Time for 2.4.17 soonish?

I'd like to propose that we think about a 2.4.17 release within a coupla weeks and that we try to get http/2 support in for that release.

Re: Time for 2.4.17 soonish?

+1 > Am 22.09.2015 um 21:49 schrieb Jim Jagielski : > > I'd like to propose that we think about a 2.4.17 release > within a coupla weeks and that we try to get http/2 > support in for that release. >

Re: svn move modules/http2 modules/h2 ?

IMO, we should keep it where it is (modules/http2 to complement modules/http) but change the configure to --enable-http2 (but also allow --enable-h2 as well)... After all, we enable http/1 via --enable-http

Re: svn move modules/http2 modules/h2 ?

+1 > On Sep 22, 2015, at 1:01 PM, Gregg Smith wrote: > > http2 is more descriptive for the module's purpose, even if the name is > mod_h2. I like it where it is. > - 0 > > On 9/22/2015 5:08 AM, Stefan Eissing wrote: >> +0.5 >> >> h2 ftw! (but there is also a mod_mime in the

Re: svn move modules/http2 modules/h2 ?

That quickly went the wrong way... ;-) > Am 22.09.2015 um 19:39 schrieb Greg Stein : > > Yeah... if anything, rename to mod_http2. > >> On Tue, Sep 22, 2015 at 12:01 PM, Gregg Smith wrote: >> http2 is more descriptive for the module's purpose, even if the name

Re: svn move modules/http2 modules/h2 ?

http2 is more descriptive for the module's purpose, even if the name is mod_h2. I like it where it is. - 0 On 9/22/2015 5:08 AM, Stefan Eissing wrote: +0.5 h2 ftw! (but there is also a mod_mime in the http dir, so I do not really feel strongly about this) Am 22.09.2015 um 14:05 schrieb

Re: svn move modules/http2 modules/h2 ?

Yeah... if anything, rename to mod_http2. On Tue, Sep 22, 2015 at 12:01 PM, Gregg Smith wrote: > http2 is more descriptive for the module's purpose, even if the name is > mod_h2. I like it where it is. > - 0 > > > On 9/22/2015 5:08 AM, Stefan Eissing wrote: > >> +0.5 >> >> h2

Re: svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml

I struggled with the phrasing here, any fine-tuning (or more) appreciated. Does our default make sense considering the warning at the top of the doc? Should we make people specify "RemoteIPTrustedProxy *" if they don't want to restrict it? On Tue, Sep 22, 2015 at 2:11 PM,

RE: Time for 2.4.17 soonish?

Yann, Thanks very much for bringing it up. We would love to see that SO_REUSEPORT patch being merged into the release version of the httpd. It has been a long time :) Thanks, Yingqi -Original Message- From: Yann Ylavic [mailto:ylavic@gmail.com] Sent: Tuesday, September 22, 2015

Re: svn commit: r1703415 - in /httpd/test/framework/trunk/c-modules: authany/mod_authany.c test_session/mod_test_session.c

On Wed, Sep 16, 2015 at 10:08 AM, Jim Jagielski wrote: > All this is due to changes mode with the mainter-mode and > which causes build stop error and stop for these kinds > of warnings. These are simple 'squash warning' patches. As Greg points out these are toxic and

Re: svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml

I will try, I'm having trouble coming to terms with the idea because there is no way one would ever want private IP info from networks outside of their control to be used for access control. If you require ip 127.0.0.1 for your monitoring app/mod_status for example, this suggestion completely

Re: svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml

Maybe my followup is better phrased. No issue with handling of internal IPs. Currently, we act like RemoteIPTrustedProxy * by default (once they've named the XFF header) and warn people they'd better restrict it. On Tue, Sep 22, 2015 at 9:20 PM, William A Rowe Jr wrote: >

Re: Time for 2.4.17 soonish?

