Re: httpd-2.4 --enable-load-all-modules side-effect

Hi Bill, Am 08.02.2016 um 19:11 schrieb William A Rowe Jr: ./configure [...] "--with-mods-shared=all" \ "--enable-mods-shared=all" \ "--enable-mpms-shared=all" \ "--enable-load-all-modules" \ "--with-mpm=worker" \ While this should be great for testing a variety of modules and is very helpful

Re: balancer-manager docs

Am 09.02.2016 um 13:25 schrieb Jim Jagielski: We currently have really really little info about the balancer- manager in our docs, just a short little blurb on how to enable it and a brief description of what it does [1]. I'd like to extend that, but does it make sense to add it to the

Re: Proxy_Util needs another export.

Hi Norm, Am 31.01.2016 um 00:59 schrieb NormW: G'Day, Recent changes to mod_proxy_[connect/wstunnel] prompt another export from proxy_util. Wouldn't an awk script simplify symbol extraction from proxy_util and obviate the need for tweaking manual lists? I added support for proxy to the

Unused code in mod_ratelimit?

I can't figure out where some stuff in mod_ratelimit's is used: - exported function ap_rl_start_create() and ap_rl_end_create() - function rl_bucket_read() only used in the above two unused functions - exported bucket types ap_rl_bucket_type_end and ap_rl_bucket_type_start also only used in

Re: svn commit: r1729927 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_kernel.c ssl_private.h

Yes, thanks for the review! Wrong checked version in "#if" (copy typo) fixed with r1729998. Regards, Rainer Am 12.02.2016 um 11:25 schrieb Ruediger Pluem: On 02/12/2016 01:44 AM, rj...@apache.org wrote: Author: rjung Date: Fri Feb 12 00:44:22 2016 New Revision: 1729927 URL:

Re: mod_proxy_http2

he DSO_MODULES list and the generated httpd.conf will contain their LoadModule behind the ones for mod_proxy. I have also added mod_proxy as a prerequisite in the m4 macro for mod_proxy_http2. I hope it works as designed ... Regards, Rainer Am 10.02.2016 um 16:41 schrieb Rainer Jung:

Re: httpd-trunk/modules/http2 gets a proxy

Am 12.02.2016 um 11:13 schrieb Stefan Eissing: Thanks. Added in r1729969. Am 11.02.2016 um 21:52 schrieb NormW : I got confused. Which file now builds mod_proxy_http2 on Netware? I can't find it. Shouldn't we also need a modules/http2/NWGNUmod_proxy_http2 file? Regards,

Re: httpd-2.4 --enable-load-all-modules side-effect

Am 08.02.2016 um 20:47 schrieb Rainer Jung: Hi Bill, Am 08.02.2016 um 19:11 schrieb William A Rowe Jr: ./configure [...] "--with-mods-shared=all" \ "--enable-mods-shared=all" \ "--enable-mpms-shared=all" \ "--enable-load-all-modules" \ "--w

Re: ssl renegotiate

Am 09.02.2016 um 20:03 schrieb Stefan Eissing: Am 09.02.2016 um 19:58 schrieb Rainer Jung <rainer.j...@kippdata.de>: Am 09.02.2016 um 19:20 schrieb Stefan Eissing: Ah, closer look revealed that the first test was a cipher renegotiation using HTTP/1.1. That no longer works, but the

Re: ssl renegotiate

narrow it down. Cheers, Stefan Am 09.02.2016 um 21:47 schrieb Rainer Jung <rainer.j...@kippdata.de>: Am 09.02.2016 um 20:03 schrieb Stefan Eissing: Am 09.02.2016 um 19:58 schrieb Rainer Jung <rainer.j...@kippdata.de>: Am 09.02.2016 um 19:20 schrieb Stefan Eissing: Ah, cl

Re: svn commit: r1729901 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/http_core.h include/httpd.h server/core.c

I fixed two minor compilation failures, but one type of failure remains: .../server/core.c: In function 'ap_get_remote_host': .../server/core.c:959:17: error: cannot take address of bit-field 'double_reverse' do_double_reverse(>double_reverse, conn->remote_host,

Re: Support for OpenSSL 1.1.0

The list is getting shorter. The test suite currently only shows a few failures due to the missing "talking http on https" support. Am 09.02.2016 um 11:20 schrieb Rainer Jung: Open problems: 1) HTTP on HTTPS OpenSSL 1.1.0 currently doesn't support the "HTTP spoken on HT

Re: Proxy_Util needs another export.

