Am 19.04.2018 um 17:55 schrieb David Zuelke:
> I hate to break this to you, and I do not want to discredit the
> amazing work all the contributors here are doing, but httpd 2.4 is of
> miserable, miserable quality when it comes to breaks and regressions.
>
> I maintain the PHP/Apache/Nginx
Thanks to everyone who followed through :)
For completion, I pushed this to trunk in r1829513 though arguably we
could/should accept some behavioural change here in 2.5. No strong
opinion on this really. 2.4 backport also proposed.
It bugs me to be left with the "surprising" behaviour of
On 04/13/2018 01:11 PM, Joe Orton wrote:
> On Thu, Apr 12, 2018 at 09:38:46PM +0200, Ruediger Pluem wrote:
>> On 04/12/2018 09:28 AM, Joe Orton wrote:
> I was trying to convince myself whether mySrvConfig(r->server) is going
> to change between 2.4.29 and .33+patch in this case, and I think it
> Am 14.04.2018 um 16:51 schrieb Daniel Ruggeri :
>
> This is a pretty valid reason to consider 2.5. However, I'm not convinced
> trunk has fixed the funky things referred to in this thread either.
Chicken and egg. I am willing to work for a 2.5+ https: configuration
This is a pretty valid reason to consider 2.5. However, I'm not convinced trunk
has fixed the funky things referred to in this thread either.
--
Daniel Ruggeri
On April 14, 2018 2:16:04 AM CDT, Stefan Eissing
wrote:
>
>> Am 13.04.2018 um 16:00 schrieb Joe Orton
> Am 13.04.2018 um 16:00 schrieb Joe Orton :
>
> It annoys me now that the "protocol" argument to "Listen" is really
> quite ill-defined. "https" is not even really a protocol, more a URL
> scheme, and I can't see it documented that enables SSLEngine anywhere.
> We also
On Fri, Apr 13, 2018 at 01:55:40PM +0200, Yann Ylavic wrote:
> At runtime, *with SNI*, when ssl_callback_ServerNameIndication() gets
> called and ap_vhost_iterate_given_conn()::ssl_find_vhost() reaches the
> second nvh (beta, with no SSL) corresponding to the SNI, we do
> SSL_set_SSL_CTX to switch
On Fri, Apr 13, 2018 at 1:11 PM, Joe Orton wrote:
>
> TL;DR:
> 1. my head hurts
> 2. I think my patch is OK
>
> Anyone read this far?
Yep, I was about to write almost the same long one too :)
One thing to add maybe.
At runtime, *with SNI*, when
Nice journey! You speak of this patch some messages ago:
Index: modules/ssl/ssl_engine_init.c
===
--- modules/ssl/ssl_engine_init.c (revision 1828914)
+++ modules/ssl/ssl_engine_init.c (working copy)
@@ -261,7 +261,8 @@
On Thu, Apr 12, 2018 at 09:38:46PM +0200, Ruediger Pluem wrote:
> On 04/12/2018 09:28 AM, Joe Orton wrote:
> > But logged is:
> >
> > ::1 - - [12/Apr/2018:08:11:12 +0100] "GET /agag HTTP/1.1" 404 12 HTTPS=on
> > SNI=localhost.localdomain
> > 127.0.0.1 - - [12/Apr/2018:08:11:15 +0100] "GET /agag
On 04/12/2018 09:28 AM, Joe Orton wrote:
> On Wed, Apr 11, 2018 at 10:24:23PM +0200, Yann Ylavic wrote:
>> On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton wrote:
>>> Yes, exactly - and for affected configs the defining feature is the
>>> absence of SSL* in the second vhost. The
> Am 12.04.2018 um 12:49 schrieb Yann Ylavic :
>
> On Thu, Apr 12, 2018 at 11:34 AM, Stefan Eissing
> wrote:
>>
>>
>>> Am 12.04.2018 um 11:23 schrieb Yann Ylavic :
>>>
>>> Hi Stefan,
>>>
>>> On Thu, Apr 12, 2018 at
On Thu, Apr 12, 2018 at 11:34 AM, Stefan Eissing
wrote:
>
>
>> Am 12.04.2018 um 11:23 schrieb Yann Ylavic :
>>
>> Hi Stefan,
>>
>> On Thu, Apr 12, 2018 at 11:09 AM, Stefan Eissing
>> wrote:
>>>
Am 11.04.2018
> Am 12.04.2018 um 11:23 schrieb Yann Ylavic :
>
> Hi Stefan,
>
> On Thu, Apr 12, 2018 at 11:09 AM, Stefan Eissing
> wrote:
>>
>>> Am 11.04.2018 um 22:24 schrieb Yann Ylavic :
>>>
>>> On Wed, Apr 11, 2018 at 7:54 PM,
Hi Stefan,
On Thu, Apr 12, 2018 at 11:09 AM, Stefan Eissing
wrote:
>
>> Am 11.04.2018 um 22:24 schrieb Yann Ylavic :
>>
>> On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton wrote:
>>>
>>> Is mod_md expected to work for vhosts
> Am 11.04.2018 um 22:24 schrieb Yann Ylavic :
>
> On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton wrote:
>> On Wed, Apr 11, 2018 at 01:37:22PM -0400, Eric Covener wrote:
>>> On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic wrote:
On
On Wed, Apr 11, 2018 at 10:24:23PM +0200, Yann Ylavic wrote:
> On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton wrote:
> > Yes, exactly - and for affected configs the defining feature is the
> > absence of SSL* in the second vhost. The non-SSL config still takes
> > effect as
On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton wrote:
> On Wed, Apr 11, 2018 at 01:37:22PM -0400, Eric Covener wrote:
>> On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic wrote:
>> > On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton wrote:
>> >> Like
On Wed, Apr 11, 2018 at 01:37:22PM -0400, Eric Covener wrote:
> On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic wrote:
> > On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton wrote:
> >> Like this? Is this likely to break some other currently-working config?
