was introduced by this
patch :
commit 7969a33a01c3a70e48cddf36ea5a66710bd7a995
Author: Christopher Faulet <cfau...@qualys.com>
Date: Fri Oct 9 11:15:03 2015 +0200
MINOR: ssl: Add support for EC for the CA used to sign generated
certificate
This is done by adding EVP_P
://www.mail-archive.com/haproxy@formilux.org/msg19995.html
Regards
--
Christopher Faulet
prime256v1
after applying commit d2cab92, haproxy seems to crash.
Hi,
I confirm the bug. Here is a very quick patch. Could you confirm that it
works for you ?
--
Christopher Faulet
diff --git a/include/types/connection.h b/include/types/connection.h
index dfbff6a..070d779 100644
--
Christopher Faulet
Hi,
Here is a proper patch to fix the recent bug reported on haproxy 1.6.0
when SNI is used.
Willy, I didn't wait your reply to speed-up the code review. But if
there is any problem with this patch, let me know.
Regards,
--
Christopher Faulet
>From c89e1256113aa36826b00706094ccde984906
Le 15/10/2015 14:45, Seri, Kim a écrit :
Christopher Faulet <cfaulet@...> writes:
I confirm the bug. Here is a very quick patch. Could you confirm that it
works for you ?
Hi,
I can confirm this patch fixes the crash!!
cf. because of my mail service, I've changed my e-mail
Thanks
Hi,
The 'OPTIONS' method was not in the list of supported HTTP methods and
find_http_meth return HTTP_METH_OTHER instead of HTTP_METH_OPTIONS.
Regards
--
Christopher Faulet
>From ec4669273b06bee074389baa2d00ef0202dbea1c Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@qual
Hi,
Here are some SSL fixes. The last one is a fix to a bug reported in a
previous thread[1].
[1] https://www.mail-archive.com/haproxy@formilux.org/msg19243.html
Regards,
--
Christopher Faulet
>From 4994166ef6be91e768607c67e431d5fc20fbde1e Mon Sep 17 00:00:00 2001
From: Christopher Fau
Le 15/10/2015 16:55, Willy Tarreau a écrit :
Hi Christopher,
On Thu, Oct 15, 2015 at 03:22:52PM +0200, Christopher Faulet wrote:
Le 15/10/2015 14:45, Seri, Kim a écrit :
Christopher Faulet <cfaulet@...> writes:
I confirm the bug. Here is a very quick patch. Could you confirm that it
expensive or not.
Functionally, I agree with you. It would be better to keep info on
SSL_CTX object inside this object. And, at the beginning, I considered
using these functions. But I was not enough confident to do it. Maybe
Emeric can enlighten us.
--
Christopher Faulet
Le 15/10/2015 16:50, Christopher Faulet a écrit :
Hi,
Here is a proper patch to fix the recent bug reported on haproxy 1.6.0
when SNI is used.
Willy, I didn't wait your reply to speed-up the code review. But if
there is any problem with this patch, let me know.
Regards,
After our discussion
Le 19/10/2015 17:01, Willy Tarreau a écrit :
On Mon, Oct 19, 2015 at 03:06:44PM +0200, Christopher Faulet wrote:
OK so the unused objects in the tree have a refcount of 1 while the used
ones have 2 or more, thus the refcount is always valid. Good that also
means we must not test if the tree
on my understanding of your explanations,
it should do the right thing and be safe all the time. What's your opinion ?
Yes, it should work and it avoids keeping extra info on generated
certificates. Good idea !
--
Christopher Faulet
Le 20/10/2015 14:41, Willy Tarreau a écrit :
On Tue, Oct 20, 2015 at 02:14:37PM +0200, Christopher Faulet wrote:
Le 20/10/2015 14:07, Willy Tarreau a écrit :
On Tue, Oct 20, 2015 at 01:59:52PM +0200, Willy Tarreau wrote:
Then my understanding is that we should instead proceed differently
for your work and your feedback. I have split my patch in 3 parts.
