Hi Luke,

On Fri, Jun 28, 2019 at 07:05:32AM +0200, Luke Seelenbinder wrote:
> Hello all,
> 
> I've found a segfault in v2.0.1. I believe the issue is a no-ssl directive on 
> a server line after seeing check ssl on default-server in defaults. Here's 
> the snips of my config. I haven't been able to create a minimal config that 
> recreates it, since my config is rather complex.
> 
> defaults
>   log  global
>   mode http
>   default-server ca-file ca-certificates.crt resolvers default inter 5s 
> fastinter 2s downinter 10s init-addr libc,last check ssl check-alpn http/1.1 
> pool-purge-delay 60s max-reuse 1500 alpn http/1.1
> […snip…]
> backend varnish
>   server varnish_local   unix@/path-to-socket.sock no-check-ssl no-ssl
> 
> If I remove no-ssl, it starts up, but the check naturally fails. If I add it 
> back, I get a segmentation fault. I've tried this with and without unix 
> sockets to verify it wasn't something related to IP binding.
> 
> I'm happy to try alternatives / test things a bit.
> 
> Best,

Indeed, "check-alpn" failed to make sure we were really using a SSL connection
before attempting to change the ALPN. This should be fixed by commit
c50eb73b85f80ac1ac6e519fcab2ba6807f5de65, and should be backported to 2.0
soon.

Thanks a lot !

Olivier

Reply via email to