Hi Olivier,

That makes sense. I figured it was one of my various odd settings not being 
tested with the other (this config is rather…complex), and I hoped your eyes 
would be better than mine. Glad they were!

Thanks for getting this fixed up. I'll pull the latest git when I have the 
chance and confirm it fixes it.

Best,
Luke
—
Luke Seelenbinder
Stadia Maps | Founder
stadiamaps.com

> On Jun 28, 2019, at 14:14, Olivier Houchard <ohouch...@haproxy.com> wrote:
> 
> Hi Luke,
> 
> On Fri, Jun 28, 2019 at 07:05:32AM +0200, Luke Seelenbinder wrote:
>> Hello all,
>> 
>> I've found a segfault in v2.0.1. I believe the issue is a no-ssl directive 
>> on a server line after seeing check ssl on default-server in defaults. 
>> Here's the snips of my config. I haven't been able to create a minimal 
>> config that recreates it, since my config is rather complex.
>> 
>> defaults
>>  log  global
>>  mode http
>>  default-server ca-file ca-certificates.crt resolvers default inter 5s 
>> fastinter 2s downinter 10s init-addr libc,last check ssl check-alpn http/1.1 
>> pool-purge-delay 60s max-reuse 1500 alpn http/1.1
>> […snip…]
>> backend varnish
>>  server varnish_local   unix@/path-to-socket.sock no-check-ssl no-ssl
>> 
>> If I remove no-ssl, it starts up, but the check naturally fails. If I add it 
>> back, I get a segmentation fault. I've tried this with and without unix 
>> sockets to verify it wasn't something related to IP binding.
>> 
>> I'm happy to try alternatives / test things a bit.
>> 
>> Best,
> 
> Indeed, "check-alpn" failed to make sure we were really using a SSL connection
> before attempting to change the ALPN. This should be fixed by commit
> c50eb73b85f80ac1ac6e519fcab2ba6807f5de65, and should be backported to 2.0
> soon.
> 
> Thanks a lot !
> 
> Olivier

Reply via email to