--
Christopher Faulet
>From c9ceb5e9f575c012c3c63fc9f18f0416a01d7444 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@qualys.com>
Date: Fri, 9 Oct 2015 10:53:31 +0200
Subject: [PATCH 1/3] MINOR: ssl: Read the
Le 09/10/2015 12:19, Willy Tarreau a écrit :
On Fri, Oct 09, 2015 at 11:59:00AM +0200, Christopher Faulet wrote:
Le 09/10/2015 10:27, Willy Tarreau a écrit :
Hi Christopher,
I applied the first two ones, but the last one seems to be doing
a lot of stuff at the same time. It's not even clear
extension to set the remote hostname. So
be sure that your clients use it.
--
Christopher Faulet
Hi,
Here are 2 patches fixing bugs in data filtering.
--
Christopher
>From bdfa4535d6fe1f0f5bca52a48d2e4205e41bbd81 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <christopher.fau...@capflam.org>
Date: Tue, 21 Jun 2016 10:44:32 +0200
Subject: [PATCH 1/2] BUG/MEDIUM: filters:
Le 09/02/2016 09:04, Willy Tarreau a écrit :
thanks for this. It looks clean enough to be merged.
I'm a little bit concerned with the addition of conn->ssl_detection_exp
because we try to keep the connection struct as small as possible. But
in this case there's no other place to store it. Thus
>From a3b372da2463e98b13e016c9b56344757b0e94bc Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@qualys.com>
Date: Wed, 29 Jul 2015 16:01:57 +0200
Subject: [PATCH] MAJOR: ssl: add 'tcp-fallback' bind option for SSL listeners
This option can be use to fall back on TCP when
>From 5d3a89943c9eb855837c0d606ae361825b6e2800 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@qualys.com>
Date: Thu, 12 Nov 2015 11:35:51 +0100
Subject: [PATCH] BUG/MINOR: ssl: Be sure to use unique serial for regenerated
certificates
The serial number for a generated ce
ace to do SSL upgrades
when no "tcp-request" rule is defined, I've decided to change the
default behavior. I've kept the "defer-ssl-upgrade" keyword, but now,
"skip-ssl-upgrade" could be more appropriate. If you prefer, i can do
the change.
--
Christopher
>From 05c
y, if you are agree, this new patch can replace my previous one. Of
course, all remarks are welcome. I'll try to do more tests. I quickly
checked it on OpenSSL 0.9.8zg and 1.0.2f.
--
Christopher
>From 07133669314724b2b4462e0eb3e8cd114f3fd3b9 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...
Hi,
This is just a typo fix.
--
Christopher Faulet
>From bfc2be71794987fcfb0b5806607617431e23a65d Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@qualys.com>
Date: Thu, 28 Apr 2016 15:09:31 +0200
Subject: [PATCH] BUG/MINOR: dumpstats: Fix the "Total bytes saved" c
Hi Vladimir,
Sorry for my late reply, I was pretty busy these last days. I
investigated a little on your problem. I've done some tests and
carefully read the code. Everything seems to work as expected. I was not
able to reproduce what you experienced with HAProxy 1.7.2.
First, in HAProxy,
hristopher Faulet
>From 8c9496b9b568ec68312210af4a2cfcd3757c7230 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Wed, 8 Feb 2017 12:17:07 +0100
Subject: [PATCH 1/2] BUG/MEDIUM: http: Prevent replace-header from overwriting
a buffer
X-Bogosity: Ham, tests=bo
t rules. I submitted a patch and it will be merged
soon by Willy (see "[PATCH] 2 fixes for replace-header rules").
Thanks
--
Christopher Faulet
Hi,
This patch fixes the bug reported by Kristjan Koppel and Brian Loss in
the thread "Gzip compression and transfer: chunked". It should be
backported in 1.7
Kristjan and Brian, thanks for your help.
