]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c724693)
MINOR: startup: Add the SSL lib verify directory in haproxy -vv
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 10 Feb 2026 19:36:14 +0000 (20:36 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Tue, 10 Feb 2026 20:06:38 +0000 (21:06 +0100)
SSL libraries built manually might lack the right
X509_get_default_cert_dir() value.

The common way to fix the problem is to build openssl with
./configure --openssldir=/etc/ssl/

In order to verify this setting, output it with haproxy -vv.

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3540038a25075ce8734099ab546d80b16668b17b..7a75d7c5bfd445b4ed4d4058f309d73207e5d770 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8554,6 +8554,7 @@ static void ssl_register_build_options()
 #if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
        memprintf(&ptr, "%s\nSSL library FIPS mode : %s", ptr, FIPS_mode() ? "yes" : "no");
 #endif
+       memprintf(&ptr, "%s\nSSL library default verify directory : %s", ptr, X509_get_default_cert_dir());
        memprintf(&ptr, "%s\nSSL library supports :", ptr);
        for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
                if (methodVersions[i].option)
Mirror of https://github.com/haproxy/haproxy.git