Hi Luke, On Fri, Jun 28, 2019 at 07:05:32AM +0200, Luke Seelenbinder wrote: > Hello all, > > I've found a segfault in v2.0.1. I believe the issue is a no-ssl directive on > a server line after seeing check ssl on default-server in defaults. Here's > the snips of my config. I haven't been able to create a minimal config that > recreates it, since my config is rather complex. > > defaults > log global > mode http > default-server ca-file ca-certificates.crt resolvers default inter 5s > fastinter 2s downinter 10s init-addr libc,last check ssl check-alpn http/1.1 > pool-purge-delay 60s max-reuse 1500 alpn http/1.1 > […snip…] > backend varnish > server varnish_local unix@/path-to-socket.sock no-check-ssl no-ssl > > If I remove no-ssl, it starts up, but the check naturally fails. If I add it > back, I get a segmentation fault. I've tried this with and without unix > sockets to verify it wasn't something related to IP binding. > > I'm happy to try alternatives / test things a bit. > > Best,
Indeed, "check-alpn" failed to make sure we were really using a SSL connection before attempting to change the ALPN. This should be fixed by commit c50eb73b85f80ac1ac6e519fcab2ba6807f5de65, and should be backported to 2.0 soon. Thanks a lot ! Olivier
