On Wed, Oct 29, 2014 at 4:16 AM, Yann Ylavic ylavic@gmail.com wrote:
Actually I tested the above with my earlier patch (slightly modified
to initialize ANY with SSL_PROTOCOL_ALL|SSL_PROTOCOL_ANY instead of
SSL_PROTOCOL_ANY alone) and it seems to work.
With OpenSSL 0.9.8o (debian squeeze)
Hi,
while working on PR44736, I needed an unique identifier for a vhost
(and/or the main server), given the server_rec.
I chose to use (MD5 digest) all the IP:port from the s-addrs list
(ie. VitualHost IP|*|_default_:port ...), plus s-server_hostname
and s-port (ie. ServerName, be it configured
Hi,
I was trying to fix PR41867 using attached patch. While the patch seems
to work, I'm thinking if the behaviour change introduced by the patch
can bring some problems.
Currently, DirectoryMatch ^/var/www/html/private matches also
/var/www/html/private.txt even it is a regular file and
Hi Jan,
IMHO the patch is valid, even for backports.
Directory and DirectoryMatch are documented to enclose a group of
directives that will apply only to the named *directory*,
sub-directories of that *directory*, and the files within the
respective *directories*.
While Directory does the
On Tue, Oct 28, 2014 at 9:30 PM, Eric Covener cove...@gmail.com wrote:
Is 300 good for anyone? The hard-coded default is 60 which seems awfully
high to me already.
I'm probably way off-base here, but since mod_reqtimeout is enabled by
default now, is this 300 used mostly as a fallback for
On Tue, Oct 28, 2014 at 9:24 PM, Eric Covener cove...@gmail.com wrote:
On Tue, Oct 28, 2014 at 9:15 PM, Eric Covener cove...@gmail.com wrote:
There is an older/pre-poodle PR out there somewhere where the symptom
seems to be the v2hello/v2open disappearing with -SSLv3.
I can't find it
On 29.10.2014 04:37, Yann Ylavic wrote:
Forgot to mention the OP reproducer, that is with SSLProtocol ALL
-SSLv3 (with or without the patch), both SSLv2Hello and SSLv3Hello
(version SSLv3) are refused by httpd.
But if ALL is replaced with ANY, then the (patched) server will be
willing to advise
Hi all,
The attached patch makes the variable SSL_CLIENT_CERT_SUBJECTS available, which
contains a list of subject DNs in each certificate in the chain. It is designed
to be able to match against a full certificate chain where the subject and
issuer of the certificate alone is not good enough
On Wed, Oct 29, 2014 at 2:52 PM, Mikhail T. mi+t...@aldan.algebra.com wrote:
On 29.10.2014 04:37, Yann Ylavic wrote:
Forgot to mention the OP reproducer, that is with SSLProtocol ALL
-SSLv3 (with or without the patch), both SSLv2Hello and SSLv3Hello
(version SSLv3) are refused by httpd.
But
If we agree that whitelisting is the preferred practice over blacklisting,
and that the whitelist as-is was inaccurate, I believe we can accept
the behavior change to trunk as well as 2.4 and 2.2 that blacklists
may be loosened with the application of this patch while any
sensible whitelists will
Hi All,
I just want to check if there is any feedback/comments on this?
For details, please refer to Yann Ylavic's notes and my responses below.
Thanks,
Yingqi
-Original Message-
From: Lu, Yingqi [mailto:yingqi...@intel.com]
Sent: Friday, October 10, 2014 4:56 PM
To:
Hi Yingqi,
I'm working on it currently, will commit soon.
Regards,
Yann.
On Wed, Oct 29, 2014 at 6:20 PM, Lu, Yingqi yingqi...@intel.com wrote:
Hi All,
I just want to check if there is any feedback/comments on this?
For details, please refer to Yann Ylavic's notes and my responses below.
Thank you very much for your help!
Thanks,
Yingqi
-Original Message-
From: Yann Ylavic [mailto:ylavic@gmail.com]
Sent: Wednesday, October 29, 2014 10:34 AM
To: httpd
Subject: Re: Listeners buckets and duplication w/ and w/o SO_REUSEPORT on trunk
Hi Yingqi,
I'm working on it
13 matches
Mail list logo