Unless you statically link OpenSSL, haproxy will attempt to load default OS SOs on startup. Obviously, haproxy was compiled with OpenSSL 1.1.1c, but default SOs are not. You should add your OpenSSL 1.1.1c SO directory to, say, /etc/ld.so.conf.d/ossl111c.conf file (or whatever else you choose to name it as long as it's .conf) and run ldconfig to load the updated configuration. You can use "ldd haproxy" to verify SO dependencies and how they are resolved.
Bob -----Original Message----- From: hal...@xsmail.com <hal...@xsmail.com> Sent: Wednesday, July 17, 2019 11:39 AM To: Zakharychev, Bob <bob.zakharyc...@spirent.com>; email@example.com Subject: Re: haproxy 2.0.0 build openssl version mismatch? bob On Wed, Jul 17, 2019, at 8:29 AM, Zakharychev, Bob wrote: > you are using SSL_INC and SSL_LIB incorrectly: they should ONLY > contain paths to corresponding include and library directories, not > GCC options. So in your case they should look like this: > > SSL_LIB=/opt/prod/openssl111c/lib64 \ > SSL_INC=/opt/prod/openssl111c/include \ switching to make V=1 \ TARGET=linux-glibc \ USE_SYSTEMD=1 \ USE_PCRE2=1 \ USE_PCRE2_JIT=1 \ USE_OPENSSL=1 \ SSL_LIB=/opt/prod/openssl111c/lib64 \ SSL_INC=/opt/prod/openssl111c/include \ USE_THREAD=1 \ USE_PTHREAD_PSHARED=1 \ USE_TFO=1 \ USE_NS=1 now, after build, /opt/prod/haproxy/sbin/haproxy -vv /opt/prod/haproxy/sbin/haproxy: /usr/lib64/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by /opt/prod/haproxy/sbin/haproxy) /opt/prod/haproxy/sbin/haproxy: /usr/lib64/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by /opt/prod/haproxy/sbin/haproxy) it completely ignores the specified paths, and incorrectly links the distro-installed, system libs. hal