{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":128791889,"defaultBranch":"master","name":"haproxy","ownerLogin":"haproxy","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2018-04-09T15:17:42.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/38220289?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717421144.0","currentOid":""},"activityList":{"items":[{"before":"dc8a2c7f43aca6cb02246da67fe0ea93cc3f14b0","after":"a63f2cde948e4d8049c961e94029b1fd2752a71d","ref":"refs/heads/master","pushedAt":"2024-06-03T15:08:21.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CLEANUP: hlua: fix CertCache class comment\n\nCLASS_CERTCACHE is used to declare CertCache global object, not Regex one\n\nThis copy-paste typo introduced was in 30fcca18 (\"MINOR: ssl/lua:\nCertCache.set() allows to update an SSL certificate file\")","shortMessageHtmlLink":"CLEANUP: hlua: fix CertCache class comment"}},{"before":"dc8a2c7f43aca6cb02246da67fe0ea93cc3f14b0","after":null,"ref":"refs/heads/20240603-readme.md","pushedAt":"2024-06-03T13:25:44.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"45cac52212538ae16e9c232a6a73b6fe4710734c","after":"dc8a2c7f43aca6cb02246da67fe0ea93cc3f14b0","ref":"refs/heads/master","pushedAt":"2024-06-03T13:25:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: change the link to the FreeBSD CI in README.md\n\nChange the link to the FreeBSD CI status badge to use the cirrus.com\njobs list.","shortMessageHtmlLink":"DOC: change the link to the FreeBSD CI in README.md"}},{"before":null,"after":"dc8a2c7f43aca6cb02246da67fe0ea93cc3f14b0","ref":"refs/heads/20240603-readme.md","pushedAt":"2024-06-03T13:23:00.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: change the link to the FreeBSD CI in README.md\n\nChange the link to the FreeBSD CI status badge to use the cirrus.com\njobs list.","shortMessageHtmlLink":"DOC: change the link to the FreeBSD CI in README.md"}},{"before":"ab23d7eb690cc3d68b450d58dc1f47d1db01b3f5","after":"45cac52212538ae16e9c232a6a73b6fe4710734c","ref":"refs/heads/master","pushedAt":"2024-06-03T13:15:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: add the FreeBSD status badge to README.md\n\nAdd the FreeBSD status badge that comes from the Cirrus CI in the\nREADME.md","shortMessageHtmlLink":"DOC: add the FreeBSD status badge to README.md"}},{"before":"c79c3121427ca240f36e1838fba777b8e92ac81f","after":"ab23d7eb690cc3d68b450d58dc1f47d1db01b3f5","ref":"refs/heads/master","pushedAt":"2024-06-03T09:59:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: speedup apt package install\n\nwe are fine to skip some repos like languages and translations.\nthis drops number of repos twice","shortMessageHtmlLink":"CI: speedup apt package install"}},{"before":"ba958fb230d4add678913f18eb520d9d5935c968","after":"c79c3121427ca240f36e1838fba777b8e92ac81f","ref":"refs/heads/master","pushedAt":"2024-06-03T09:12:44.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: configuration: add an example for keywords from crt-store\n\nIn ticket #785, people are still confused about how to use the crt-store\nload parameters in a crt-list.\n\nThis patch adds an example.\n\nThis must be backported in 3.0","shortMessageHtmlLink":"DOC: configuration: add an example for keywords from crt-store"}},{"before":"f8418d3ade267e5ab28808c17af297fd1ea932a7","after":"ba958fb230d4add678913f18eb520d9d5935c968","ref":"refs/heads/master","pushedAt":"2024-05-31T16:57:33.