Am 05.02.2016 um 12:14 schrieb NormW: G/E 9.51pm in Oz Updated http-trunk (last mod_proxy.h by Yann) and now get the following: Building D:/Projects/svn/httpd-trunk/modules/proxy Calling NWGNUproxy GEN obj_release/proxy_cc.opt CC mod_proxy.c CC proxy_util.c CC ../arch/netware/libprews.c

Re: svn commit: r1728656 - in /httpd/httpd/trunk: build/make_nw_export.awk modules/proxy/mod_proxy.h

Am 05.02.2016 um 13:46 schrieb Yann Ylavic: On Fri, Feb 5, 2016 at 1:31 PM, wrote: Author: rjung Date: Fri Feb 5 12:31:33 2016 New Revision: 1728656 [] Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.h URL:

Re: Proxy_Util needs another export.

Hi Norm, Am 05.02.2016 um 22:58 schrieb NormW: G/M Rainer, I'd say this is getting much closer now: The only symbol that doesn't seem to make it into mod_proxy's export list is 'proxy_module' itself. The build log for /proxy looks like: It should make it to mod_proxy's export list, because

Re: Netware proxy makefiles and USE_STDSOCKETS

Hi Norm, Am 08.02.2016 um 22:45 schrieb NormW: G/M Brad, G/M Rainer On 8/02/2016 9:17 AM, Brad Nicholes wrote: Rainer, It has actually been quite a while since I have been on this list. I did most of the initial Netware port of Apache. Apache for Netware uses its own implementation of

Re: Netware proxy makefiles and USE_STDSOCKETS

Thanks for the background info! Regards, Rainer Am 07.02.2016 um 23:17 schrieb Brad Nicholes: Rainer, It has actually been quite a while since I have been on this list. I did most of the initial Netware port of Apache. Apache for Netware uses its own implementation of Winsock as the

[Update] Support for OpenSSL 1.1.0

I have send a candidate patch for the "talking http on https" patch to the OpenSSL project. Using this patch and another fix I applied to trunk for reneg handling in the proxy client case (mod_proxy talking https to a backend), I'm now down to one remaining test suite failure. More precisely

Some test failures in trunk

While doing the OpenSSL related tests I noticed a few unrelated test failures in trunk. Those happen only for worker and prefork, not for event! I test on Solaris, didn't yet try on Linux: - worker and prefork - t/apache/passbrigade.t: 108-114, sometimes 108 or 114 are ok -

Re: Questions about mod_event's documentation

Hi Luca, some fragmentary answer: Am 01.02.2016 um 10:17 schrieb Luca Toscano: ... - AsyncRequestWorkerFactor is used to regulate the amount of requests that a single process/threads block can handle, calculating the value periodically using the idle threads/workers available. In case of

Re: Questions about mod_event's documentation

Am 02.02.2016 um 18:01 schrieb Luca Toscano: Hi Rainer, thank you 100 times for this email, it was really helpful! Comments inline: 2016-02-02 17:12 GMT+01:00 Rainer Jung <rainer.j...@kippdata.de <mailto:rainer.j...@kippdata.de>>: The number of worker threads per process

Re: svn commit: r1729495 [2/2] - in /httpd/httpd/branches/2.4.x: ./ modules/aaa/ modules/arch/win32/ modules/core/ modules/examples/ modules/filters/ modules/http2/ modules/loggers/ modules/lua/ modul

Am 15.02.2016 um 07:28 schrieb Christophe JAILLET: Le 10/02/2016 00:09, rj...@apache.org a écrit : Modified: httpd/httpd/branches/2.4.x/server/mpm/event/event.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/mpm/event/event.c?rev=1729495=1729494=1729495=diff @@ -3245,7

mod_speling changes in trunk and backport

There were two changes to mod_speling in trunk in 2013/2014. They were motivated by PR 44221: although the docs claim that using "CheckCaseOnly On" "limits the action of the spelling correction to lower/upper case changes. Other potential corrections are not performed." In fact mod_speling

Re: svn commit: r1729495 [2/2] - in /httpd/httpd/branches/2.4.x: ./ modules/aaa/ modules/arch/win32/ modules/core/ modules/examples/ modules/filters/ modules/http2/ modules/loggers/ modules/lua/ modul

Am 22.02.2016 um 22:48 schrieb Marion & Christophe JAILLET: Le 22/02/2016 22:21, Rainer Jung a écrit : Am 15.02.2016 um 07:28 schrieb Christophe JAILLET: Le 10/02/2016 00:09, rj...@apache.org a écrit : Modified: httpd/httpd/branches/2.4.x/server/mpm/event/event.c URL: http://svn.apache

Re: [Update] Support for OpenSSL 1.1.0

The nice people at OpenSSL have already committed the two patches (renegotiation with ECDHE ciphers, detecting HTTP-on-HTTPS) and I think I found an easy way to trigger renegotiation without polling (using SSL_peek). The current code runs the test suite with 1.0.2 and with 1.1.0 without any

