On Thu, May 28, 2020 at 03:39:50PM +0500, Илья Шипицин wrote: > anyway, I can install for example openssl-1.1.0 without APLN support. > version is not very good indicator (and we try to > use features in ifdef wherever possible)
Also, some features in SSL could be enabled only by rebuilding HAProxy, so it can be kind of confusing if you have the right openssl lib with this feature, but without the feature activated in haproxy. It's 3not a common case but it could happen. For example few days ago we rebuilt an OpenSSL version with SSLv3 support, but without rebuilding haproxy. So haproxy -vv wasn't showing the SSLv3 feature. But if you disable something else, let's say OCSP for example, you won't be able to see it in haproxy -vv. > > as for current failures, as a short term solution, I think we can merge > patch and figure out "feature" approach later. > I agree for now, but once we have something we should remove all these "rm vtc" in the CI. -- William Lallemand
