mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-17 04:51:09 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: startup: Add the SSL lib verify directory in haproxy -vv

Browse Source 
SSL libraries built manually might lack the right
X509_get_default_cert_dir() value.

The common way to fix the problem is to build openssl with
./configure --openssldir=/etc/ssl/

In order to verify this setting, output it with haproxy -vv.
This commit is contained in:
William Lallemand 2026-02-10 20:36:14 +01:00
parent c724693b95
commit 2ac0d12790
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ssl_sock.c
View File

@ -8554,6 +8554,7 @@ static void ssl_register_build_options()
#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
memprintf(&ptr, "%s\nSSL library FIPS mode : %s", ptr, FIPS_mode() ? "yes" : "no");
#endif
memprintf(&ptr, "%s\nSSL library default verify directory : %s", ptr, X509_get_default_cert_dir());
memprintf(&ptr, "%s\nSSL library supports :", ptr);
for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
if (methodVersions[i].option)