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory\n\nIn GH issue #2586 @Bbulatov reported a theoretical null-deref in\nenv_expand() in case there's no memory anymore to expand an environment\nvariable. The function should return NULL in this case so that the only\ncaller (str2sa_range) sees it. In practice it may only happen during\nboot thus is harmless but better fix it since it's easy. This can be\nbackported to all versions where this applies.","shortMessageHtmlLink":"BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-m…"}},{"before":"f3e6dfdc9286f7fb86b6a54a6852cac9d1a61f0f","after":"f8418d3ade267e5ab28808c17af297fd1ea932a7","ref":"refs/heads/master","pushedAt":"2024-05-31T11:46:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"ADMIN: acme.sh: remove the old acme.sh code\n\nRemove the acme.sh script since it was merged in\nhttps://github.com/acmesh-official/acme.sh/pull/4581\n\nSo people don't try to download a script which is not up to date with\nthe current acme.sh master.","shortMessageHtmlLink":"ADMIN: acme.sh: remove the old acme.sh code"}},{"before":"485b206f61c3b03caa0d21f9e16465b1c298003b","after":"f3e6dfdc9286f7fb86b6a54a6852cac9d1a61f0f","ref":"refs/heads/master","pushedAt":"2024-05-30T15:04:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: VTest: accelerate package install a bit\n\nlet's check and install only package is required","shortMessageHtmlLink":"CI: VTest: accelerate package install a bit"}},{"before":"09db70d021d71992377c7f0c03974d65008d569e","after":"485b206f61c3b03caa0d21f9e16465b1c298003b","ref":"refs/heads/master","pushedAt":"2024-05-30T11:54:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: replace the README by a markdown version\n\nThis patch removes the old README file and replaces it with a more\nmodern markdown version which allows clickable links on the github page.\n\nIt also adds some of the Github Actions worfklow Status.\n\nThis patch includes the HAProxy png in the doc directory.","shortMessageHtmlLink":"DOC: replace the README by a markdown version"}},{"before":"1eb0f22ee1b64d75c8535b5a48f96b6ead91a341","after":"09db70d021d71992377c7f0c03974d65008d569e","ref":"refs/heads/master","pushedAt":"2024-05-29T20:37:45.000Z","pushType":"push","commitsCount":5,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: use USE_PCRE2 instead of USE_PCRE\n\nUSE_PCRE2 is recommended, I guess USE_PCRE is left unintentionally","shortMessageHtmlLink":"CI: use USE_PCRE2 instead of USE_PCRE"}},{"before":"5590ada4731a1f75004675680b4bdca61fa4c507","after":"1eb0f22ee1b64d75c8535b5a48f96b6ead91a341","ref":"refs/heads/master","pushedAt":"2024-05-29T13:02:58.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"[RELEASE] Released version 3.1-dev0\n\nReleased version 3.1-dev0 with the following main changes :\n    - MINOR: version: mention that it's development again","shortMessageHtmlLink":"[RELEASE] Released version 3.1-dev0"}},{"before":"8452a3f7c9e76a9648387882a83a13eee6e9b24f","after":"5590ada4731a1f75004675680b4bdca61fa4c507","ref":"refs/heads/master","pushedAt":"2024-05-29T12:45:48.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"[RELEASE] Released version 3.0.0\n\nReleased version 3.0.0 with the following main changes :\n    - MINOR: sample: implement the uptime sample fetch\n    - CI: scripts: fix build of vtest regarding option -C\n    - CI: scripts: build vtest using multiple CPUs\n    - MINOR: log: rename 'log-format tag' to 'log-format alias'\n    - DOC: config: document logformat item naming and typecasting features\n    - BUILD: makefile: yearly reordering of objects by build time\n    - BUILD: fd: errno is also needed without poll()\n    - DOC: config: fix two typos \"RST_STEAM\" vs \"RST_STREAM\"\n    - DOC: config: refer to the non-deprecated keywords in ocsp-update on/off\n    - DOC: streamline http-reuse and connection naming definition\n    - REGTESTS: complete http-reuse test with pool-conn-name\n    - DOC: config: add %ID logformat alias alternative\n    - CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp\n    - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL\n    - CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat\n    - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count\n    - CI: github: upgrade the WolfSSL job to 5.7.0\n    - DOC: install: update quick build reminders with some missing options\n    - DOC: install: update the range of tested openssl version to cover 3.3\n    - DEV: patchbot: prepare for new version 3.1-dev\n    - MINOR: version: mention that it's 3.0 LTS now.","shortMessageHtmlLink":"[RELEASE] Released version 3.0.0"}},{"before":"40cd5cc0e215ea5f649725385e052fab2ba38181","after":"8452a3f7c9e76a9648387882a83a13eee6e9b24f","ref":"refs/heads/master","pushedAt":"2024-05-29T08:26:12.