尝试在1.5-dev17上启用ssl时获取段错误
Ubuntu Server 12.04
尝试使用私钥和CA捆绑连接并用作单个crt几乎可以想到的每个变体,还尝试使用私钥和ca-file作为CA捆绑包拆分crt。
/etc/haproxy/haproxy.cfg
global
maxconn 4096
daemon
defaults
mode http
contimeout 5000
clitimeout 50000
srvtimeout 50000
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http
bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend unicorn
frontend https
bind *:443 ssl crt /path/to/private.key ca-file /path/to/bundle.crt
reqadd X-Forwarded-Proto:\ https
default_backend unicorn
backend unicorn
server unicorn 127.0.0.1:8080 check
listen stats :8081
mode http
stats enable
stats scope unicorn
stats realm Haproxy\ Statistics
stats uri /
stats auth haproxy:YOURPASSWORDHERE
gdb输出
Reading symbols from /usr/local/sbin/haproxy...done.
(gdb) run -f /etc/haproxy/haproxy.cfg
Starting program: /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000045edc0 in bind_parse_ssl (args=<optimized out>, cur_arg=<optimized out>, px=<optimized out>, conf=<optimized out>, err=<optimized out>) at src/ssl_sock.c:2566
2566 list_for_each_entry(l, &conf->listeners, by_bind)
答案 0 :(得分:8)
您的配置不会让haproxy-1.5-dev17崩溃。但是,你有没有机会在没有启用ssl支持的情况下进行首次构建,那么只用ssl进行部分重建? 我的意思是,像:
$ make TARGET=linux2628
...
$ make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1
如果是这样,您的构建可能无效,因为某些需要重新编译的文件不会重新编译。
你可以尝试一下:
make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1 clean all