haproxy/doc
Aurelien DARRAGON 4f906a9c38 BUG/MINOR: hlua: use CertCache.set() from various hlua contexts
Using CertCache.set() from init context wasn't explicitly supported and
caused the process to crash:

crash.lua:
  core.register_init(function()
    CertCache.set{filename="reg-tests/ssl/set_cafile_client.pem", ocsp=""}
  end)

crash.conf:
  global
    lua-load crash.lua
  listen front
    bind localhost:9090 ssl crt reg-tests/ssl/set_cafile_client.pem ca-file reg-tests/ssl/set_cafile_interCA1.crt verify none

./haproxy -f crash.conf
[NOTICE]   (267993) : haproxy version is 3.0-dev2-640ff6-910
[NOTICE]   (267993) : path to executable is ./haproxy
[WARNING]  (267993) : config : missing timeouts for proxy 'front'.
   | While not properly invalid, you will certainly encounter various problems
   | with such a configuration. To fix this, please ensure that all following
   | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
[1]    267993 segmentation fault (core dumped)  ./haproxy -f crash.conf

This is because in hlua_ckch_set/hlua_ckch_commit_yield, we always
consider that we're being called from a yield-capable runtime context.
As such, hlua_gethlua() is never checked for NULL and we systematically
try to wake hlua->task and yield every 10 instances.

In fact, if we're called from the body or init context (that is, during
haproxy startup), hlua_gethlua() will return NULL, and in this case we
shouldn't care about yielding because it is ok to commit all instances
at once since haproxy is still starting up.

Also, when calling CertCache.set() from a non-yield capable runtime
context (such as hlua fetch context), we kept doing as if the yield
succeeded, resulting in unexpected function termination (operation
would be aborted and the CertCache lock wouldn't be released). Instead,
now we explicitly state in the doc that CertCache.set() cannot be used
from a non-yield capable runtime context, and we raise a runtime error
if it is used that way.

These bugs were discovered by reading the code when trying to address
Svace report documented by @Bbulatov GH #2586.

It should be backported up to 2.6 with 30fcca18 ("MINOR: ssl/lua:
CertCache.set() allows to update an SSL certificate file")
2024-06-03 17:00:00 +02:00
..
design-thoughts DOC: design: write first notes about ring-v2 2024-03-09 11:23:52 +01:00
internals MINOR: dynbuf: pass a criticality argument to b_alloc() 2024-05-10 17:18:13 +02:00
lua-api BUG/MINOR: hlua: use CertCache.set() from various hlua contexts 2024-06-03 17:00:00 +02:00
51Degrees-device-detection.txt DOC: 51d: updated 51Degrees repo URL for v3.2.10 2023-11-23 16:26:13 +01:00
acl.fig
architecture.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
coding-style.txt DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments 2021-05-09 06:50:46 +02:00
configuration.txt DOC: configuration: add an example for keywords from crt-store 2024-06-03 11:02:23 +02:00
cookie-options.txt DOC: fix a few typos in the documentation 2018-11-18 22:23:15 +01:00
DeviceAtlas-device-detection.txt CLEANUP: assorted typo fixes in the code and comments 2024-03-05 11:50:34 +01:00
gpl.txt
haproxy.1 DOC: add description of pidfile in master-worker mode 2020-08-26 18:40:53 +02:00
HAProxyCommunityEdition_60px.png DOC: replace the README by a markdown version 2024-05-30 13:53:46 +02:00
intro.txt [RELEASE] Released version 3.1-dev0 2024-05-29 15:00:02 +02:00
lgpl.txt
linux-syn-cookies.txt
lua.txt [RELEASE] Released version 2.9-dev9 2023-11-04 09:38:16 +01:00
management.txt [RELEASE] Released version 3.1-dev0 2024-05-29 15:00:02 +02:00
netscaler-client-ip-insertion-protocol.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
network-namespaces.txt
peers-v2.0.txt MEDIUM: stick-tables: add a new stored type for glitch_cnt and glitch_rate 2024-02-08 15:51:49 +01:00
peers.txt CLEANUP: assorted typo fixes in the code and comments 2022-12-07 09:08:18 +01:00
proxy-protocol.txt DOC: proxy-protocol: fix wrong byte in provided example 2023-02-12 09:26:48 +01:00
queuing.fig
regression-testing.txt CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
seamless_reload.txt CLEANUP: removed obsolete examples an move a few to better places 2019-06-15 21:25:06 +02:00
SOCKS4.protocol.txt MEDIUM: connection: Upstream SOCKS4 proxy support 2019-05-31 17:24:06 +02:00
SPOE.txt MAJOR: spoe: Let the SPOE back into the game 2024-05-22 09:04:38 +02:00
WURFL-device-detection.txt CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl 2021-04-02 17:48:42 +02:00