On 2024-01-30 20:45, Lukas Tribus wrote:
Suggest enabling getrandom() syscall in wolfssl to avoid chroot
problems when using wolfssl.
---
Also see:
https://discourse.haproxy.org/t/haproxy-no-responses-when-built-with-wolfssl-while-working-with-openssl/9320/15
---
INSTALL | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/INSTALL b/INSTALL
index 18eb67f311..284b9825ba 100644
--- a/INSTALL
+++ b/INSTALL
@@ -285,7 +285,8 @@ least WolfSSL 5.6.6 is needed, but a development version
might be needed for
some of the features:
$ cd ~/build/wolfssl
- $ ./configure --enable-haproxy --enable-quic --prefix=/opt/wolfssl-5.6.6/
+ $ ./configure --enable-haproxy --enable-quic \
+ --prefix=/opt/wolfssl-5.6.6/ EXTRA_CFLAGS=-DWOLFSSL_GETRANDOM=1
$ make -j $(nproc)
$ make install
That's interesting, however I'm surprised the init does not work before the
chroot, we are doing a RAND_bytes() with OpenSSL before the chroot to achieve
this.
I'll check if we can do something like this instead of needing a explicit
option, but if that's not possible we will require GETRANDOM in the
--enable-haproxy build option.
--
William Lallemand
