> Le 18 juin 2018 à 15:30, Thierry Fournier <[email protected]> a > écrit : > > > >> On 18 Jun 2018, at 14:37, Emmanuel Hocdet <[email protected]> wrote: >> >>> >>> Le 18 juin 2018 à 10:43, Thierry Fournier <[email protected]> a >>> écrit : >>> >>> >>>> On 18 Jun 2018, at 10:33, Willy Tarreau <[email protected]> wrote: >>>> >>>> On Sun, Jun 17, 2018 at 09:44:50PM +0200, [email protected] >>>> wrote: >>>>> Finally, I got it ! It works with luck because we have 1 bug in Haproxy >>>>> and 1 error (I suppose) in a OpenSSL compatibility layer. >>>> (...) >>>>> I join two patch. The first which fix the cipher capture must be >>>>> backported to 1.8, for the second patch wich fix the app data >>>>> compatibility, I dont known (at least 1.8). >>>> >>>> Good job! I imagine you didn't have a funny week-end playing with this one >>>> :-/ >>> >>> >>> Yes, including the Friday :-) But I hope this path improve stability. If >>> someone >>> have time and is interested by the subject, it may be interesting to see in >>> the >>> OpenSSL code if the slot 0 used without reservation works fine, or works >>> because >>> we have luck. >>> >> >> It work find because slot 0 is natively reserved for old *_{set, >> get}_app_data API compatibility. > > > Ok, thanks. So the classifcation BUG/MAJOR can be changed for BUG/MEDIUM > because it impacts only the usage of SSL join with the cipherlist hash. > Too late :-) >
I think it should not be a bug at all (second patch), and set of ex_data without reservation (first patch and my patch) should be the only sources of bugs.
