[Pkg-haproxy-maintainers] Bug#776384: Bug#776384: haproxy: Loading order of SSL certificates is unpredictable

Raphaël Enrici raphael at root-42.com
Wed Jan 28 12:45:25 UTC 2015

Well, that's what I ought to ear from you ;)

Let's wait and keep this one opened at least for future reference.

Thanks and have a nice day!

On 28 January 2015 at 09:20, Vincent Bernat <bernat at debian.org> wrote:
>  ❦ 27 janvier 2015 15:54 +0100, Raphaël Enrici <raphael at root-42.com> :
>> HAproxy currently uses readdir() function to list the directory
>> where the SSL certificates are stored.
>> As readdir() does not guarantee any order in the listing (neither
>> alphabetical nor time ordered one), this can lead to a situation
>> where two members of an active/passive HAProxy "cluster" behave
>> differently without any information about it resulting in misbehaviour
>> for non SNI aware devices.
>> Based on the report you can find here[1] a patch has been provided
>> by Cyril Bonté and accepted upstream. You can find this patch
>> here[2]. It would be great if you could include it before the next
>> jessie is released. If not possible at all because of the freeze, any
>> future inclusion of this patch before the next HAProxy stable release
>> would be welcome :)
> Unfortunately, the bug being "minor", we cannot push the patch to Jessie
> (at this stage, only critical patches are accepted). Also,
> wheezy-backports being in sync with Jessie, it is not possible to push
> the patch to wheezy-backports either. You have to wait for the release
> of Jessie to have things moving forward.
> --
> Terminate input by end-of-file or marker, not by count.
>             - The Elements of Programming Style (Kernighan & Plauger)

More information about the Pkg-haproxy-maintainers mailing list