Project

General

Profile

Actions

Bug #14934

closed

haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to

Added by Thomas Ward about 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
23.05.1
Affected Architecture:
All

Description

haproxy-devel version: 2.8-dev6-4c7588d
pfSense+ Version: 23.05.1

With the update to pfSense 23.05.1, HAProxy now returns the following warnings when started:

[WARNING] (37290) : dlopen(): shared library '/lib/libcrypto.so.111' brings a different and inconsistent definition of symbol 'OPENSSL_init_ssl'. The process cannot be trusted anymore!
[WARNING] (37290) : dlopen(): shared library '/lib/libcrypto.so.111' brings a different and inconsistent definition of symbol 'SSL_CTX_get0_security_ex_data'. The process cannot be trusted anymore!

This suggests that there's changes to the libcrypto libraries that are incompatible. This is NOT a good thing, and while haproxy runs it might have problems with SSL as a result of untrusted library changes.

This could be a breaker on systems utilizing haproxy or haproxy-devel if the libcrypto libraries are inconsistent.

Actions

Also available in: Atom PDF