--
Christopher Faulet
>From 23b39e87cce785437950552f5be0744b5768914a Mon Se
Hi guys,
Could you check if the attached patch fixes your bug please ?
If I'm right, the bug is about a premature close of the server
connection when the content length cannot be determined (neither
"Content-Length" nor "Transfer-encoding" headers) if a filter is used
(here, the
Le 03/02/2017 à 14:36, Kristjan Koppel a écrit :
Hi!
I seem to have run into the same (or at least similar) problem as
reported by Vladimir Mihailenco a little while ago.
I'm running HAProxy v1.7.2 and my backend server is etcd v2.3.7. The
client application is using HTTP/1.0 and I have
Le 23/01/2017 à 11:54, Vladimir Mihailenco a écrit :
Hi,
I am using haproxy as load balancer/reverse proxy for Rails/Go
application. I am upgrading from working Haproxy 1.6 config to 1.7.2.
And it looks like I need to change my existing config, because Haproxy
1.7 truncates responses from
Le 24/01/2017 à 10:55, Vladimir Mihailenco a écrit :
This is the config -
https://gist.github.com/vmihailenco/9010ad37f5aeb800095a6b18909ae7d5.
Backends don't have any options. I already tried to remove `http-reuse
safe`, but it does not make any difference.
Haproxy 1.7 with compression (HTML
yet).
BTW, in the thread about the TLS-PSK support, it was suggested to use a
map to handle identities. When it will be done, it will be possible to
dynamically update the map.
--
Christopher Faulet
his requires changes in the HTTP parser, so it is a bit
tricky. And new sample fetches need to be added. So there is still a lot
of work before you can implement a fully functional WAF. But I'm on it
and all help/suggestion/remarks are welcome :)
--
Christopher Faulet
s in HAProxy for now.
--
Christopher Faulet
On 18/09/2016 04:17, Bertrand Jacquin wrote:
> Hi Christopher and Willy,
>
> Today I noticed data corruption when haproxy is used for compression
> offloading. I bisected twice, and it lead to this specific commit but
> I'm not 100% confident this commit is the actual root cause.
>
> HTTP body
Le 18/09/2016 à 04:17, Bertrand Jacquin a écrit :
> Today I noticed data corruption when haproxy is used for compression
> offloading. I bisected twice, and it lead to this specific commit but
> I'm not 100% confident this commit is the actual root cause.
>
> HTTP body coming from the nginx
Hi Willy,
Here are quite old pending patches I had to submit.
Thanks,
--
Christopher
>From a20ac171da06f16cb0bc1fb49cbf1939156cb2af Mon Sep 17 00:00:00 2001
From: Christopher Faulet <christopher.fau...@capflam.org>
Date: Tue, 21 Jun 2016 11:42:37 +0200
Subject: [PATCH 1/3] MEDIUM: fil
i Bertrand,
Thanks for all these information. It helps me to find the bug. I
attached a patch. Could you check if it fixes your bug ?
Willy, if Bertrand confirms that his bug is gone, and if everything is
ok for you, you will be able to merge it.
--
Christopher Faulet
>From d756fba92d1c14ab80c2
Le 24/11/2016 à 19:50, Willy Tarreau a écrit :
Hi Christopher,
On Thu, Nov 24, 2016 at 03:06:13PM +0100, Christopher Faulet wrote:
>From 7ed3c2942d57ea2ddfc8973cce9cc1c94bca01da Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Thu, 24 Nov 2016 14:53
Hi,
Here is a small bug fix on SPOE filter.
--
Christopher
>From 7ed3c2942d57ea2ddfc8973cce9cc1c94bca01da Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Thu, 24 Nov 2016 14:53:22 +0100
Subject: [PATCH] BUG: spoe: Fix parsing of SPOE actions in ACK
sense) :
commit d7c9196ae56e8ee6babca07ec2ec98a4146bcfd1
Author: Christopher Faulet <cfau...@qualys.com>
AuthorDate: Thu Apr 30 11:48:27 2015 +0200
Commit: Willy Tarreau <w...@1wt.eu>
CommitDate: Tue Feb 9 14:53:15 2016 +0100
MAJOR: filters: Add fil
Le 08/12/2016 à 09:35, rickytato rickytato a écrit :
I'm testing HAProxy 1.7.0 (I'm using 1.6.x from several time) but I
notice this strange thing, seen that memory continue to growing.