Re: svn commit: r1725551 - /httpd/httpd/trunk/docs/log-message-tags/find-messages.cocci

Am 21.01.2016 um 01:33 schrieb Yann Ylavic: On Thu, Jan 21, 2016 at 12:35 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Am 21.01.2016 um 00:17 schrieb Yann Ylavic: On Tue, Jan 19, 2016 at 4:45 PM, <rj...@apache.org> wrote: Author: rjung Date: Tue Jan 19 15:45:44 2016

Re: svn commit: r1725523 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h mod_proxy_hcheck.c

Am 19.01.2016 um 20:02 schrieb Jim Jagielski: Ahhh... yeah, I guess updating all the usages to do that makes sense. Done in r1725602. On Jan 19, 2016, at 1:59 PM, Ruediger Pluem wrote: On 01/19/2016 06:45 PM, Jim Jagielski wrote: On Jan 19, 2016, at 11:09 AM,

Re: svn commit: r1725949 - /httpd/httpd/trunk/docs/manual/expr.xml

I should have asked earlier: wouldn't it be more suitable to implement to response body as a variable instead of a function? When looking at server/util_expr_eval.c, I find request_var_names and request_var_fn. The former is a list of variable names, and the latter implements returning the

Re: svn commit: r1725523 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h mod_proxy_hcheck.c

Hi Jim, Am 21.01.2016 um 15:35 schrieb Jim Jagielski: BTW, do you have pointers on how to use your "new" Coccinelle/spatch script to assign AH log numbers? first I had to build OCAML and coccinelle (which provides spatch) on Solaris. As usual not much fun. I assume, you can find ready-to-go

Re: mod_status, server, protocol

Am 21.01.2016 um 15:05 schrieb Jim Jagielski: I think that we should always ensure that mod_status provides the info and insight that our users want and need, so +1 on adding fields and columns as required. It *might* make sense to add them at the end, almost as if we were adding additional

Re: svn commit: r1725949 - /httpd/httpd/trunk/docs/manual/expr.xml

n 21, 2016, at 10:25 AM, Jim Jagielski <j...@jagunet.com> wrote: Sounds good to me!! thx! On Jan 21, 2016, at 10:23 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: I should have asked earlier: wouldn't it be more suitable to implement to response body as a variable instead of a f

Re: svn commit: r1726038 - /httpd/httpd/trunk/modules/proxy/mod_proxy_hcheck.c

Am 21.01.2016 um 18:55 schrieb Jim Jagielski: This implies that the kept_body() func added to ap_expr should be removed, right? At least it is no longer needed for proxy_hcheck. If we want to provide the original kept_body as used by mod_request to expr we can keep it. I don't know whether

Re: svn commit: r1726038 - /httpd/httpd/trunk/modules/proxy/mod_proxy_hcheck.c

Am 21.01.2016 um 18:59 schrieb Jim Jagielski: BTW: that is so cool. No idea we could do that w/ ap_expr! Don't know whether it is useful but you can now easily provide more hcheck info to expr as long as there's code that returns that info and using it in success formulas is helpful. Like

Re: svn commit: r1725949 - /httpd/httpd/trunk/docs/manual/expr.xml

or the new function hc(). Currently only HC_BODY and hc(body) are supported. Both return the saved body of the health check response to be used in an expr that decides about success of a check. Regards, Rainer On Jan 21, 2016, at 11:51 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Am

Re: svn commit: r1725949 - /httpd/httpd/trunk/docs/manual/expr.xml

016, at 12:50 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: Am 21.01.2016 um 17:55 schrieb Jim Jagielski: even better! sounds cool. First impl done in r1726038. I guess you have everything in place to do a quick test? That would be nice. svn log is: Implement expr lookup in mod_proxy_hche

Bus error for proxy_hcheck on Solaris

Probably an alignment problem, but I don't immediately see how: at modules/proxy/mod_proxy_hcheck.c:410 wctx = 0x70706461 So this is not an address usable for a pointer. But wctx comes from hc->s->context: {name = "f9328\000/www.kippdata.de/", '\000' , scheme = "http", '\000' ,

Re: Bus error for proxy_hcheck on Solaris

hod=GET hcinterval=10 Regards, Rainer Am 21.01.2016 um 20:59 schrieb Rainer Jung: Probably an alignment problem, but I don't immediately see how: at modules/proxy/mod_proxy_hcheck.c:410 wctx = 0x70706461 So this is not an address usable for a pointer. But wctx comes from hc->s-

Re: Bus error for proxy_hcheck on Solaris

At least it works now, does probing and also hc() works. Cool. Rainer Am 21.01.2016 um 21:28 schrieb Jim Jagielski: Based on your stack, then that was the section you hit. But I have no idea how you hit it. The test is: if (hc->s->method != worker->s->method) I'll have a look. but

