具有1.5-dev17的HAproxy SSL Segfault [英] HAproxy SSL Segfault with 1.5-dev17

问题描述

尝试在1.5-dev17上启用ssl时遇到段错误

Getting a segfault when trying to enable ssl on 1.5-dev17

Ubuntu服务器12.04

Ubuntu Server 12.04

我尝试了将私钥和CA捆绑在一起并用作单个crt的几乎所有变体，还尝试了将私钥和ca文件作为CA捆绑的split crt.

Tried almost every variation I could think of with private key and CA bundle concatenated and used as a single crt, also tried split crt with private key and ca-file as CA bundle.

/etc/haproxy/haproxy.cfg

global
   maxconn 4096
   daemon

defaults
   mode   http
   contimeout   5000
   clitimeout   50000
   srvtimeout   50000
   option forwardfor
   retries 3
   option redispatch
   option http-server-close

frontend http
   bind *:80
   reqadd X-Forwarded-Proto:\ http
   default_backend unicorn

frontend https
   bind *:443 ssl crt /path/to/private.key ca-file /path/to/bundle.crt
   reqadd X-Forwarded-Proto:\ https
   default_backend unicorn

backend unicorn
   server unicorn 127.0.0.1:8080 check

listen stats :8081
   mode http
   stats enable
   stats scope unicorn
   stats realm Haproxy\ Statistics
   stats uri /
   stats auth haproxy:YOURPASSWORDHERE

gdb输出

Reading symbols from /usr/local/sbin/haproxy...done.
(gdb) run -f /etc/haproxy/haproxy.cfg
Starting program: /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000000045edc0 in bind_parse_ssl (args=<optimized out>, cur_arg=<optimized out>, px=<optimized out>, conf=<optimized out>, err=<optimized out>) at src/ssl_sock.c:2566
2566            list_for_each_entry(l, &conf->listeners, by_bind)

推荐答案

您的配置对我来说不会使haproxy-1.5-dev17崩溃.但是，难道您没有在没有启用ssl支持的情况下进行首次构建，而是仅通过ssl进行了部分重建吗? 我的意思是，像这样:

Your configuration does not crash haproxy-1.5-dev17 for me. However, didn't you by any chance do a first build without enabling ssl support, then only a partial rebuild with ssl ? I mean, something like :

$ make TARGET=linux2628
...
$ make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1

如果是这样，您的版本可能无效，因为某些需要重新编译的文件未重新编译.

If so, your build may be invalid, because some files requiring recompilation are not recompiled.

您可以尝试:

make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1 clean all

这篇关于具有1.5-dev17的HAproxy SSL Segfault的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！