Could you provide the output of "haproxy -vv" command and more
information about your HAProxy
--
Christopher
>From 73b8871a5e31004ec305a3eb2cd4747c4f569d5e Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Mon, 9 Jan 2017 16:33:19 +0100
Subject: [PATCH] BUG/MINOR: stream: Fix how backend-specific analyzers are set
on a stream
X-Bogosity: Ham, tests=b
This bug was reported by Thierry.
--
Christopher
>From 62d2733d05feb49d070094667dc25b0e716ab940 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Mon, 19 Dec 2016 09:29:06 +0100
Subject: [PATCH] BUG/MINOR: Fix the sending function in Lua's cosocket
X-Bogo
Le 30/03/2017 à 11:50, Christopher Faulet a écrit :
Le 29/03/2017 à 13:23, Cyril Bonté a écrit :
De: "Cyril Bonté" <cyril.bo...@free.fr>
À: nos...@mrietzler.de
Cc: haproxy@formilux.org
Envoyé: Mercredi 29 Mars 2017 12:36:01
Objet: Re: 100% cpu usage with compression in haproxy.
ngth, which will produce a 100% cpu loop when
the request is made through haproxy.
I add Christopher Faulet to the thread, maybe those details will help.
Hi all,
Here is 2 patches that fix the bugs. I made some tests and it seems to
work without breaking other use cases. Could you c
ngth, which will produce a 100% cpu loop when
the request is made through haproxy.
I add Christopher Faulet to the thread, maybe those details will help.
Hi,
Thanks for these information. I found the bug. It is a collateral damage
introduced by the commit e6006245. I'm on it.
--
Christopher Faulet
Hi Willy,
Following my recent patches on HTTP/1.0 responses without content-length
when compression filter is enabled, here is 2 small patches. The first
one is a small code cleanup and the second one adds handy debug messages.
Thanks,
--
Christopher Faulet
>F
Willy,
I tagged this patch as a bug. But I don't found a way to hit it for now.
It can be backported or not, as you wish.
--
Christopher Faulet
>From 4ffdfbed993eaeb6c777c148e1eb6a712bfc9e18 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Wed, 29 Mar 2
Willy,
Another fix (with some cleanup in other paches). The first one (and
probably the second one) can be backported. But I don't know if this is
mandatory. It is really tricky to find conditions where it could be a
problem.
Thanks
--
Christopher Faulet
>F
Le 31/03/2017 à 14:26, Willy Tarreau a écrit :
On Fri, Mar 31, 2017 at 11:29:43AM +0200, Christopher Faulet wrote:
Willy,
I tagged this patch as a bug. But I don't found a way to hit it for now. It
can be backported or not, as you wish.
Thanks Christopher. I don't know either how to trigger
Le 21/03/2017 à 07:43, Willy Tarreau a écrit :
On Mon, Mar 20, 2017 at 11:08:20AM +0100, Christopher Faulet wrote:
Hi,
Here is a little patch fixing a bug. It should be backported in 1.7.
Thanks Christopher. Are you sure it's *this* minor ? I suspect that not
having it could break keep-alive
Hi,
Here is a little patch fixing a bug. It should be backported in 1.7.
Thanks,
--
Christopher Faulet
>From 11fea91789bf795d8924d37a4f50c100f2cd3805 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Fri, 10 Mar 2017 13:52:30 +0100
Subject: [PATCH] BUG/MI
kported in 1.7. If you're curious, the
commit fixing the bug is e600624 ("BUG/MEDIUM: filters: Fix channels
synchronization in flt_end_analyze"). You can safely apply it on 1.7.3.
