[Pkg-haproxy-maintainers] Bug#776384: Bug#776384: haproxy: Loading order of SSL certificates is unpredictable

Vincent Bernat bernat at debian.org
Wed Jan 28 08:20:54 UTC 2015

 ❦ 27 janvier 2015 15:54 +0100, Raphaël Enrici <raphael at root-42.com> :

> HAproxy currently uses readdir() function to list the directory
> where the SSL certificates are stored.
> As readdir() does not guarantee any order in the listing (neither
> alphabetical nor time ordered one), this can lead to a situation
> where two members of an active/passive HAProxy "cluster" behave
> differently without any information about it resulting in misbehaviour
> for non SNI aware devices.
> Based on the report you can find here[1] a patch has been provided
> by Cyril Bonté and accepted upstream. You can find this patch
> here[2]. It would be great if you could include it before the next
> jessie is released. If not possible at all because of the freeze, any
> future inclusion of this patch before the next HAProxy stable release
> would be welcome :)

Unfortunately, the bug being "minor", we cannot push the patch to Jessie
(at this stage, only critical patches are accepted). Also,
wheezy-backports being in sync with Jessie, it is not possible to push
the patch to wheezy-backports either. You have to wait for the release
of Jessie to have things moving forward.
Terminate input by end-of-file or marker, not by count.
            - The Elements of Programming Style (Kernighan & Plauger)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-haproxy-maintainers/attachments/20150128/28ae36de/attachment.sig>

More information about the Pkg-haproxy-maintainers mailing list