具有1.5-dev17的HAproxy SSL Segfault [英] HAproxy SSL Segfault with 1.5-dev17
问题描述
尝试在1.5-dev17上启用ssl时遇到段错误
Getting a segfault when trying to enable ssl on 1.5-dev17
Ubuntu服务器12.04
Ubuntu Server 12.04
我尝试了将私钥和CA捆绑在一起并用作单个crt的几乎所有变体,还尝试了将私钥和ca文件作为CA捆绑的split crt.
Tried almost every variation I could think of with private key and CA bundle concatenated and used as a single crt, also tried split crt with private key and ca-file as CA bundle.
/etc/haproxy/haproxy.cfg
global
maxconn 4096
daemon
defaults
mode http
contimeout 5000
clitimeout 50000
srvtimeout 50000
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http
bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend unicorn
frontend https
bind *:443 ssl crt /path/to/private.key ca-file /path/to/bundle.crt
reqadd X-Forwarded-Proto:\ https
default_backend unicorn
backend unicorn
server unicorn 127.0.0.1:8080 check
listen stats :8081
mode http
stats enable
stats scope unicorn
stats realm Haproxy\ Statistics
stats uri /
stats auth haproxy:YOURPASSWORDHERE
gdb输出
Reading symbols from /usr/local/sbin/haproxy...done.
(gdb) run -f /etc/haproxy/haproxy.cfg
Starting program: /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000045edc0 in bind_parse_ssl (args=<optimized out>, cur_arg=<optimized out>, px=<optimized out>, conf=<optimized out>, err=<optimized out>) at src/ssl_sock.c:2566
2566 list_for_each_entry(l, &conf->listeners, by_bind)
推荐答案
您的配置对我来说不会使haproxy-1.5-dev17崩溃.但是,难道您没有在没有启用ssl支持的情况下进行首次构建,而是仅通过ssl进行了部分重建吗? 我的意思是,像这样:
Your configuration does not crash haproxy-1.5-dev17 for me. However, didn't you by any chance do a first build without enabling ssl support, then only a partial rebuild with ssl ? I mean, something like :
$ make TARGET=linux2628
...
$ make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1
如果是这样,您的版本可能无效,因为某些需要重新编译的文件未重新编译.
If so, your build may be invalid, because some files requiring recompilation are not recompiled.
您可以尝试:
make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1 clean all
这篇关于具有1.5-dev17的HAproxy SSL Segfault的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!