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: install: update the range of tested openssl version to cover 3.3\n\nOpenSSL 3.3 is known to work since it's tested on the CI, to let's add\nit to the list of known good versions.","shortMessageHtmlLink":"DOC: install: update the range of tested openssl version to cover 3.3"}},{"before":"d5e43caaf541fa3d26f33fc399cf4d5b02e19282","after":"40cd5cc0e215ea5f649725385e052fab2ba38181","ref":"refs/heads/master","pushedAt":"2024-05-28T17:26:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: upgrade the WolfSSL job to 5.7.0\n\nWolfSSL 5.70 was released in March 2024,  let's upgrade our CI job to\nthis version.","shortMessageHtmlLink":"CI: github: upgrade the WolfSSL job to 5.7.0"}},{"before":"decb7c90dfbd90c53f6e098d783daa701699c64c","after":"d5e43caaf541fa3d26f33fc399cf4d5b02e19282","ref":"refs/heads/master","pushedAt":"2024-05-28T17:26:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: activity: fix Delta_calls and Delta_bytes count\n\nThanks to the commit 5714aff4a6bf\n\"DEBUG: pool: store the memprof bin on alloc() and update it on free()\", the\namount of memory allocations and memory \"frees\" is shown now on the same line,\ncorresponded to the caller name. This is very convenient to debug memory leaks\n(haproxy should run with -dMcaller option).\n\nThe implicit drawback of this solution is that we count twice same free_calls\nand same free_tot (bytes) values in cli_io_handler_show_profiling(), when\nwe've calculed tot_free_calls and tot_free_bytes, by adding them to the these\ntotalizators for p_alloc, malloc and calloc allocator types. See the details\nabout why this happens in a such way in __pool_free() implementation and\nalso in the commit message for 5714aff4a6bf.\n\nThis double addition of free counters falses 'Delta_calls' and 'Delta_bytes',\nsometimes we even noticed that they show negative values.\n\nSame problem was with the calculation of average allocated buffer size for\nlines, where we show simultaneously the number of allocated and freed bytes.","shortMessageHtmlLink":"BUG/MINOR: activity: fix Delta_calls and Delta_bytes count"}},{"before":"84380965a504a2a25450378de638df891c75d569","after":"decb7c90dfbd90c53f6e098d783daa701699c64c","ref":"refs/heads/master","pushedAt":"2024-05-28T17:25:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat\n\nValentine noticed this ugly SSL_CTX_get_tlsext_status_cb() macro\ndefinition inside ssl_sock.c that is dedicated to openssl-1.0.2 only.\nIt would be better placed in openssl-compat.h, which is what this\npatch does. It also addresses a missing pair of parenthesis and\nremoves an invalid extra semicolon.","shortMessageHtmlLink":"CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat"}},{"before":null,"after":"b1be86c89f61a2939585c750d5b07d3740d90a18","ref":"refs/heads/20240528-wolfssl","pushedAt":"2024-05-28T17:19:28.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: upgrade the WolfSSL job to 5.7.0\n\nWolfSSL 5.70 was released in March 2024,  let's upgrade our CI job to\nthis version.","shortMessageHtmlLink":"CI: github: upgrade the WolfSSL job to 5.7.0"}},{"before":"f9740230fcb1c41e67491c1e8de16e80cc66cc77","after":"84380965a504a2a25450378de638df891c75d569","ref":"refs/heads/master","pushedAt":"2024-05-28T16:15:01.