000000004a7304 in fd_process_cached_events () at src/fd.c:223
#8 0x0000000000409d7d in run_poll_loop () at src/haproxy.c:1598
#9 main (argc=4, argv=0x7fffffffdc78) at src/haproxy.c:1957
This is fairly minimal config that fails for me:
global
log /dev/log local2 info
stats socket /tmp/stats level admin
defaults
mode http
frontend test4
bind [email protected]:8083
default_backend test_be2
backend test_be2
option httpchk GET /crashme\ HTTP/1.1\r\nHost:\
some.example.org\r\nConnection:\ close
server srv1 some.ip.with.ssl:443 id 1 check ssl verify none
-Jarno
--
Jarno Huuskonen