Re: proxy_hcheck: Expr name in balancer manager after graceful restart

Am 22.01.2016 um 00:02 schrieb Jim Jagielski: Almost. ctx->conditions is a per-server struct created during the create per-server phase. It is populated by set_hc_condition() which is run when config directives are run during normal command directive processing. So when we do a graceful restart,

proxy_hcheck: Expr name in balancer manager after graceful restart

The name shown in the Expr table of the balancer manager changes after a graceful restart. Before restart it is the symbolic name used in the config, e.g. ok234. After the restart it is the full path name of the shared memory file. The expression itself shown in the second column is OK before

Re: Work in progress: mod_proxy Health Check module

especially from people who's 1st and last names have the same letters :) On Jan 20, 2016, at 8:08 AM, Jim Jagielski <j...@jagunet.com> wrote: On Jan 20, 2016, at 7:59 AM, Jim Jagielski <j...@jagunet.com> wrote: On Jan 20, 2016, at 3:34 AM, Rainer Jung <rainer.j...@kippdata.de&g

Re: svn commit: r1725551 - /httpd/httpd/trunk/docs/log-message-tags/find-messages.cocci

Am 21.01.2016 um 00:17 schrieb Yann Ylavic: On Tue, Jan 19, 2016 at 4:45 PM, wrote: Author: rjung Date: Tue Jan 19 15:45:44 2016 New Revision: 1725551 URL: http://svn.apache.org/viewvc?rev=1725551=rev Log: Improve spatch for APLOGNO a bit. Modified:

Re: Work in progress: mod_proxy Health Check module

Am 20.01.2016 um 01:57 schrieb Jim Jagielski: Right now GET and CPING (as well as provider) is on my TODO, in fact, they are currently set as "unimplemented" although the hooks are there. The main issue is that we need to worry about a (possibly) large response body and some method of checking

Re: svn commit: r1730061 - /httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in

Am 15.02.2016 um 12:11 schrieb Ruediger Pluem: On 02/12/2016 05:28 PM, rj...@apache.org wrote: Author: rjung Date: Fri Feb 12 16:28:32 2016 New Revision: 1730061 URL: http://svn.apache.org/viewvc?rev=1730061=rev Log: Define CTSCTStorage for mod_ssl_ct. The module does not load without

Re: Backport of auto proxy(_util) exports?

Am 29.02.2016 um 23:03 schrieb NormW: G/M Rainer, Any known reason your recent tweaks to automatically create the mod_proxy exports list cannot be nominated for back-port to 2.4.x? Not that I'm aware off. Things have settled a bit now, so probably it' the time to propose a backport. If

proxy API compat break in 2.4.7

Revision 1560081 (backport of r1533087) introduced "char uds_path[PROXY_WORKER_MAX_NAME_SIZE]" in the middle of the proxy_worker_shared structure which IMHO broke compatibility between 2.4.6 and 2.4.7. I noticed it just now, because I was implementing a custom LB method and during runtime it

Re: proxy API compat break in 2.4.7

this situation, as half the world will benefit from leaving things as they are, and the other half of the world would have an easier time migrating from 2.4.early to 2.4.now. Lose lose situation in my mind, so best to leave as-is, with docs. On Thu, Apr 7, 2016 at 1:09 PM, Rainer Jung <raine

Re: proxy API compat break in 2.4.7

Am 08.04.2016 um 00:55 schrieb Yann Ylavic: On Thu, Apr 7, 2016 at 8:09 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: Revision 1560081 (backport of r1533087) introduced "char uds_path[PROXY_WORKER_MAX_NAME_SIZE]" in the middle of the proxy_worker_shared structure

Allow SSLProxy* config in context?

I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both backends demand client certs as becomes more and more common for services today. Unfortunately the CA which issues the client certs in both cases is the same CA, but the

Re: TLS session ticket key (shared) renewal

Am 18.03.2016 um 15:01 schrieb Yann Ylavic: On Fri, Mar 18, 2016 at 2:55 PM, Yann Ylavic wrote: Currently this can be done by using a (shared) SSLSessionTicketKeyFile and gracefuly restarting httpd instances, but there is room for improvements here. Thoughts? For the

Re: svn commit: r1734656 - in /httpd/httpd/trunk: ./ include/ modules/http/ server/ server/mpm/event/ server/mpm/motorz/ server/mpm/simple/

Am 14.03.2016 um 09:48 schrieb Ruediger Pluem: On 03/12/2016 01:43 AM, minf...@apache.org wrote: Author: minfrin Date: Sat Mar 12 00:43:58 2016 New Revision: 1734656 URL: http://svn.apache.org/viewvc?rev=1734656=rev Log: core: Extend support for setting aside data from the network input filter