--
Christopher Faulet
MINOR", it is about spoe
functions.
- The exemple of ModSecurity compilation can be improved. It is based
on my local distro.
The feedback are welcome.
Hi Thierry,
Really nice ! I'll take a look at it soon. Glad to see the first service
that uses the SPOE ! Good job.
--
Christopher Faulet
ceful stop). This way, for a specific
connection, it would be possible to wait for last ACK frames without
sending new frames to the SPOA. Then stopping the SPOA listeners to let
the SPOP health check failed should do the trick, I guess.
--
Christopher Faulet
Le 18/04/2017 à 14:40, Willy Tarreau a écrit :
On Tue, Apr 18, 2017 at 12:15:20PM +0200, Christopher Faulet wrote:
I finally took the time to review your patches, mainly the second one, about
the sample fetch. I think it would be pity to introduced such complex sample
fetch. All parts, except
Le 07/03/2017 à 20:51, Jon Simpson a écrit :
On 7 March 2017 at 08:48:37, Christopher Faulet (cfau...@haproxy.com
<mailto:cfau...@haproxy.com>) wrote:
Thanks for these info. By checking how you named your trace filters, I
guess you use the HTTP compression. If I'm right, I think I found
, is to disable
the HTTP compression.
I'll try to fix it very soon, I just need to talk with Willy to do it
the right way. I will keep you informed.
--
Christopher Faulet
istener section:
filer trace
Then run HAProxy in foreground.
--
Christopher Faulet
Le 12/04/2017 à 10:49, Christopher Faulet a écrit :
Le 11/04/2017 à 10:49, Thierry Fournier a écrit :
Hi list
I join one usage of HAProxy / SPOE, it is WAF offloading.
These patches are a first version, it have some limitations describe
in the README file in the directory contrib/modsecurity
eded ?
Even if we allow haproxy to be started without default certificate, we
can probably remove initial_ctx. That's just I want to be sure to not
have missed something :)
--
Christopher Faulet
ations. I'll keep initial_ctx so. I'll quickly
proposed a patch to fix certificates generation.
--
Christopher Faulet
Willy,
Here is the patch fixing the certificates generation.
Thanks
--
Christopher Faulet
>From 4cfdaa09b218d784e7b814f70981f35d1a7811df Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Fri, 28 Jul 2017 16:56:09 +0200
Subject: [PATCH] BUG/MEDIUM: ssl: Fix r
Le 28/07/2017 à 12:41, Emmanuel Hocdet a écrit :
A useless certificat should be provide with haproxy configuration?, it’s
definitely a workaround. It’s legacy from pre SNI.
Not really. The default certificate is not useless. It is the
certificate to use when no other matches. Expect if
Le 06/07/2017 à 18:56, Lukas Tribus a écrit :
Hi Christopher,
Am 30.06.2017 um 11:14 schrieb Christopher Faulet:
We are seeing this as well on 1.7.5. The problem seems to be intermittent--it
doesn't happen very often when I hit a system with almost no load, but is
happening very
r (I'm almost certain it is) ...
cheers,
lukas
[1] http://discourse.haproxy.org/t/keep-alive-behaviour-change-since-1-7-6/1390
Hi guys,
Attached patches should fix this bug. The real fix is in the last one.
But all the 3 must be backported in 1.7. I made tests with the Lukas
con
Le 19/07/2017 à 22:18, Christopher Faulet a écrit :
Because these last weeks, there were several regressions on this part
(the end of the HTTP transaction), I prefer to be careful this time.
Every time I fixed a bug in one side, this broke something else from
another one...
And because I said
Willy,
Here are small patches with minor changes about samples.
--
Christopher Faulet
>From 364139ba3764294acbad413a4cdde94a6ea1289b Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Mon, 24 Jul 2017 16:24:39 +0200
Subject: [PATCH 3/3] MINOR: samples: Don't
.
--
Christopher Faulet
could you check the patch in attachment to confirm it works ?
