[Bug]: [haproxy] blocking when using chroot wolfssl #7197
Assignees
Labels
Comments
|
Hello, Any update on this? |
|
1 for this. wolfssl is emerging as very good alternative to OpenSSL for http/3 in HAproxy and this problem can be "confusing" for users |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Contact Details
No response
Version
5.6.6
Description
HAProxy has a "chroot" primitive which is often used by users. With OpenSSL, Rand_Bytes() is called before chroot() so OpenSSL is able to open /dev/urandom and keep the FD. Once HAProxy has done its chroot(), the random is fed from this FD.
With WolfSSL, its seems that wc_GenerateSeed() is not keeping the fd and is closing it each time, which means once chroot'ed, haproxy does not have access anymore to the random source, and every requests are blocking.
It looks like the only way to make this work, is to stop using /dev/urandom and use getrandom(), by building wolfSSL with WOLFSSL_GETRANDOM.
Is there a way to keep to the /dev/urandom open during init and keep using it?
Thanks
Reproduction steps
No response
Relevant log output
The text was updated successfully, but these errors were encountered: