Frederic, can you help with some "haproxy reg test getting started" doc ?
ср, 8 мая 2019 г. в 13:13, Илья Шипицин <chipits...@gmail.com>: > > > ср, 8 мая 2019 г. в 13:03, Willy Tarreau <w...@1wt.eu>: > >> Hi Ilya, >> >> On Wed, May 08, 2019 at 11:34:57AM +0500, ???? ??????? wrote: >> > From ad9961e92c692430272c9088a49759c889dac6f1 Mon Sep 17 00:00:00 2001 >> > From: Ilya Shipitsin <chipits...@gmail.com> >> > Date: Wed, 8 May 2019 11:32:02 +0500 >> > Subject: [PATCH] BUILD: do not use "RAND_keep_random_devices_open" when >> > building against LibreSSL >> > >> > --- >> > src/haproxy.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/src/haproxy.c b/src/haproxy.c >> > index 4c371254..c8a8aaf0 100644 >> > --- a/src/haproxy.c >> > +++ b/src/haproxy.c >> > @@ -590,7 +590,7 @@ void mworker_reload() >> > ptdf->fct(); >> > if (fdtab) >> > deinit_pollers(); >> > -#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) >> > +#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) && >> !defined LIBRESSL_VERSION_NUMBER) >> >> A parenthesis is missing here, please be careful to always try to build >> the code with submitted patches. >> >> > if (global.ssl_used_frontend || global.ssl_used_backend) >> > /* close random device FDs */ >> > RAND_keep_random_devices_open(0); >> >> Did you verify if this has an impact on FD leaks upon reloads when using >> > > I did a mess two times :) > > > >> libressl ? My understanding of this thing is that this problem is not >> easy to detect by accident and causes a mess for people who reload often. >> If libressl is affected by this we probably need to find a different >> fix. And if it's not affected, at least the tested version(s) must be >> mentioned in the commit message so that we can reconsider or refine this >> choice later if/when the problem appears with a subsequent version. >> CCing William and Emeric who worked on addressing this issue for OpenSSL. >> > > I planned to have a look at it actually. The idea is to write some reg > test which will reload and watch for open FDs. > not sure whether it is easy or not > > > the idea behind quick patch is "if you use LibreSSL you are on your own > and you have been warned" > (yes, we did our best to make it work with LibreSSL, but it is still a > niche solution, not very well tested) > > >> Thanks, >> Willy >> >