Skip to content

Fail to perform http check on latest development branch #3324

@zhanhb

Description

@zhanhb

Detailed Description of the Problem

Fail to perform http check on master branch.

Expected Behavior

<134>Apr  5 06:56:02 haproxy[161883]: ::1:34478 [05/Apr/2026:06:56:02.531] fe1~ fe1/<NOSRV> 0/-1/-1/-1/0 200 49 - - LR-- 1/1/0/0/0 0/0 "GET /api/healthz HTTP/2.0" 0/0000000000000000/0/0/0 repo.example.com/TLSv1.3/TLS_AES_256_GCM_SHA384
<134>Apr  5 06:56:04 haproxy[161883]: ::1:35336 [05/Apr/2026:06:56:04.537] fe1~ fe1/<NOSRV> 0/-1/-1/-1/0 200 49 - - LR-- 1/1/0/0/0 0/0 "GET /api/healthz HTTP/2.0" 0/0000000000000000/0/0/1 repo.example.com/TLSv1.3/TLS_AES_256_GCM_SHA384

Steps to Reproduce the Behavior

  1. haproxy -f main.cfg

Do you have any idea what may have caused this?

No response

Do you have an idea how to solve the issue?

No response

What is your configuration?

# main.cfg
defaults
    mode http
    option httpslog
    log stderr local0
    timeout client 5s
    timeout server 5s
    timeout connect 5s

backend be1
    server srv1 localhost:8443 check ssl check-alpn h2,http/1.1 check-sni repo.example.com sni str(repo.example.com) verify none

    option httpchk
    http-check connect default
    http-check send meth GET uri /api/healthz ver HTTP/1.1 hdr host repo.example.com
    http-check send-state
    http-check expect status 200

frontend fe1
    bind localhost:8443 ssl crt reg-tests/ssl/certs/common.pem
    
    http-request return if { path /api/healthz }

Output of haproxy -vv

HAProxy version 3.4-dev8-ca53ee-14 2026/04/04 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Linux 6.19.10-300.fc44.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 18:23:49 UTC 2026 x86_64
Build options : 
  TARGET  = linux-glibc
  CC      = clang
  CFLAGS  = -O2 -g -fwrapv -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security
  OPTIONS = USE_OPENSSL_AWSLC=1 USE_LUA=1 USE_QUIC=1 USE_PROMEX=1 USE_PCRE2=1 USE_PCRE2_JIT=1
  DEBUG   = 

Feature list : -51DEGREES +ACCEPT4 +ACME +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ECH -ENGINE +EPOLL -EVPORTS +GETADDRINFO +HAVE_TCP_MD5SIG -KQUEUE +KTLS -LIBATOMIC +LIBCRYPT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL +OPENSSL_AWSLC -OPENSSL_WOLFSSL -OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC -QUIC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB
Detected feature list : +HAVE_WORKING_TCP_MD5SIG

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_TGROUPS=32, MAX_THREADS=1024, default=2).
Built with SSL library version : OpenSSL 1.1.1 (compatible; AWS-LC 1.71.0)
Running on SSL library version : AWS-LC 1.71.0
SSL library supports TLS extensions : yes
SSL library supports SNI : yes
SSL library FIPS mode : no
SSL library default verify directory : /etc/ssl/certs
SSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
QUIC: connection sock-per-conn mode support : yes
QUIC: GSO emission support : yes
Built with Lua version : Lua 5.4.8
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE2 version : 10.47 2025-10-21
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with clang compiler version 22.1.1 (Fedora 22.1.1-2.fc44)

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
       quic : mode=HTTP  side=FE|BE  mux=QUIC  flags=HTX|NO_UPG|FRAMED
       qmux : mode=HTTP  side=FE|BE  mux=QMUX  flags=HTX|NO_UPG
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
       spop : mode=SPOP  side=BE     mux=SPOP  flags=HOL_RISK|NO_UPG
  <default> : mode=SPOP  side=BE     mux=SPOP  flags=HOL_RISK|NO_UPG
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=

Available services : prometheus-exporter
Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] comp-req
        [COMP] comp-res
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace

Last Outputs and Backtraces

[NOTICE]   (161871) : Automatically setting global.maxconn to 262128.
<134>Apr  5 06:52:55 haproxy[161871]: ::1:48654 [05/Apr/2026:06:52:55.818] fe1/2: SSL handshake failure (error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST)
[WARNING]  (161871) : Server be1/srv1 is DOWN, reason: Socket error, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
<129>Apr  5 06:52:55 haproxy[161871]: Server be1/srv1 is DOWN, reason: Socket error, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT]    (161871) : backend 'be1' has no server available!
<128>Apr  5 06:52:55 haproxy[161871]: backend be1 has no server available!
<134>Apr  5 06:52:57 haproxy[161871]: ::1:48658 [05/Apr/2026:06:52:57.822] fe1/1: SSL handshake failure (error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST)

Additional Information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: fixedThis issue is a now-fixed bug.type: bugThis issue describes a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions