| # commit 28962c9 |
| # BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot |
| # |
| # We never saw unexplicated crash with SSL, so I suppose that we are |
| # luck, or the slot 0 is always reserved. Anyway the usage of the macro |
| # SSL_get_app_data() and SSL_set_app_data() seem wrong. This patch change |
| # the deprecated functions SSL_get_app_data() and SSL_set_app_data() |
| # by the new functions SSL_get_ex_data() and SSL_set_ex_data(), and |
| # it reserves the slot in the SSL memory space. |
| # |
| # For information, this is the two declaration which seems wrong or |
| # incomplete in the OpenSSL ssl.h file. We can see the usage of the |
| # slot 0 whoch is hardcoded, but never reserved. |
| # |
| # #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) |
| # #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) |
| |
| |
| varnishtest "OpenSSL bug: Random crashes" |
| feature ignore_unknown_macro |
| |
| |
| haproxy h1 -conf { |
| global |
| tune.ssl.default-dh-param 2048 |
| tune.ssl.capture-cipherlist-size 1 |
| |
| listen frt |
| mode http |
| bind "fd@${frt}" ssl crt ${testdir}/common.pem |
| http-request redirect location / |
| } -start |
| |
| |
| # Note that with such a HAProxy configuration and curl status is 52 |
| # (Empty reply from server). |
| |
| process p1 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start |
| process p2 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start |
| process p3 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start |
| process p4 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start |
| process p5 "curl -i -k http://${h1_frt_addr}:${h1_frt_port}" -expect-exit 52 -start |
| |
| process p1 -wait |
| process p2 -wait |
| process p3 -wait |
| process p4 -wait |
| process p5 -wait |