Bug 198315 - net/relayd does not work with ssl services
Summary: net/relayd does not work with ssl services
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-05 14:45 UTC by jjasen
Modified: 2019-03-18 22:48 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mm)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jjasen 2015-03-05 14:45:30 UTC
in FreeBSD 10,0, relayd-5.5.20140810_1 does not work, when configured to check ssl or for https.

Here's a basic configuration to demonstrate the issue:

table <relay-www> {    \
  172.16.4.1
}

redirect http {
        listen on 10.0.0.244 tcp port 80 
        forward to <relay-www> port 80  \
         check http "/index.html" host www.FOO.org code 200 \
          mode roundrobin 
}

redirect https {
        listen on 10.0.0.244 tcp port 443 
        forward to <relay-www> port 443  \
         check https "/index.html" host www.FOO.org code 200 \
          mode roundrobin
}

relayctl show hosts will show the following:

2       table           relay-www:80                            active (2 hosts)
2       host            172.16.4.1                      98.56%  up
                        total: 137/139 checks

3       table           relay-www:443                           empty
4       host            172.16.4.1                      0.00%   down
                        total: 0/139 checks, error: ssl connect failed
Comment 1 jjasen 2015-03-06 13:41:00 UTC
This appears to be related to using the OPENSSL libraries in the FreeBSD OS installation, versus in ports/packages.

Specifically, I installed ports, put the following in /etc/make.conf:

WITH_OPENSSL_PORT=yes
security_openssl_UNSET=SSL2

and ensured that WITH_OPENSSL=yes was in /usr/ports/net/relayd/Makefile

The results are now as expected:

2       table           relay-www:80                            active (2 hosts)
2       host            172.16.4.1                      100.00% up
                        total: 41/41 checks

3       table           relay-www:443                           active (2 hosts)
4       host            172.16.4.1                      100.00% up
                        total: 41/41 checks
Comment 2 Walter Schwarzenfeld freebsd_triage 2018-01-11 19:22:19 UTC
10.0 is gone. Are there same problems on  later FreeBSD-versions?

No maintainer feedback till now!
Comment 3 Martin Matuska freebsd_committer 2019-03-18 22:48:59 UTC
I give up maintaining this port.