Ubuntu
haproxy package

  1. Eoan (19.10)
  2. Bug #1841936
  3. Comment #24

Comment 24 for bug 1841936

Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: Rebuild haproxy with openssl 1.1.1 will change features (bionic)

We'd need several cleanups:
Cleanup:
5b673a658fb1a0a42dbe948b413fceeff1af0642
82b00a11b298a497b4ca93a3f3bf3c7f1399ebc2
b1e3ee6f214d82ebe98140f577777b4c47d88084
And more from there for context.
They are all meant to be no-ops changing the retval handling.
It seems less of an impact to backport the change for that context difference between the 1.8.8 that we have and the 1.8.21 that this was coded for (much better than the 2.0 fix it is for sure).

So only focus on 19dd0431b06019d5cbd253662822b15412f67144 being the actual fix.

But when checking that it becomes clear that the fix makes use of the err message pass-back mechanism that was introduced by the cleanups. Only that way it will be able to report any errors. OTOH it before didn't go into any details and that isn't the point of the fix here.

At least b1e3ee6f214d82ebe98140f577777b4c47d88084 is needed IMHO as that changes the global_dh flow of the code by dropping the "ret = 0; /* DH params not found */". That is actually part of the fix depending on configuration, even thou declared a cleanup.

Ok, that makes up the changes that I'm gonna try and test it now.