Re: TLS session ticket key (shared) renewal

Am 23.03.2016 um 00:30 schrieb Paul Querna: On Tue, Mar 22, 2016 at 3:32 PM, Yann Ylavic > wrote: On Tue, Mar 22, 2016 at 4:18 PM, Paul Querna > wrote: > My thought was to add support for

Re: [Update] Support for OpenSSL 1.1.0

OpenSSL 1.1.0 pre 4 = Beta 1 is out. I did another round of compatibility updates for mod_ssl. Apart form fixing Bugs, the OpenSSL 1.1.0 API is supposed to stay stable now. So I hope mod_ssl can stabilize now. The current code runs the test suite with 1.0.2 and with 1.1.0 without any ssl

Re: [Update] Support for OpenSSL 1.1.0

not before 2.4.19 -> not before 2.4.20 ... Am 23.03.2016 um 15:18 schrieb Rainer Jung: OpenSSL 1.1.0 pre 4 = Beta 1 is out. I did another round of compatibility updates for mod_ssl. Apart form fixing Bugs, the OpenSSL 1.1.0 API is supposed to stay stable now. So I hope mod_ssl can stabil

Re: mod_speling changes in trunk and backport

Am 02.03.2016 um 08:03 schrieb Christophe JAILLET: Le 23/02/2016 20:24, Rainer Jung a écrit : There were two changes to mod_speling in trunk in 2013/2014. They were motivated by PR 44221: although the docs claim that using "CheckCaseOnly On" "limits the action of the spel

Re: svn commit: r1740653 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_kernel.c ssl_engine_ocsp.c ssl_private.h ssl_util_stapling.c

Am 29.04.2016 um 10:26 schrieb Yann Ylavic: On Fri, Apr 29, 2016 at 10:16 AM, Yann Ylavic <ylavic@gmail.com> wrote: Hi Rainer, On Fri, Apr 29, 2016 at 10:13 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: The function X509_STORE_CTX_get0_current_issuer() has first shown u

Re: svn commit: r1740653 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_kernel.c ssl_engine_ocsp.c ssl_private.h ssl_util_stapling.c

Hi Yann, Am 29.04.2016 um 09:59 schrieb Yann Ylavic: On Sat, Apr 23, 2016 at 3:17 PM, wrote: Author: rjung Date: Sat Apr 23 13:17:52 2016 New Revision: 1740653 URL: http://svn.apache.org/viewvc?rev=1740653=rev Log: Support for OpenSSL 1.1.0: - X509_STORE_CTX is now opaque.

Re: svn commit: r1742794 - /httpd/httpd/branches/2.4.x/STATUS

Am 08.05.2016 um 14:29 schrieb Yann Ylavic: On Sun, May 8, 2016 at 12:30 PM, wrote: + * Don't globber scoreboard request info if read_request_line() fails with + a timeout. In that case there's not yet any new useful request info + available. + Noticed via

Re: svn commit: r1742794 - /httpd/httpd/branches/2.4.x/STATUS

Am 08.05.2016 um 16:30 schrieb Rainer Jung: Am 08.05.2016 um 14:29 schrieb Yann Ylavic: On Sun, May 8, 2016 at 12:30 PM, <rj...@apache.org> wrote: + * Don't globber scoreboard request info if read_request_line() fails with + a timeout. In that case there's not yet any new

Re: svn commit: r1742794 - /httpd/httpd/branches/2.4.x/STATUS

Am 08.05.2016 um 20:06 schrieb Yann Ylavic: [top posting reodered] On Sun, May 8, 2016 at 7:21 PM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: Am 08.05.2016 um 16:30 schrieb Rainer Jung <rainer.j...@kippdata.de>: If that would be consensus, it would mean, we shoul

Re: svn commit: r1732275 - in /httpd/httpd/branches/2.4.x: ./ include/ap_mmn.h include/http_connection.h include/scoreboard.h modules/generators/mod_status.c modules/ssl/ssl_engine_kernel.c server/con

Am 14.04.2016 um 22:05 schrieb olli hauer: On 2016-04-14 21:48, Yann Ylavic wrote: On Thu, Apr 14, 2016 at 9:40 PM, olli hauer wrote: I've done a quick test with $ ab -n 1 -c 100 $host/$url During the test the count of idle worker are incrementing and decrementing but

Re: Allow SSLProxy* config in context?

Am 14.04.2016 um 02:57 schrieb Daniel Ruggeri: On 4/13/2016 2:22 PM, Rainer Jung wrote: We could pass the worker name from mod_proxy to mod_ssl via a connection note, similar to currently already passing the SNI name via the connection note proxy-request-hostname. +1 on the connection note

Re: Allow SSLProxy* config in context?