> >>
>
On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic wrote:
> On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton wrote:
>> Like this? Is this likely to break some other currently-working config?
>>
>> Index: modules/ssl/ssl_engine_init.c
>>
On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton wrote:
> Like this? Is this likely to break some other currently-working config?
>
> Index: modules/ssl/ssl_engine_init.c
> ===
> --- modules/ssl/ssl_engine_init.c
On Wed, Apr 11, 2018 at 6:41 PM, Joe Orton wrote:
> On Wed, Apr 11, 2018 at 05:49:47PM +0200, Yann Ylavic wrote:
>> I agree... to both Stefan's and your points of view here :p
>
> YOU FENCE SITTER! :)
:D
>
> I feel like it should be possible to restore the old behaviour
Like this? Is this likely to break some other currently-working config?
Index: modules/ssl/ssl_engine_init.c
===
--- modules/ssl/ssl_engine_init.c (revision 1828914)
+++ modules/ssl/ssl_engine_init.c (working copy)
@@
On Wed, Apr 11, 2018 at 05:49:47PM +0200, Yann Ylavic wrote:
> I agree... to both Stefan's and your points of view here :p
YOU FENCE SITTER! :)
> We can hardly break existing configurations, even if they rely on a
> bug (our bug...).
> But another user (or the same!) may open a bug when her/his
On Wed, Apr 11, 2018 at 5:49 PM, Yann Ylavic wrote:
> Maybe we need a global EXEC_ON_READ setting (before any vhost) to
> control/ignore AP_MODULE_FLAG_ALWAYS_MERGE?
Something like the attached possibly...
Index: include/http_config.h
On Wed, Apr 11, 2018 at 4:56 PM, Joe Orton wrote:
> On Wed, Apr 11, 2018 at 02:10:27PM +0200, Stefan Eissing wrote:
>> What we fixed here is a bug, plain and simple. And if installations rely
>> on a bug, they might break on an update. Seems unavoidable.
>>
>> Nowhere is this
On Wed, Apr 11, 2018 at 02:10:27PM +0200, Stefan Eissing wrote:
> What we fixed here is a bug, plain and simple. And if installations rely
> on a bug, they might break on an update. Seems unavoidable.
>
> Nowhere is this "a certificate is visible in other vhosts if it is configured
> in the
>
> Am 11.04.2018 um 13:57 schrieb Joe Orton :
>
> Thanks for the responses, Stefan. I understand this a bit better now,
> but it still seems very clearly like a regression.
>
> On Wed, Apr 11, 2018 at 10:28:05AM +0200, Stefan Eissing wrote:
>> Additional example of the
Thanks for the responses, Stefan. I understand this a bit better now,
but it still seems very clearly like a regression.
On Wed, Apr 11, 2018 at 10:28:05AM +0200, Stefan Eissing wrote:
> Additional example of the brokeness. If you add
> a SSL directive to the 2nd vhost in your example
> -
Additional example of the brokeness. If you add
a SSL directive to the 2nd vhost in your example
- without the new MERGE feature:
> Am 10.04.2018 um 18:22 schrieb Joe Orton :
>
> Listen 443 https
>
>
> ServerName www.example.com:443
> SSLCertificateFile ...
>
>
>
>
> Am 10.04.2018 um 18:22 schrieb Joe Orton :
>
> I don't quite understand the new AP_MODULE_FLAG_ALWAYS_MERGE logic so
> I'm struggling to debug this, but I've had a couple of reports that
> configurations like:
>
> Listen 443 https
>
>
> ServerName www.example.com:443
31 matches
Mail list logo