HAProxy no responses when built with wolfssl, while working with openssl

During wolfssl compilation on a fresh Ubuntu 22.04 we can see:

Libraries have been installed in:
   /opt/wolfssl-5.6.4/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the 'LD_RUN_PATH' environment variable
     during linking
   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.

As such, we need to add LD_LIBRARY_PATH:

root@ubuntu-2gb-hel1-1:~/haproxy-2.8# ./haproxy -vv
./haproxy: error while loading shared libraries: libwolfssl.so.41: cannot open shared object file: No such file or directory
root@ubuntu-2gb-hel1-1:~/haproxy-2.8# ldd ./haproxy
        linux-vdso.so.1 (0x00007ffff8749000)
        libwolfssl.so.41 => not found
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f080aaad000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f080b02e000)
root@ubuntu-2gb-hel1-1:~/haproxy-2.8#
root@ubuntu-2gb-hel1-1:~/haproxy-2.8# LD_LIBRARY_PATH=/opt/wolfssl-5.6.4/lib ldd haproxy
        linux-vdso.so.1 (0x00007ffd621ed000)
        libwolfssl.so.41 => /opt/wolfssl-5.6.4/lib/libwolfssl.so.41 (0x00007fcad83e6000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcad81b8000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fcad80d1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fcad8a53000)
root@ubuntu-2gb-hel1-1:~/haproxy-2.8# LD_LIBRARY_PATH=/opt/wolfssl-5.6.4/lib ./haproxy -vv
HAProxy version 2.8.5 2023/12/07 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.5.html
Running on: Linux 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64
Build options :
  TARGET  = generic
  CPU     = generic
  CC      = cc
  CFLAGS  = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_OPENSSL_WOLFSSL=1 USE_QUIC=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : -51DEGREES -ACCEPT4 -BACKTRACE -CLOSEFROM -CPU_AFFINITY -CRYPT_H -DEVICEATLAS -DL -ENGINE -EPOLL -EVPORTS -GETADDRINFO -KQUEUE -LIBATOMIC -LIBCRYPT -LINUX_CAP -LINUX_SPLICE -LINUX_TPROXY -LUA -MATH -MEMORY_PROFILING -NETFILTER -NS -OBSOLETE_LINKER +OPENSSL +OPENSSL_WOLFSSL -OT -PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL -PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION +QUIC -QUIC_OPENSSL_COMPAT -RT -SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 -SYSTEMD -TFO -THREAD -THREAD_DUMP +TPROXY -WURFL -ZLIB

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : wolfSSL 5.6.4
Running on OpenSSL version : wolfSSL 5.6.4
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built without multi-threading support (USE_THREAD not set).
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built without PCRE or PCRE2 support (using libc's regex instead)
Encrypted password support via crypt(3): no
Built with gcc compiler version 11.4.0

Available polling systems :
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 2 (2 usable), will use poll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
       quic : mode=HTTP  side=FE     mux=QUIC  flags=HTX|NO_UPG|FRAMED
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG

Available services : none

Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace

root@ubuntu-2gb-hel1-1:~/haproxy-2.8#

A quick test with SSL configuration in the frontend (classic SSL termination example) on the haproxy server reveals that everything works just fine.

defaults
 mode http
 timeout client 10s
 timeout server 10s
 timeout connect 10s

global
 maxconn 10

frontend a
bind :443 ssl crt /root/openssl-cert/combined.pem
default_backend b

backend b
 http-request return status 200 content-type "text/plain" string "ok"

Running haproxy:

root@ubuntu-2gb-hel1-1:~/haproxy-2.8# LD_LIBRARY_PATH=/opt/wolfssl-5.6.4/lib ./haproxy -f /root/openssl-cert/haproxy.cfg -d
Available polling systems :
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 2 (2 usable), will use poll.

Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace
Using poll() as the polling mechanism.
00000000:a.accept(0003)=0006 from [127.0.0.1:54620] ALPN=h2
00000000:a.clireq[0006:ffffffff]: GET https://localhost/ HTTP/2.0
00000000:a.clihdr[0006:ffffffff]: host: localhost
00000000:a.clihdr[0006:ffffffff]: user-agent: curl/7.81.0
00000000:a.clihdr[0006:ffffffff]: accept: */*
00000000:b.clicls[0006:ffff]
00000000:b.closed[0006:ffff]
00000001:a.accept(0003)=0006 from [127.0.0.1:59182] ALPN=h2
00000001:a.clireq[0006:ffffffff]: GET https://localhost/ HTTP/2.0
00000001:a.clihdr[0006:ffffffff]: host: localhost
00000001:a.clihdr[0006:ffffffff]: user-agent: curl/7.81.0
00000001:a.clihdr[0006:ffffffff]: accept: */*
00000001:b.clicls[0006:ffff]
00000001:b.closed[0006:ffff]
^C

Running a client against it:

root@ubuntu-2gb-hel1-1:~# curl -vvvk https://localhost
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=NG; ST=Rivers; L=PHC; O=Mono Finance; OU=Finance; CN=*.monofinance.net; emailAddress=mrikehchukwuka@gmail.com
*  start date: Dec 18 16:05:24 2023 GMT
*  expire date: Feb 16 16:05:24 2024 GMT
*  issuer: C=NG; ST=Rivers; L=Choba; O=Mono Institution; OU=Finance; CN=*.monoinstitute.net; emailAddress=monoinstitute@gmail.com
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55ca66d12e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: localhost
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< content-length: 2
< content-type: text/plain
<
* Connection #0 to host localhost left intact
okroot@ubuntu-2gb-hel1-1:~#
root@ubuntu-2gb-hel1-1:~#
root@ubuntu-2gb-hel1-1:~# curl -k https://localhost
okroot@ubuntu-2gb-hel1-1:~#