Am 13.04.2016 um 19:49 schrieb Rainer Jung: Am 13.04.2016 um 17:04 schrieb Graham Leggett: On 13 Apr 2016, at 12:40 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both ba

Re: Allow SSLProxy* config in context?

Am 15.04.2016 um 03:20 schrieb Daniel Ruggeri: On 4/14/2016 3:08 AM, Rainer Jung wrote: Your idea to allow selecting a client cert based on CN or DN sounds attractive to me as well. But since it wouldn't help with other per backend settings (like different Verify settings) we might even think

Re: Allow SSLProxy* config in context?

Am 13.04.2016 um 17:04 schrieb Graham Leggett: On 13 Apr 2016, at 12:40 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both backends demand client certs as becomes more an

Re: Allow SSLProxy* config in context?

Am 15.04.2016 um 13:30 schrieb Yann Ylavic: On Thu, Apr 14, 2016 at 9:57 AM, Yann Ylavic wrote: IIUC, the block is a per_dir context already, which can/could accept any directive provided their ap_check_cmd_context() allows it (we may need to declare a new PROXY_CONF).

Re: Allow SSLProxy* config in context?

Am 21.04.2016 um 00:35 schrieb Yann Ylavic: On Tue, Apr 19, 2016 at 9:36 PM, Yann Ylavic wrote: What changed is: 1. SSLProxy* directives are now per directory (restricted to Server/VirtualHost and ), so all the internal struct members have been move from SSLSrvConfigRec

Re: svn commit: r1741310 - in /httpd/httpd/trunk: modules/http2/ server/ server/mpm/event/ server/mpm/motorz/ server/mpm/simple/ server/mpm/winnt/ server/mpm/worker/

Am 28.04.2016 um 04:30 schrieb William A Rowe Jr: On Wed, Apr 27, 2016 at 6:16 PM, Yann Ylavic > wrote: I was offline today so couldn't comment on the different messages on the subject, so I'll try to summarize (here) my understanding,

Re: svn commit: r1755882 - in /httpd/httpd/branches/2.4.x-openssl-1.1.0-compat: ./ modules/ssl/ssl_engine_kernel.c

Am 11.08.2016 um 19:53 schrieb William A Rowe Jr: On Aug 10, 2016 4:58 PM, > wrote: Author: rjung Date: Wed Aug 10 21:58:47 2016 New Revision: 1755882 URL: http://svn.apache.org/viewvc?rev=1755882=rev Log: Silence more "defined but not used" compiler

mod_remoteip DNS address resolution

Hi there, I learned that mod_remoteip does IP address resolution including DNS when it processes a token from the configured RemoteIPHeader. In the observed case, two different customers using F5 load balancers had a numeric IP address in the header which was followed without white space or

Re: mod_remoteip DNS address resolution

Am 04.08.2016 um 13:36 schrieb Yann Ylavic: On Thu, Aug 4, 2016 at 10:14 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Something like "RemoteIPLookups (On|Off|NNN)". "On" would be current behavior, "Off" would be "No DNS and use connection IP if ad

Re: svn commit: r1756049 - /httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_util.c

Hi Yann, Am 11.08.2016 um 23:07 schrieb Yann Ylavic: On Thu, Aug 11, 2016 at 11:01 PM, wrote: +#if OPENSSL_VERSION_NUMBER >= 0x1000L + +static void ssl_util_thr_id(CRYPTO_THREADID *id) +{ +/* OpenSSL needs this to return an unsigned long. On OS/390, the pthread +

Re: Core on trunk for t/apache/limits.t

Am 05.08.2016 um 16:06 schrieb Jim Jagielski: Testing HEAD on trunk I see t/apache/limits.t failing w/ a core dump on OSX 10.11.6: t/apache/limits.t .. 4/12 # Failed test 4 in t/apache/limits.t at line 168 fail #2 t/apache/limits.t .. Failed 1/12 subtests (lldb) bt * thread #1: tid = 0x,

Re: svn commit: r1779738 - in /httpd/httpd/trunk: ./ modules/http2/

Am 21.01.2017 um 16:07 schrieb ic...@apache.org: Author: icing Date: Sat Jan 21 15:07:42 2017 New Revision: 1779738 URL: http://svn.apache.org/viewvc?rev=1779738=rev Log: On the trunk: *) mod_http2: rework of stream resource cleanup to avoid a crash in a close of a lingering connection.

