Hi, Today I have tried to recreate the WAF.
I received this error at build time. ### + cd /usr/src + git clone http://git.haproxy.org/git/haproxy.git/ Cloning into 'haproxy'... + make -C /usr/src/haproxy TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 USE_PCRE_JIT=1 USE_LUA=1 all install-bin make: Entering directory `/usr/src/haproxy' gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_poll.o src/ev_poll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_epoll.o src/ev_epoll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ssl_sock.o src/ssl_sock.c In file included from src/ssl_sock.c:94:0: include/proto/openssl-compat.h: In function 'SSL_CTX_get0_privatekey': include/proto/openssl-compat.h:99:19: error: dereferencing pointer to incomplete type return ctx->cert->key->privatekey; ^ include/proto/openssl-compat.h:102:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ make: *** [src/ssl_sock.o] Error 1 make: Leaving directory `/usr/src/haproxy' ### Openssl is ---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be installed ---> Package openssl-devel.x86_64 1:1.0.1e-60.el7_3.1 will be installed I thought this case is covert with this commit. http://git.haproxy.org/?p=haproxy.git;a=commit;h=48a8332a4a82f151877bd6baf567031088845f2d ## BUG/MEDIUM: ssl: Fix regression about certificates generation Since the commit f6b37c67 ["BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored."], the certificates generation is broken. To generate a certificate, we retrieved the private key of the default certificate using the SSL object. But since the commit f6b37c67, the SSL object is created with a dummy certificate (initial_ctx). So to fix the bug, we use directly the default certificate in the bind_conf structure. We use SSL_CTX_get0_privatekey function to do so. Because this function does not exist for OpenSSL < 1.0.2 and for LibreSSL, it has been added in openssl-compat.h with the right #ifdef. ## [root@centos-512mb-fra1-01 haproxy-waf]# egrep OPENSSL_VERSION_NUMBER /usr/include/openssl/* /usr/include/openssl/crypto.h:#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER /usr/include/openssl/opensslv.h:#define OPENSSL_VERSION_NUMBER 0x1000105fL How can I help to fix this issue? -- Best Regards Aleks
