Project

General

Profile

Actions
Copy link

Bug #16348

open

HAProxy adds wrong SSL filename prefix in the configuration file for ssl crt-list ca-file (SSL Offloading)

Added by Daniel van der Wal 12 days ago. Updated 10 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.8.x
Affected Plus Version:
Affected Architecture:
amd64

Description

After the Update to the Netgate Releases BETA of pfSense Plus Software Version 25.03 HAProxy DEV and stable generated config files link to a SSL file that does not exist.
I'm running 25.07-RC, the file that does exist is: shared-frontend.pem (Without the prefix clientca_) Reverting to 24.11 resolves the issue!

On save this wrong path in the config is generated:

[ALERT] (45623) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_shared-frontend.pem' (No such file or directory).
[ALERT] (45623) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'bind 0.0.0.0:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_shared-frontend.pem

The relevant part of /var/etc/haproxy_test/haproxy.cfg

frontend shared-frontend
bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy_test/shared-frontend.crt_list ca-file /var/etc/haproxy_test/clientca_hared-frontend.pem verify required crl-file /var/etc/haproxy_test/clientcrl_hared-frontend.pem

Actions
Copy link
 #1

Updated by Jim Pingle 10 days ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from Certificates to haproxy
  • Release Notes deleted (Default)
Actions
Copy link

Also available in: Atom PDF