[Pkg-haproxy-maintainers] Bug#776384: Bug#776384: haproxy: Loading order of SSL certificates is unpredictable
raphael at root-42.com
Wed Jan 28 12:45:25 UTC 2015
Well, that's what I ought to ear from you ;)
Let's wait and keep this one opened at least for future reference.
Thanks and have a nice day!
On 28 January 2015 at 09:20, Vincent Bernat <bernat at debian.org> wrote:
> ❦ 27 janvier 2015 15:54 +0100, Raphaël Enrici <raphael at root-42.com> :
>> HAproxy currently uses readdir() function to list the directory
>> where the SSL certificates are stored.
>> As readdir() does not guarantee any order in the listing (neither
>> alphabetical nor time ordered one), this can lead to a situation
>> where two members of an active/passive HAProxy "cluster" behave
>> differently without any information about it resulting in misbehaviour
>> for non SNI aware devices.
>> Based on the report you can find here a patch has been provided
>> by Cyril Bonté and accepted upstream. You can find this patch
>> here. It would be great if you could include it before the next
>> jessie is released. If not possible at all because of the freeze, any
>> future inclusion of this patch before the next HAProxy stable release
>> would be welcome :)
> Unfortunately, the bug being "minor", we cannot push the patch to Jessie
> (at this stage, only critical patches are accepted). Also,
> wheezy-backports being in sync with Jessie, it is not possible to push
> the patch to wheezy-backports either. You have to wait for the release
> of Jessie to have things moving forward.
> Terminate input by end-of-file or marker, not by count.
> - The Elements of Programming Style (Kernighan & Plauger)
More information about the Pkg-haproxy-maintainers