Hi everyone,

I've narrowed down my problem down to the same commit as Tomek Gacek - c2aae74f010f97a3415542fe649198a5d3be1ea8 (MEDIUM: ssl: Handle early data with OpenSSL 1.1.1), so I guess it may be related. In my case, since upgrade to 1.8, some responses from some backends (not sure what exactly triggers the bug) do not have their headers modified (despite http-response add-header and http-response del-header being set).

Applying patch part-by-part, I got to a point where it seems that that was caused by changes to ssl_sock_to_buf function in src/ssl_sock.c (lines 396-431):

Code at out_error label behave a bit differently from part removed in this commit - namely, it sets conn->flags |= CO_FL_ERROR unconditionally, while previously there was an additional check (skipping error flag setting if errno was set to EAGAIN). My problems went straight away when I've changed out_error to match old code.

There is also another issue with this commit - it seems that one "1" got lost in OPENSSL_VERSION_NUMBER comparison (line 267):

Throughout this commit all additions of similar ifdefs use 0x10101000L, which translates to OpenSSL 1.1.1 - and this one oddly translates to version 0.1.1.

Hope this helps!

Best regards
Mateusz Malek

Reply via email to