Christopher Faulet

Strange. In SSL, it fails but not in clear HTTP (H1 and H2). It fails in SSL only when the `txn.alg` variable is set and when there is a first...

I reduced the reproducer to this: ``` global log stdout len 2048 format raw local0 debug stats socket /tmp/haproxy level admin defaults timeout connect 10s timeout client 240s timeout server...

@rlebreton an idea ?

I checked with @wlallemand, and the SSL error queue is not cleared at the end of `jwt_jwsverify_rsa_ecdsa()`. So the error at this stage may be retrieve by the SSL stack...

I will push a fix. For the record, 2 errors are stacked: `wrong signature length` and `RSA lib`.

@ronyrv13, I've pushed a patch. It should be ok. But, if possible, you may apply it on top of the 3.0.3 to check if it really fixes your issue. Thanks...

Thanks for the report ! I suspect the analyze expiration date of the response channel is set in the past. I'm unable to reproduce the issue but reading the code,...

Damned, it is the wrong patch ... Sorry. Here the good one: [0001-WIP-BUG-MEDIUM-bwlim-Be-sure-to-never-set-the-analyz.patch.txt](https://github.com/user-attachments/files/16147056/0001-WIP-BUG-MEDIUM-bwlim-Be-sure-to-never-set-the-analyz.patch.txt)

Many thanks ! I merged the fix. At least, it does not introduced any obvious regression. So it seems safe. And with a bit of luck it is the right...

I checked and the protocol is always set when the listener is created or cloned. So it is indeed a false positive and any check on `rx.proto` in `listener_accept()` can...