Hi Ilya,

On Wed, May 08, 2019 at 11:34:57AM +0500, ???? ??????? wrote:
> From ad9961e92c692430272c9088a49759c889dac6f1 Mon Sep 17 00:00:00 2001
> From: Ilya Shipitsin <chipits...@gmail.com>
> Date: Wed, 8 May 2019 11:32:02 +0500
> Subject: [PATCH] BUILD: do not use "RAND_keep_random_devices_open" when
>  building against LibreSSL
> 
> ---
>  src/haproxy.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/haproxy.c b/src/haproxy.c
> index 4c371254..c8a8aaf0 100644
> --- a/src/haproxy.c
> +++ b/src/haproxy.c
> @@ -590,7 +590,7 @@ void mworker_reload()
>               ptdf->fct();
>       if (fdtab)
>               deinit_pollers();
> -#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L)
> +#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) && 
> !defined LIBRESSL_VERSION_NUMBER)

A parenthesis is missing here, please be careful to always try to build
the code with submitted patches.

>       if (global.ssl_used_frontend || global.ssl_used_backend)
>               /* close random device FDs */
>               RAND_keep_random_devices_open(0);

Did you verify if this has an impact on FD leaks upon reloads when using
libressl ? My understanding of this thing is that this problem is not
easy to detect by accident and causes a mess for people who reload often.
If libressl is affected by this we probably need to find a different
fix. And if it's not affected, at least the tested version(s) must be
mentioned in the commit message so that we can reconsider or refine this
choice later if/when the problem appears with a subsequent version.
CCing William and Emeric who worked on addressing this issue for OpenSSL.

Thanks,
Willy

Reply via email to