Re: mod_remoteip DNS address resolution

Am 04.08.2016 um 17:46 schrieb Yann Ylavic: On Thu, Aug 4, 2016 at 3:30 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: - apr_ipsubnet_create() has some logic, that for instance accepts "192.168" as input with NULL mask_or_numbits and returns sub 192.168.0.0 and mask 25

Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c

Am 14.10.2016 um 22:48 schrieb wr...@apache.org: Author: wrowe Date: Fri Oct 14 20:48:43 2016 New Revision: 1764961 URL: http://svn.apache.org/viewvc?rev=1764961=rev Log: Dropped the never-released ap_has_cntrls() as it had very limited and inefficient application at that, added

Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c

Yes, sorry... I meant to commit these all at once. Patch incoming. On Oct 15, 2016 6:23 PM, "Rainer Jung" <rainer.j...@kippdata.de <mailto:rainer.j...@kippdata.de>> wrote: Am 14.10.2016 um 22:48 schrieb wr...@apache.org <mailto:wr...@apache.or

Re: [VOTE] Release Apache httpd 2.4.24 as GA

Am 16.12.2016 um 15:13 schrieb Steffen: An other one: mod_socache_memcache.c(38): fatal error C1083: Cannot open include file: 'mod_status.h': No such file or directory Build files are not changed to include mod_status.h This specific problem is hopefully fixed by:

Re: [VOTE] Release Apache httpd 2.4.24 as GA

t;../generators" And that works. Cheers, Steffen On Friday 16/12/2016 at 16:02, Rainer Jung wrote: Am 16.12.2016 um 15:13 schrieb Steffen: An other one: mod_socache_memcache.c(38): fatal error C1083: Cannot open include file: 'mod_status.h': No such file or directory Build files are no

Re: [VOTE] Release Apache httpd 2.4.24 as GA

I think the following missing simple backport from trunk is fixing it: http://svn.apache.org/r1706595 Regards, Rainer Am 16.12.2016 um 15:59 schrieb Steffen: Reverted that change, building and running now. On Friday 16/12/2016 at 15:01, Jim Jagielski wrote: Looks related to:

Re: [VOTE] Release Apache httpd 2.4.25 as GA

Am 17.12.2016 um 10:46 schrieb Marion & Christophe JAILLET: Proposed fix in r1774728. A solution, stating that the tests have been skipped because of sed location, would be better, though. I switched the test to using a simple perl script instead of sed, so that we have no platform

Re: svn commit: r1774650 - /httpd/httpd/branches/2.4.x/modules/cache/mod_socache_memcache.mak

Thanks, didn't notice the mak files, because trunk doesn't have them. I just noticed that the RSC_PROJ lines in the mak files also contain include directories but not the one for "generators", in nove of the cache module mak files. I have no idea what RSC_PROJ is used for but it looks

Re: [VOTE] Release Apache httpd 2.4.25 as GA

Am 16.12.2016 um 21:11 schrieb Jacob Champion: On 12/16/2016 10:29 AM, Jim Jagielski wrote: I'm calling a VOTE on releasing these as Apache httpd 2.4.25 GA. mod_ext_filter tests are failing for me on Ubuntu 16.04 x64, but I *think* this is due to a bug in the tests as opposed to a regression,

Re: Welcome Lucien Gentis and Luca Tascano to the HTTP Server PMC

Am 13.01.2017 um 02:23 schrieb Eric Covener: HTTP Server committers Lucien Gentis and Luca Tascano were recently elected to the HTTP Server Project Management Committee (PMC). Welcome Lucien and Luca to the PMC! Rainer

Re: [VOTE] Release httpd-2.2.32

Am 09.01.2017 um 19:21 schrieb William A Rowe Jr: The pre-release candidate tarballs of Apache legacy httpd 2.2.32 can be found in; http://httpd.apache.org/dev/dist/ Thanks to all for patches and reviews to get us to this point. STATUS file is updated to reflect end of maintenance Jul 1 '17.

Re: svn commit: r1775186 - /httpd/test/framework/trunk/t/apache/http_strict.t

Hi Bill, Am 20.12.2016 um 18:22 schrieb William A Rowe Jr: On Mon, Dec 19, 2016 at 4:20 PM, > wrote: Author: rjung Date: Mon Dec 19 22:20:12 2016 New Revision: 1775186 URL: http://svn.apache.org/viewvc?rev=1775186=rev

Re: [VOTE] Release Apache httpd 2.4.25 as GA

Am 16.12.2016 um 19:29 schrieb Jim Jagielski: At long, long last, the pre-release test tarballs for Apache httpd version 2.4.25 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.25 GA. [ ] +1: Good to go [ ]

Re: svn commit: r1722154 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/core/mod_watchdog.c

Late review due to compiler warning in 2.4.25 release testing, see below: Am 29.12.2015 um 16:38 schrieb j...@apache.org: Author: jim Date: Tue Dec 29 15:38:29 2015 New Revision: 1722154 URL: http://svn.apache.org/viewvc?rev=1722154=rev Log: Update w/ better logging Modified:

Re: svn commit: r1769669 [2/2] - in /httpd/httpd/branches/2.4.x-merge-http-strict: ./ docs/manual/ docs/manual/mod/ include/ server/

Am 22.12.2016 um 18:25 schrieb William A Rowe Jr: On Thu, Dec 22, 2016 at 9:29 AM, Eric Covener > wrote: I think the log severity changes below could use some eyes, especially in context of 2.2. Are these lowered because they're redundant?