--
Christopher Faulet
>From afe2d426c6aeb82aa11af842e8f75f54a2d9130d Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Wed, 26 Jul 2017 11:50:01 +0200
Subject: [PATCH] BUG/MINOR: ssl: Fix check aga
Le 06/07/2017 à 21:18, Christopher Faulet a écrit :
Le 06/07/2017 à 18:56, Lukas Tribus a écrit :
Hi Christopher,
Am 30.06.2017 um 11:14 schrieb Christopher Faulet:
We are seeing this as well on 1.7.5. The problem seems to be intermittent--it
doesn't happen very often when I hit a system
.com/haproxy@formilux.org/msg26543.html
--
Christopher Faulet
diff --git a/src/proto_http.c b/src/proto_http.c
index e5f67e5..521743a 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -6958,14 +6958,6 @@ int http_response_forward_body(struct stream *s, struct channel *res, int an_bit
if
f395b4380e "BUG/MEDIUM: http: Drop the
connection establishment when a redirect is performed"). I attached the
patch. Could you quickly check if it fixes your bug (it should do so) ?
It was not backported in 1.7 because we thought it only affected the
1.8. I will check with Willy.
Le 16/06/2017 à 16:19, Christopher Faulet a écrit :
Le 16/06/2017 à 13:29, Juan Pablo Mora a écrit :
Linux version:
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
Linux dpoweb08 2.6.18-417.el5 #1 SMP Sat Nov 19 14:54:59 EST 2016 x86_64
x86_64 x86_64 GNU/Linux
HAProxy versión: 1.7.5
Le 13/06/2017 à 14:16, Christopher Faulet a écrit :
Le 13/06/2017 à 10:31, siclesang a écrit :
haproxy balances by host,but often captures a part of request header
host or null, and requests balance to default server.
how to debug it ,
Hi,
I'll try to help you. Can you share your
eader"
This breaks of my application often.
But works swiftly when removed the proxy protocol options.
Any help would be great.
Thanks,
Vijay B
--
Christopher Faulet
Le 13/06/2017 à 10:31, siclesang a écrit :
haproxy balances by host,but often captures a part of request header
host or null, and requests balance to default server.
how to debug it ,
Hi,
I'll try to help you. Can you share your configuration please ? It could
help to find a potential
Hi,
Here is a little patch to fix a little bug :)
Thanks
--
Christopher Faulet
>From e11c7f0ffe159f1e77c2c2568dd5f217f67327ee Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Wed, 14 Jun 2017 14:41:33 +0200
Subject: [PATCH] BUG/MINOR: acls: Set the righ
Le 14/06/2017 à 16:47, Willy Tarreau a écrit :
On Wed, Jun 14, 2017 at 03:43:19PM +0200, Christopher Faulet wrote:
A filter can choose to loop when a HTTP message is in the state
HTTP_MSG_ENDING. But the transaction is terminated with an error if the input is
closed (CF_SHUTR set on the channel
Faulet
>From f8d90c49944a64b153091a6f524dd22db26b8c80 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Thu, 8 Jun 2017 22:18:52 +0200
Subject: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist
for openssl < 1.1.0
For openssl 1.0.2, SSLv3_s
This one is about filters.
Thanks
--
Christopher Faulet
>From 5358c71aa67a5fe21f29063bc7f837073ef8d20d Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Fri, 31 Mar 2017 15:37:29 +0200
Subject: [PATCH] BUG/MINOR: http/filters: Be sure to wait if a fil
is no content-length nor
transfer-encoding header. But it is a bit tricky because it is partly a
timing issue. Depending when the connection close is catched, an error
is triggered or not.
So I'm on it. Stay tuned.
--
Christopher Faulet
there with a stable release, be sure to have
the "send-proxy" directive on your server line (the one which forwards
the traffic to haproxy itself). If you have any doubt about your
configuration, please, share it.