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: ssl/ocsp: init callback func ptr as NULL\n\nIn ssl_sock_load_ocsp() it is better to initialize local scope variable\n'callback' function pointer as NULL, while we are declaring it. According to\nSSL_CTX_get_tlsext_status_cb() API, then we will provide a pointer to this\n'on stack' variable in order to check, if the callback was already set before:\n\nOpenSSL 1.x.x and 3.x.x:\n  long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));\n  long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));\n\nWolfSSL 5.7.0:\n  typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*);\n  WOLFSSL_API int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb);\n  WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb);\n\nWhen this func ptr variable stays uninitialized, haproxy comipled with ASAN\ncrushes in ssl_sock_load_ocsp():\n\n  ./haproxy -d -f haproxy.cfg\n  ...\n  AddressSanitizer:DEADLYSIGNAL\n  =================================================================\n  ==114919==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5eab8951bb32 bp 0x7ffcdd6d8410 sp 0x7ffcdd6d82e0 T0)\n  ==114919==The signal is caused by a READ memory access.\n  ==114919==Hint: address points to the zero page.\n    #0 0x5eab8951bb32 in ssl_sock_load_ocsp /home/vk/projects/haproxy/src/ssl_sock.c:1248:22\n    #1 0x5eab89510d65 in ssl_sock_put_ckch_into_ctx /home/vk/projects/haproxy/src/ssl_sock.c:3389:6\n  ...\n\nThis happens, because callback variable is allocated on the stack. As not\nbeing explicitly initialized, it may contain some garbage value at runtime,\ndue to the linked crypto library update or recompilation.\n\nSo, following ssl_sock_load_ocsp code, SSL_CTX_get_tlsext_status_cb() may\nfail, callback will still contain its initial garbage value,\n'if (!callback) {...' test will put us on the wrong path to access some\nocsp_cbk_arg properties via its pointer, which won't be set and like this\nwe will finish with segmentation fault.\n\nMust be backported in all stable versions. All versions does not have\nthe ifdef, the previous cleanup patch is useful starting from the 2.7\nversion.","shortMessageHtmlLink":"BUG/MINOR: ssl/ocsp: init callback func ptr as NULL"}},{"before":"cb64719f668f0a4f34dff344df04c3d5de426dd1","after":"6e5caf4c00df513945ecb232d19456b5462fba54","ref":"refs/heads/20240528-ocsp-cleanup","pushedAt":"2024-05-28T16:03:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: ssl/ocsp: init callback func ptr as NULL\n\nIn ssl_sock_load_ocsp() it is better to initialize local scope variable\n'callback' function pointer as NULL, while we are declaring it. According to\nSSL_CTX_get_tlsext_status_cb() API, then we will provide a pointer to this\n'on stack' variable in order to check, if the callback was already set before:\n\nOpenSSL 1.x.x and 3.x.x:\n  long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));\n  long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));\n\nWolfSSL 5.7.0:\n  typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*);\n  WOLFSSL_API int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb);\n  WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb);\n\nWhen this func ptr variable stays uninitialized, haproxy comipled with ASAN\ncrushes in ssl_sock_load_ocsp():\n\n  ./haproxy -d -f haproxy.cfg\n  ...\n  AddressSanitizer:DEADLYSIGNAL\n  =================================================================\n  ==114919==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5eab8951bb32 bp 0x7ffcdd6d8410 sp 0x7ffcdd6d82e0 T0)\n  ==114919==The signal is caused by a READ memory access.\n  ==114919==Hint: address points to the zero page.\n    #0 0x5eab8951bb32 in ssl_sock_load_ocsp /home/vk/projects/haproxy/src/ssl_sock.c:1248:22\n    #1 0x5eab89510d65 in ssl_sock_put_ckch_into_ctx /home/vk/projects/haproxy/src/ssl_sock.c:3389:6\n  ...