Re: connection reuse and ssl renegotiation

2015-09-23 Thread Stefan Eissing
> Am 23.09.2015 um 14:09 schrieb Eric Covener : > > On Wed, Sep 23, 2015 at 7:40 AM, Stefan Eissing > wrote: >> The question then is how we best let other modules stop ssl_hook_Access() >> from performing >> the renegotiation. It may then return

Re: mod_h2 crash

2015-09-23 Thread Stefan Eissing
I think I found a possible race that could cause this. Please install the latest version in 2.4.17-protocols-http2, when you find the time, and let me know if you see any change. //Stefan > Am 23.09.2015 um 11:02 schrieb Steffen : > > In the other thread I wrote: > >

RE: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Plüm , Rüdiger , Vodafone Group
> -Original Message- > From: Steffen [mailto:i...@apachelounge.com] > Sent: Mittwoch, 23. September 2015 14:28 > To: dev@httpd.apache.org > Subject: Re: 2.4.17-dev crash libapr-1.dll > > >mod_security2.so!7ff9e6bb1d07()Unknown We could now easily blame mod_security2 on this

Re: svn move modules/http2 modules/h2 ?

2015-09-23 Thread Yann Ylavic
Thanks Stefan. The "issue" now is that we still have mod_h2.so only (and h2_module as identifier, based on the module being declared in file mod_h2.c), I'm not sure having both names helps finally... Maybe one would expect using "LoadModule http2_module modules/mod_http2.so" when using

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Yann Ylavic
On Wed, Sep 23, 2015 at 2:43 PM, Steffen wrote: > > I blame 2.4.17, breaks modules. > > So advise first look in the httpd changes, what can cause this, and then > contact mod_security. Well, having the "Call Stack Frame" of mod_security could help here...

Re: connection reuse and ssl renegotiation

2015-09-23 Thread Eric Covener
On Wed, Sep 23, 2015 at 7:40 AM, Stefan Eissing wrote: > The question then is how we best let other modules stop ssl_hook_Access() > from performing > the renegotiation. It may then return HTTP_FORBIDDEN. Then denying hook could > store context > information in

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Steffen
mod_security2.so!7ff9e6bb1d07()Unknown -Original Message- From: Yann Ylavic Sent: Wednesday, September 23, 2015 1:37 PM To: dev@httpd.apache.org Subject: ** Re: 2.4.17-dev crash libapr-1.dll Can you determine where this apr_pstrdup() calls come from in httpd? On

2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Steffen
In an other thread I wrote: Once in a few hours I see crashes. With no-ssl and no_mod_h2 crash in libapr-1.dll Once in a few hours I see crashes. To restate Apache 2.4.16 is not crashing here. With 2.4.17-dev it is crashing (no-ssl, no mod_h2 , exact same config as 2.4.16) once in a few

Re: connection reuse and ssl renegotiation

2015-09-23 Thread Stefan Eissing
Discussion started here: http://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/0345.html The whole thread is here: http://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/thread.html What it currently drifts to is that clients that trigger renegotiation on a h2 connection should be

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Steffen
2.4.17 is a Degradation Who knows what other third party modules given troubles, or even ASF modules. I blame 2.4.17, breaks modules. So advise first look in the httpd changes, what can cause this, and then contact mod_security. Steffen -Original Message- From: Plüm, Rüdiger,

Re: mod_h2 crash

2015-09-23 Thread Steffen
Running for two hours, looks promising. Only see a few, (what is normal ?): [h2:warn] [pid 1652:tid 2852] (70015)Could not find specified socket in poll list.: [client 80.135.160.180:3313] AH02953: h2_mplx(108): stream for response 47 [h2:error] [pid 7300:tid 3160] (OS 10054)An existing

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Yann Ylavic
Can you determine where this apr_pstrdup() calls come from in httpd? On Wed, Sep 23, 2015 at 1:09 PM, Steffen wrote: > > In an other thread I wrote: > > > Once in a few hours I see crashes. > With no-ssl and no_mod_h2 crash in libapr-1.dll > > Once in a few hours I see

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Yann Ylavic
On Wed, Sep 23, 2015 at 2:33 PM, Plüm, Rüdiger, Vodafone Group wrote: > >> -Original Message- >> From: Steffen [mailto:i...@apachelounge.com] >> Sent: Mittwoch, 23. September 2015 14:28 >> To: dev@httpd.apache.org >> Subject: Re: 2.4.17-dev crash libapr-1.dll

Re: svn move modules/http2 modules/h2 ?

2015-09-23 Thread Stefan Eissing
Done in r1704826, merged into branches/2.4.17-protocols-http2. > Am 23.09.2015 um 02:02 schrieb William A Rowe Jr : > > +1 - mostly because --enable-http2 is easier to grok than --enable-h2, not > because I object to the old name :) > > On Sep 22, 2015 12:39, "Greg Stein"

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Steffen
Mod_security is not build with debug. Have to build with it, and then wait for the crash. On Wednesday 23/09/2015 at 14:47, Yann Ylavic wrote: On Wed, Sep 23, 2015 at 2:43 PM, Steffen wrote: I blame 2.4.17, breaks modules. So advise first look in the httpd

Re: 2.4.17-dev crash libapr-1.dll

2015-09-23 Thread Steffen
mod_security Call Stack Frame hook_error_log: libapr-1.dll!apr_palloc(apr_pool_t * pool, unsigned __int64 in_size) Line 693 libapr-1.dll!apr_pstrdup(apr_pool_t * a, const char * s) Line 78 mod_security2.so!hook_error_log(const ap_errorlog_info * info, const char * errstr) Line 1135

mod_h2 crash

2015-09-23 Thread Steffen
In the other thread I wrote: Once in a few hours I see crashes. With no-ssl and no_mod_h2 crash in libapr-1.dll With ssl and mod_h2 crash in mod_h2.so I have some more info now: Unhandled exception at 0x6DB8571F (mod_h2.so) in memory.hdmp: 0xC005: Access violation reading