Hi everyone, (Please note that I'm not subscribed to the mailing list so I will ask you to cc your answers both to me and the mailing list)
I encounter a bug which I think is rather "critical" ; I hope someone can help me. The problem happens when I try to setup HTTP basic auth on a backend ; here is my config example: https://gist.github.com/wnkz/c2d1c0e6c49fa500658f userlist L1 # user foo insecure-password foo user foo password $apr1$Y/Oslz7K$EqwCC6SqzEn35VilLwh/V0 backend S3_developer acl auth_dev http_auth(L1) http-request auth realm Foo unless auth_dev redirect scheme https if !{ ssl_fc } server S3_developer foo.amazonaws.com:80 This is the same user ; with the same password (foo) only one is plain-text and the other one has been generated with htpasswd. I test this setup with curl: curl --user 'foo:foo' -vL https://test.mydomain/ When I use the "insecure-password" line ; the test works just fine but when I auth with the same user:password with the classic "password" config line here is what I get from my curl: * Empty reply from server * Connection #0 to host test.mydomain left intact curl: (52) Empty reply from server And then when I check back on my server ; haproxy process is gone ; nothing in the log files but I saw this is dmesg: [326678.071345] haproxy[7502]: segfault at 0 ip 00007ffff6e8cd56 sp 00007fffffffe148 error 4 in libc-2.19.so[7ffff6d4c000+1bb000] I tried different users, different password and I always get the same result so I installed haproxy-dbg and gdb and ran haproxy with gdb. So here is my configuration and the gdb backtrace: lsb_release -a: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.1 LTS Release: 14.04 Codename: trusty uname -srv: - Linux 3.13.0-34-generic #60-Ubuntu SMP Wed Aug 13 15:45:27 UTC 2014 haproxy repo: - http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu trusty main haproxy -vv: HA-Proxy version 1.5.3 2014/07/25 Copyright 2000-2014 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. gdb trace: - https://gist.github.com/wnkz/e0ae0b0ae60080c41f04 Thank you for your support. Best regards, Grégoire. (Please note that I'm not subscribed to the mailing list so I will ask you to cc your answers both to me and the mailing list)