\n\nThis happens, because callback variable is allocated on the stack. As not\nbeing explicitly initialized, it may contain some garbage value at runtime,\ndue to the linked crypto library update or recompilation.\n\nSo, following ssl_sock_load_ocsp code, SSL_CTX_get_tlsext_status_cb() may\nfail, callback will still contain its initial garbage value,\n'if (!callback) {...' test will put us on the wrong path to access some\nocsp_cbk_arg properties via its pointer, which won't be set and like this\nwe will finish with segmentation fault.\n\nMust be backported in every stable version.","shortMessageHtmlLink":"BUG/MINOR: ssl/ocsp: init callback func ptr as NULL"}},{"before":null,"after":"cb64719f668f0a4f34dff344df04c3d5de426dd1","ref":"refs/heads/20240528-ocsp-cleanup","pushedAt":"2024-05-28T15:53:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"MINOR: ssl/ocsp: init callback func ptr as NULL\n\nIn ssl_sock_load_ocsp() it is better to initialize local scope variable\n'callback' function pointer as NULL, while we are declaring it. According to\nSSL_CTX_get_tlsext_status_cb() API, then we will provide a pointer to this\n'on stack' variable in order to check, if the callback was already set before:\n\nOpenSSL 1.x.x and 3.x.x:\n  long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));\n  long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));\n\nWolfSSL 5.7.0:\n  typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*);\n  WOLFSSL_API int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb);\n  WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb);\n\nWhen this func ptr variable stays uninitialized, haproxy comipled with ASAN\ncrushes in ssl_sock_load_ocsp():\n\n  ./haproxy -d -f haproxy.cfg\n  ...\n  AddressSanitizer:DEADLYSIGNAL\n  =================================================================\n  ==114919==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5eab8951bb32 bp 0x7ffcdd6d8410 sp 0x7ffcdd6d82e0 T0)\n  ==114919==The signal is caused by a READ memory access.\n  ==114919==Hint: address points to the zero page.\n    #0 0x5eab8951bb32 in ssl_sock_load_ocsp /home/vk/projects/haproxy/src/ssl_sock.c:1248:22\n    #1 0x5eab89510d65 in ssl_sock_put_ckch_into_ctx /home/vk/projects/haproxy/src/ssl_sock.c:3389:6\n  ...\n\nThis happens, because callback variable is allocated on the stack. As not\nbeing explicitly initialized, it may contain some garbage value at runtime,\ndue to the linked crypto library update or recompilation.\n\nSo, following ssl_sock_load_ocsp code, SSL_CTX_get_tlsext_status_cb() may\nfail, callback will still contain its initial garbage value,\n'if (!callback) {...' test will put us on the wrong path to access some\nocsp_cbk_arg properties via its pointer, which won't be set and like this\nwe will finish with segmentation fault.","shortMessageHtmlLink":"MINOR: ssl/ocsp: init callback func ptr as NULL"}},{"before":"b0e1f77fead8d925d036e92561bea0d6937b9adf","after":"f9740230fcb1c41e67491c1e8de16e80cc66cc77","ref":"refs/heads/master","pushedAt":"2024-05-28T13:45:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: config: add %ID logformat alias alternative\n\nunique-id sample fetch may be used instead of %ID alias but it wasn't\nmentioned explicitly in the doc.","shortMessageHtmlLink":"DOC: config: add %ID logformat alias alternative"}},{"before":"8c09c7f39f2c49b2cfa6218051d1cf3356a16dd1","after":"b0e1f77fead8d925d036e92561bea0d6937b9adf","ref":"refs/heads/master","pushedAt":"2024-05-28T13:03:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: complete http-reuse test with pool-conn-name\n\nAdd new test cases in http_reuse_conn_hash vtest. Ensure new server\nparameter \"pool-conn-name\" is used as expected for