Hi Olivier, That makes sense. I figured it was one of my various odd settings not being tested with the other (this config is rather…complex), and I hoped your eyes would be better than mine. Glad they were!
Thanks for getting this fixed up. I'll pull the latest git when I have the chance and confirm it fixes it. Best, Luke — Luke Seelenbinder Stadia Maps | Founder stadiamaps.com > On Jun 28, 2019, at 14:14, Olivier Houchard <ohouch...@haproxy.com> wrote: > > Hi Luke, > > On Fri, Jun 28, 2019 at 07:05:32AM +0200, Luke Seelenbinder wrote: >> Hello all, >> >> I've found a segfault in v2.0.1. I believe the issue is a no-ssl directive >> on a server line after seeing check ssl on default-server in defaults. >> Here's the snips of my config. I haven't been able to create a minimal >> config that recreates it, since my config is rather complex. >> >> defaults >> log global >> mode http >> default-server ca-file ca-certificates.crt resolvers default inter 5s >> fastinter 2s downinter 10s init-addr libc,last check ssl check-alpn http/1.1 >> pool-purge-delay 60s max-reuse 1500 alpn http/1.1 >> […snip…] >> backend varnish >> server varnish_local unix@/path-to-socket.sock no-check-ssl no-ssl >> >> If I remove no-ssl, it starts up, but the check naturally fails. If I add it >> back, I get a segmentation fault. I've tried this with and without unix >> sockets to verify it wasn't something related to IP binding. >> >> I'm happy to try alternatives / test things a bit. >> >> Best, > > Indeed, "check-alpn" failed to make sure we were really using a SSL connection > before attempting to change the ALPN. This should be fixed by commit > c50eb73b85f80ac1ac6e519fcab2ba6807f5de65, and should be backported to 2.0 > soon. > > Thanks a lot ! > > Olivier