Hi Ilya, On Wed, May 08, 2019 at 11:34:57AM +0500, ???? ??????? wrote: > From ad9961e92c692430272c9088a49759c889dac6f1 Mon Sep 17 00:00:00 2001 > From: Ilya Shipitsin <[email protected]> > Date: Wed, 8 May 2019 11:32:02 +0500 > Subject: [PATCH] BUILD: do not use "RAND_keep_random_devices_open" when > building against LibreSSL > > --- > src/haproxy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/haproxy.c b/src/haproxy.c > index 4c371254..c8a8aaf0 100644 > --- a/src/haproxy.c > +++ b/src/haproxy.c > @@ -590,7 +590,7 @@ void mworker_reload() > ptdf->fct(); > if (fdtab) > deinit_pollers(); > -#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) > +#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) && > !defined LIBRESSL_VERSION_NUMBER)
A parenthesis is missing here, please be careful to always try to build the code with submitted patches. > if (global.ssl_used_frontend || global.ssl_used_backend) > /* close random device FDs */ > RAND_keep_random_devices_open(0); Did you verify if this has an impact on FD leaks upon reloads when using libressl ? My understanding of this thing is that this problem is not easy to detect by accident and causes a mess for people who reload often. If libressl is affected by this we probably need to find a different fix. And if it's not affected, at least the tested version(s) must be mentioned in the commit message so that we can reconsider or refine this choice later if/when the problem appears with a subsequent version. CCing William and Emeric who worked on addressing this issue for OpenSSL. Thanks, Willy