idle connection name,\nboth alone and mixed with a SNI.","shortMessageHtmlLink":"REGTESTS: complete http-reuse test with pool-conn-name"}},{"before":"652a6f18b217a8cca906448e57e84403a3a0a3cb","after":"8c09c7f39f2c49b2cfa6218051d1cf3356a16dd1","ref":"refs/heads/master","pushedAt":"2024-05-28T11:58:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: streamline http-reuse and connection naming definition\n\nWith the introduction of \"pool-conn-name\", documentation related to\nhttp-reuse was rendered more complex than already, notably with multiple\ncross-references between \"pool-conn-name\" and \"sni\" server keywords.\n\nTook the opportunity to improve all http-reuse related documentation.\nFirst, \"http-reuse\" keyword general purpose has been greatly expanded\nand reordered.\n\nThen, \"pool-conn-name\" and \"sni\" have been clarified, in particular the\nrelation between them, with the foremost being an advanced usage to the\ndefault SSL SNI case in the context of http-reuse. Also update\nattach-srv rule documentation as its name parameter is directly linked\nto both \"pool-conn-name\" and \"sni\".","shortMessageHtmlLink":"DOC: streamline http-reuse and connection naming definition"}},{"before":"2ed3531619f545af13ea987aff3af9101e350b9a","after":"652a6f18b217a8cca906448e57e84403a3a0a3cb","ref":"refs/heads/master","pushedAt":"2024-05-27T18:15:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: config: refer to the non-deprecated keywords in ocsp-update on/off\n\nThe doc for \"ocsp-update [ off | on ]\" was still referring to\n\"tune.ssl.ocsp-update.*\" instead of \"ocsp-update.*\". No backport\nneeded.","shortMessageHtmlLink":"DOC: config: refer to the non-deprecated keywords in ocsp-update on/off"}},{"before":"725fa0ecd255160090681788be34024925e7815d","after":"2ed3531619f545af13ea987aff3af9101e350b9a","ref":"refs/heads/master","pushedAt":"2024-05-27T17:52:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: config: fix two typos \"RST_STEAM\" vs \"RST_STREAM\"\n\nThese were added in 3.0-dev11 by commit 068ce2d5d2 (\"MINOR: stconn:\nAdd samples to retrieve about stream aborts\"), no backport needed.","shortMessageHtmlLink":"DOC: config: fix two typos \"RST_STEAM\" vs \"RST_STREAM\""}},{"before":"141bc5ba0dd03749b04184ce41477f63ee533926","after":"725fa0ecd255160090681788be34024925e7815d","ref":"refs/heads/master","pushedAt":"2024-05-27T17:16:05.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUILD: fd: errno is also needed without poll()\n\nWhen building without USE_POLL, fd.c fails on errno because that one is\nonly included when USE_POLL is set. Let's move it outside of the ifdef.","shortMessageHtmlLink":"BUILD: fd: errno is also needed without poll()"}},{"before":"7e943cdf2733387b408d489e0d31542dfd362ff6","after":"141bc5ba0dd03749b04184ce41477f63ee533926","ref":"refs/heads/master","pushedAt":"2024-05-27T15:04:40.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: config: document logformat item naming and typecasting features\n\nThe ability to give a name to a logformat_node (known as logformat item in\nthe documentation) implemented in 2ed6068f2a (\"MINOR: log: custom name for\nlogformat node\") wasn't documented.\n\nThe same goes for the ability to force the logformat_node's output type to\na specific type implemented in 1448478d62 (\"MINOR: log: explicit\ntypecasting for logformat nodes\")\n\nLet's quickly describe such new usages at the start of the custom log\nformat section.","shortMessageHtmlLink":"DOC: config: document logformat item naming and typecasting features"}},{"before":"7743debda6e7fff21abfa5b3a928487d47ec61af","after":null,"ref":"refs/heads/fix-vtest","pushedAt":"2024-05-27T10:17:18.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEWxYEMAA","startCursor":null,"endCursor":null}},"title":"Activity · haproxy/haproxy"}