Strange http2 test error on Solaris with static linking

The test t/modules/http2.t fails consistently on Solaris when httpd is statically linked. Results are based on 2.4.25. Here is an excerpt from the truss output for the first test in http2.t (all fail) starting around the first difference between the good and bad case. The first log line

Re: Fixing more OpenSSL callback crashes

Am 10.04.2017 um 22:41 schrieb Jacob Champion: A few questions for the list while I'm brainstorming the best way to fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60947 ... - What is the oldest version of OpenSSL we'll support for the 2.4.x line? Will that version change in 2.next? For

Re: Fixing more OpenSSL callback crashes

Hi Jacob, Am 12.04.2017 um 02:16 schrieb Jacob Champion: On 04/10/2017 03:59 PM, Jacob Champion wrote: So it looks like my test program might still be a possible solution for detecting whether we need a callback at configure time, unless anyone knows of a platform where two thread-local errnos

Re: The drive for 2.4.26

Am 20.04.2017 um 21:23 schrieb Jacob Champion: On 04/20/2017 07:31 AM, Gregg Smith wrote: ABS doesn't work with openssl 1.1.0, on windows anyway. It builds without warning yet doesn't work. abs https://www.domain.com just sits there forever and never completes or shows anything. I cannot

Re: Fixing more OpenSSL callback crashes

Am 13.04.2017 um 23:40 schrieb Tsuyoshi SASAMOTO: ...oh. So errno is actually threadsafe, but its "address" is the same in every thread? Interesting. MT-Safe errno of Solaris is implemented as a function, so its address is same but the value is different. cf.

Re: The drive for 2.4.26

Am 20.04.2017 um 16:31 schrieb Gregg Smith: ABS doesn't work with openssl 1.1.0, on windows anyway. It builds without warning yet doesn't work. abs https://www.domain.com just sits there forever and never completes or shows anything. I cannot imagine this being a windows only problem. Any

Re: svn commit: r1800835 - in /httpd/httpd/branches/2.4.x: ./ CHANGES modules/lua/README modules/lua/config.m4 modules/lua/lua_apr.c modules/lua/lua_config.c modules/lua/lua_request.c modules/lua/mod_

Am 06.07.2017 um 17:28 schrieb Jacob Champion: On 07/06/2017 07:21 AM, Jim Jagielski wrote: From IRC: [10:09:37] I've personally never used apr_table like described by jchampion_ [10:09:46] and I don't believe it's documented? [10:10:15] if you want to set a header, you'd use

Re: perl test framework

Am 05.07.2017 um 13:01 schrieb Jim Jagielski: I am curious... what versions of Perl are people using when running the Perl test framework? It seems that, at least to me, it is quite picky regarding versions, at least on macOS. Just my personal recipe: Solaris: self-compiled 5.22.0 Linux:

Re: svn commit: r1800835 - in /httpd/httpd/branches/2.4.x: ./ CHANGES modules/lua/README modules/lua/config.m4 modules/lua/lua_apr.c modules/lua/lua_config.c modules/lua/lua_request.c modules/lua/mod_

Hi Jacob, Am 05.07.2017 um 22:10 schrieb Jacob Champion: On 07/05/2017 12:30 PM, Jacob Champion wrote: So... do we care? If we do, here's a potential patch to *partially* return to the previous behavior: --- modules/lua/lua_apr.c +++ modules/lua/lua_apr.c @@ -97,6 +97,12 @@ int

Re: SSL and Usability and Safety

Am 02.05.2017 um 15:19 schrieb Stefan Eissing: With 71 configuration directives, mod_ssl can manage probably every user's needs, but two: Mr and Ms Normal. Ms and Mr Normal have a basic understanding about SSL, sorry TLS, and what a cipher is, but HonorCipherOrder is already a bit much and on

Re: The drive for 2.4.26

Am 28.05.2017 um 13:13 schrieb Jan Ehrhardt: Rainer Jung in gmane.comp.apache.devel (Fri, 21 Apr 2017 00:29:38 +0200): Thanks for the analysis. So the following patch on trunk works for me when using OpenSSL 1.0.1e (on Solaris 10): Index: support/ab.c

<    5   6   7   8   9   10   11   12   13   14   >