+1 to picking this up now-ish and letting it run through the paces while we are completing other things. On Tue, Sep 22, 2015 at 3:23 PM, Yann Ylavic wrote: > +1, possibly with SO_REUSEPORT too. > > On Tue, Sep 22, 2015 at 9:49 PM, Jim Jagielski wrote: >

Re: Disable SSLv3 by default

On Sat, Sep 19, 2015 at 4:05 AM, Kaspar Brand wrote: > On 17.10.2014 19:25, Kaspar Brand wrote: > > On 17.10.2014 12:02, Takashi Sato wrote: > >> SSLv3 is now insecure (CVE-2014-3566, POODLE) > >> Let's disable SSLv3 by default, at least trunk. > >> > >> SSLProtocol

Re: svn move modules/http2 modules/h2 ?

On Tue, Sep 22, 2015 at 9:52 PM, Jim Jagielski wrote: > IMO, we should keep it where it is (modules/http2 to complement > modules/http) but change the configure to --enable-http2 (but > also allow --enable-h2 as well)... After all, we enable http/1 > via --enable-http I'm fine

Re: Time for 2.4.17 soonish?

+1, possibly with SO_REUSEPORT too. On Tue, Sep 22, 2015 at 9:49 PM, Jim Jagielski wrote: > I'd like to propose that we think about a 2.4.17 release > within a coupla weeks and that we try to get http/2 > support in for that release. >

Re: svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml

On Tue, Sep 22, 2015 at 8:48 PM, Eric Covener wrote: > Maybe my followup is better phrased. No issue with handling of internal > IPs. > > Currently, we act like RemoteIPTrustedProxy * by default (once they've > named the XFF header) and warn people they'd better restrict it.

Re: svn move modules/http2 modules/h2 ?

+1 - mostly because --enable-http2 is easier to grok than --enable-h2, not because I object to the old name :) On Sep 22, 2015 12:39, "Greg Stein" wrote: > Yeah... if anything, rename to mod_http2. > > On Tue, Sep 22, 2015 at 12:01 PM, Gregg Smith wrote: > >>

mod_h2 – browsers getting confused

Apachelounge made the branches/2.4.17-protocols-http2 binary available. Issue reported: see https://www.apachelounge.com/viewtopic.php?p=31720 The poster there is referring to https://http2.github.io/http2-spec/#rfc.section.9.1.1 Steffen

mod_h2 – browsers getting confused

Apachelounge made the binary available. Issue reported: see https://www.apachelounge.com/viewtopic.php?p=31720#31720 The poster there is referring to https://http2.github.io/http2-spec/#rfc.section.9.1.1 Steffen

Re: connection reuse and ssl renegotiation

On Tue, Sep 22, 2015 at 1:24 PM, Stefan Eissing wrote: > > SSL renegotiation is forbidden in HTTP/2, exactly due to concurrency issues. Certainly a concurrency between each one's privacy and every one's data in the same stream :) Also, let servers trust the security

connection reuse and ssl renegotiation

Just an update on this topic: We currently allow only connection reuse for the server/vhost that was selected by the SNI, thanks to the patch by Yann. However, the problem is deeper than I originally thought: SSL renegotiation is forbidden in HTTP/2, exactly due to concurrency issues. There is

Re: 2.4.17-protocols-http2 :: Restarting

Update, running a few days. Once in a few hours I see crashes. With no-ssl and no_mod_h2 crash in libapr-1.dll With ssl and mod_h2 crash in mod_h2.so With mod_h2 see till now a few in the log: [h2:warn] [pid 8980:tid 2740] (70015)Could not find specified socket in poll list.: [client

svn move modules/http2 modules/h2 ?

I'm confused about the sources being in modules/http2 and the module being mod_h2 (configured with --enable-h2, ...), it seems to be the only one like this. +1 for me...

Re: svn move modules/http2 modules/h2 ?

+0.5 h2 ftw! (but there is also a mod_mime in the http dir, so I do not really feel strongly about this) > Am 22.09.2015 um 14:05 schrieb Yann Ylavic : > > I'm confused about the sources being in modules/http2 and the module > being mod_h2 (configured with --enable-h2,

R: Re: graceful child process exit

>Messaggio originale >Da: sor...@gmail.com >Data: 21-set-2015 9.22 >A: >Ogg: Re: graceful child process exit > >On 2015-09-21 00:45, Massimo Manghi wrote: > >Have a look at apr_pool_cleanup_register. > >I don't have pleasant memories with process pools. The problem is that