It seems to only be some versions of OpenSSL. I’ll go over this again more carefully and keep notes. I was trying out tls 1.3 support as well, so it might be specific to OpenSSL 1.1.1-dev.
Sent from my iPhone > On 3 Nov 2017, at 22:33, Willy Tarreau <[email protected]> wrote: > > Hi Robert, > >> On Thu, Nov 02, 2017 at 03:58:47PM +0000, Robert Samuel Newson wrote: >> Hi, >> >> I think the "cert bundle" feature from 1.7 is broken in 1.8-rc1. My exact >> config works with 1.7 but says this for 1.8-rc1; >> >> unable to stat SSL certificate from file '/path/to/foo.pem': No such file or >> directory. >> >> That is, it's attempting to load foo.pem, not foo.pem.rsa or foo.pem.ecdsa >> like 1.7 does. > > Oh bad, that's totally unexpected. I'm CCing Emeric and Manu, the former > being the SSL maintainer (in case he has a quick idea about it) and the > latter having upgraded a large part of the cert management code, possibly > having an idea about anything that could have gone wrong. > >> I also tried asking the mailing list daemon for help by emailing >> [email protected] as the signup confirmation specifies, the full body >> of that help is just "Hello,". I was hoping to ask the daemon to send me the >> initial message in this thread so I could reply into the thread properly. >> Sadly the mailing list archive doesn't show any of the headers I might have >> injected to get threading working that way, so sorry for breaking the thread >> but I really tried not to. > > I was not even aware of the feature :-) > >> I am very excited about many of the new features in 1.8 and am itching to try >> them. > > As long as you're very careful that's useful. I'm going to issue an rc2 with > the most painful bugs fixed. > > Thanks for the report, > Willy
