On Thu, Jul 07, 2022 at 07:53:24AM -0600, Shawn Heisey wrote: > On 7/6/22 09:50, Илья Шипицин wrote: > > haproxy is built in CI against latest quictls, for example quictls-3.0.5 > > > > https://github.com/haproxy/haproxy/runs/7214888804?check_suite_focus=true > > > > please open an issue on github with failure details, no known build > > failures so far > > Shortly after I saw this message, I tried the build again. My script > does "git pull" on the repo. There were a bunch of updates to the > quictls repo, and now haproxy compiles and runs. > > I am getting a new config warning, though: > > elyograg@bilbo:/usr/local/src$ sudo haproxy -c -f /etc/haproxy/haproxy.cfg > [NOTICE] (2080586) : haproxy version is 2.6.1 > [NOTICE] (2080586) : path to executable is /usr/local/sbin/haproxy > [WARNING] (2080586) : config : ca-file: 0 CA were loaded from '@system-ca' > Warnings were found. > Configuration file is valid > HAProxy uses the ca-certificates provided by OpenSSL. The SSL_CERT_DIR by default is set to the "certs" directory inside your openssldir. You can check your openssldir by using the "openssl" binary you compiled with your library (not the one of your distribution).
$ openssl version -d OPENSSLDIR: "/usr/lib/ssl" So you might want to set the SSL_CERT_DIR environment variable before starting HAProxy or doing a symlink from your openssldir to the real path of your ca-certificates ( /etc/ssl/certs ? ) This warning is emitted when trying to load the ca-certificates into the httpclient at startup with an empty directory. (Which is not supposed to happen on the openssl build of your distribution) -- William Lallemand
