53 lines
1.5 KiB
Plaintext
53 lines
1.5 KiB
Plaintext
# commit 28962c9
|
|
# BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
|
|
#
|
|
# We never saw unexplicated crash with SSL, so I suppose that we are
|
|
# luck, or the slot 0 is always reserved. Anyway the usage of the macro
|
|
# SSL_get_app_data() and SSL_set_app_data() seem wrong. This patch change
|
|
# the deprecated functions SSL_get_app_data() and SSL_set_app_data()
|
|
# by the new functions SSL_get_ex_data() and SSL_set_ex_data(), and
|
|
# it reserves the slot in the SSL memory space.
|
|
#
|
|
# For information, this is the two declaration which seems wrong or
|
|
# incomplete in the OpenSSL ssl.h file. We can see the usage of the
|
|
# slot 0 whoch is hardcoded, but never reserved.
|
|
#
|
|
# #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
|
|
# #define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
|
|
|
|
#REGTEST_TYPE=bug
|
|
|
|
varnishtest "OpenSSL bug: Random crashes"
|
|
#REQUIRE_OPTIONS=OPENSSL
|
|
feature ignore_unknown_macro
|
|
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
.if !ssllib_name_startswith(AWS-LC)
|
|
tune.ssl.default-dh-param 2048
|
|
.endif
|
|
tune.ssl.capture-buffer-size 1
|
|
|
|
defaults
|
|
timeout client 30s
|
|
timeout server 30s
|
|
timeout connect 30s
|
|
|
|
listen frt
|
|
mode http
|
|
bind "fd@${frt}" ssl crt ${testdir}/common.pem
|
|
http-request redirect location /
|
|
} -start
|
|
|
|
shell {
|
|
HOST=${h1_frt_addr}
|
|
if [ "${h1_frt_addr}" = "::1" ] ; then
|
|
HOST="\[::1\]"
|
|
fi
|
|
for i in 1 2 3 4 5; do
|
|
curl -i -k https://$HOST:${h1_frt_port} & pids="$pids $!"
|
|
done
|
|
wait $pids
|
|
}
|