FS#60411 : [haproxy] HAProxy 1.8 does not work with OpenSSL 1.1.1.

FS#60411 - [haproxy] HAProxy 1.8 does not work with OpenSSL 1.1.1.

Attached to Project: Community Packages
Opened by Sten Aus (aus) - Monday, 15 October 2018, 09:14 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 October 2018, 13:06 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Johannes Löthberg (demize)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

HAProxy 1.8 will fail working with OpenSSL 1.1.1. At least when using client certificates.

HAProxy forwards 80 to 443, then does SSL offload, sends necessary headers and forwards request to worker Apache port 80.

After receiving client certificate web browser shows SSL ERROR (Unknown SSL protocol error).

Downloaded HAProxy 1.9-dev3 from git and compiling it with:
"make TARGET=linux24 USE_GETADDRINFO=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1"

Got working solution.

Time of writing: HAProxy 1.9 stable release date is unknown.

This task depends upon

Closed by Johannes Löthberg (demize)
Saturday, 20 October 2018, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: 1.8.14-1

Comment by Jerome (jethro) - Monday, 15 October 2018, 14:44 GMT

this was built against openssl 1.1.0 and arch now has 1.1.1.
you should rebuild the package (and bump version to 1.8.14 because it fixes CVE-2018-14645 and a few other bugs).
get the pkgbuild file from there https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/haproxy

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#60411 - [haproxy] HAProxy 1.8 does not work with OpenSSL 1.1.1.

Details

Loading...