--
Christopher Faulet
Le 14/06/2017 à 13:07, Vijay Bais a écrit :
On Wed, Jun 14, 2017 at 3:06 PM, Christopher Faulet <cfau...@haproxy.com
<mailto:cfau...@haproxy.com>> wrote:
Ok, If the problem is still there with a stable release, be sure to
have the "send-proxy" directive on you
and set up and maintain the build/test matrix.
--
Christopher Faulet
ere are bugs there. The worst is on the compression
filter. I attached patches to fix them.
Willy, could you merge it please ? Some of them must be backported in 1.7.
Thanks,
--
Christopher Faulet
>From 362bf07d61b06469bff839886d52db24daa2aa5e Mon Sep 17 00:00:00 2001
From: Christoph
undefined behavior.
I fixed the bug but I'm going to send the patch separately to this
thread to be sure everyone see it.
--
Christopher Faulet
Le 05/10/2017 à 10:52, Christopher Faulet a écrit :
Hi,
Here is the patch that fixes the bug reported by Marcus (see "Haproxy
segfault error 4 in libc-2.24").
Sorry, here is a new version of my patch. No reason to consider
zero-length string as an error.
--
Christopher Fa
Hi,
Here is the patch that fixes the bug reported by Marcus (see "Haproxy
segfault error 4 in libc-2.24").
Thanks
--
Christopher Faulet
>From 077217437a09e5d81216d377d9aff73dc1ce7122 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Thu, 5 Oct
planned to add the support of threads in HAProxy 1.8. It requires
many changes to make all parts thread-safe. DNS is one of them. Note
that currently HAProxy is not multithreaded, there is no thread-safety
issue.
--
Christopher Faulet
one. I will send everything to Willy in
few days. So don't bother with it.
Thanks
--
Christopher Faulet
Hi all,
Finally I reworked my previous patch. This one should fix the bug,
without side effect (AFAIK). It fixes slowdowns experienced on 1.7.9 for
HTTP responses with undefined body length when the compression is enabled.
--
Christopher Faulet
>From c42035858a58786c296ae3cf3c2420e4fe82a
to be sure. This will be my
punishment.
Thanks,
--
Christopher Faulet
>From 57e627243b02021b3913b33c8bd5c2ed92f82303 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Tue, 29 Aug 2017 16:06:38 +0200
Subject: [PATCH] BUG/MEDIUM: http: Fix a regression bug in http_resync_s
for the report.
Hi Pieter,
Here is a patch that should fix the deadlock. Could you confirm it fixes
your bug ?
Emeric, this patch should be good, but take a look on it, just to be sure.
Thanks
--
--
Christopher Faulet
>From 5fd4083becd141080ec8cf0923b222e0ae6119af Mon Sep 17 00:00:
led report. There is a bug in the sync-point, when
the same thread requests a synchronization many times. And, it is easier
to encountered this bug with only one thread.
Could you check the attached patch ? It should fix the bug.
--
Christopher Faulet
>From b8475f5bf9098b667fabada7b88de33c62b42c
Faulet
>From a9a69d0a5cc9fcc7be84966fc5861cc17400a849 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfau...@haproxy.com>
Date: Mon, 18 Dec 2017 14:36:44 +0100
Subject: [PATCH] BUG/MEDIUM: mworker: Close log socket during a reload
A log socket (UPD or UNIX) is opened by the master d
heck
inter 1000
Hi,
There have been some fixes since the 1.8.1. One of them could fix your
problem: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=80b92902
Could you check with the last 1.8 source snapshot
(http://www.haproxy.org/download/1.8/src/snapshot/haproxy-ss-LATEST.tar.gz)
?
Thanks
--
Christopher Faulet
Hi,
Le 02/11/2017 à 17:16, Mildis a écrit :
[WARNING] 305/144718 (21260) : HTTP compression failed: unexpected behavior of
previous filters
This warning is very suspicious. It should not happen. Could you share
your configuration and "haproxy -vv" output please ?
--
Christopher Faulet
1 - 100 of 729 matches
Mail list logo
