date:20200915

[trafficserver] branch 9.0.x updated: Updated ChangeLog

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 26dbba2  Updated ChangeLog
26dbba2 is described below

commit 26dbba2c9201bca2081af2370da43ae9f8eb3385
Author: Leif Hedstrom 
AuthorDate: Tue Sep 15 11:05:31 2020 -0600

Updated ChangeLog
---
 CHANGELOG-9.0.0 | 8 
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG-9.0.0 b/CHANGELOG-9.0.0
index 11cd5aa..19333f5 100644
--- a/CHANGELOG-9.0.0
+++ b/CHANGELOG-9.0.0
@@ -1069,6 +1069,7 @@ Changes with Apache Traffic Server 9.0.0
   #7128 - Protect TSActionCancel from null INKContInternal actions
   #7129 - Comment out a wrong assertion in QUIC Loss Detection logic
   #7131 - Don't make an error on duplicated RETIRE_CONNECTION frames
+  #7134 - Do not lose original inactivity timeout on disable
   #7135 - Replace ACTION_RESULT_NONE with nullptr
   #7137 - Removes duplicated listing of files in same Makefile target
   #7138 - Remove useless shortopt
@@ -1083,5 +1084,12 @@ Changes with Apache Traffic Server 9.0.0
   #7159 - MicroDNS Extension: handle different 'default' types
   #7160 - Fix memory leaks in multiplexer plugin
   #7161 - Traffic Dump documentation for post_process.py
+  #7162 - Removes references to non-existent function 
handle_conditional_headers
   #7165 - Build test C/C++ files with Automake. (#6945)
+  #7166 - Fix #7164 Changing Warning to Debug and creating a stat
   #7168 - Fix #7167, make pep8 failure
+  #7169 - AuTest: Properly handle experimental plugins. (#6971)
+  #7172 - Fix leaks in BaseLogFiles.cc
+  #7178 - AuTest: Reuse venv if it exists already
+  #7181 - TS_API for Note,Status,Warning,Alert,Fatal
+  #7183 - Emits log when OCSP fails to connect to server

[trafficserver] branch 8.1.x updated: Updated ChangeLog

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/8.1.x by this push:
 new 502ee35  Updated ChangeLog
502ee35 is described below

commit 502ee35dd85a9f3f9936f886fc4e4d56507b7fbb
Author: Leif Hedstrom 
AuthorDate: Tue Sep 15 11:05:58 2020 -0600

Updated ChangeLog
---
 CHANGELOG-8.1.1 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG-8.1.1 b/CHANGELOG-8.1.1
index 193441e..026abf8 100644
--- a/CHANGELOG-8.1.1
+++ b/CHANGELOG-8.1.1
@@ -1,3 +1,4 @@
 Changes with Apache Traffic Server 8.1.1
   #7154 - Fixes H2 toggling using ssl_server_name.yaml
   #7156 - Fixes garbled logs when using % log tag
+  #7191 - Emits log when OCSP fails to connect to server

[trafficserver] branch 9.0.x updated: leaks in logs (#7172)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new c6e73b6  leaks in logs (#7172)
c6e73b6 is described below

commit c6e73b68a03eea683543a79af86a4d736de25d5f
Author: Fei Deng 
AuthorDate: Wed Sep 9 13:50:23 2020 -0500

leaks in logs (#7172)

(cherry picked from commit e4e3ea31667c45af4cadbff5731bddfeb91b252f)
---
 src/tscore/BaseLogFile.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tscore/BaseLogFile.cc b/src/tscore/BaseLogFile.cc
index 26f567e..280ad17 100644
--- a/src/tscore/BaseLogFile.cc
+++ b/src/tscore/BaseLogFile.cc
@@ -361,6 +361,8 @@ BaseLogFile::close_file()
 ret   = fclose(m_fp);
 m_fp  = nullptr;
 m_is_init = false;
+delete m_meta_info;
+m_meta_info = nullptr;
   }
   return ret;
 }

[trafficserver] branch 9.0.x updated: AuTest: Reuse venv if it exists already (#7178)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 30ae230  AuTest: Reuse venv if it exists already (#7178)
30ae230 is described below

commit 30ae2302de2d069f0da396d444e7c2124029630d
Author: Brian Neradt 
AuthorDate: Fri Sep 11 14:29:42 2020 -0500

AuTest: Reuse venv if it exists already (#7178)

Before this change, every call to autest.sh would re-install the pipenv
virtual environment. This reuses the virtual environment on subsequent
runs to autest.sh.

(cherry picked from commit 3cfebc9b8129e24e55309588b6e77959f4a49cf0)
---
 tests/test-env-check.sh | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tests/test-env-check.sh b/tests/test-env-check.sh
index 7087964..d280d2d 100755
--- a/tests/test-env-check.sh
+++ b/tests/test-env-check.sh
@@ -42,10 +42,15 @@ fi
 
 # check for pipenv
 pipenv --version &> /dev/null
-if [ $? = 0 ]; then
+if [ $? -eq 0 ]; then
 echo "pipenv detected!"
-pipenv install
-# pipenv shell
+pipenv --venv &> /dev/null
+if [ $? -ne 0 ]; then
+echo "Installing a new virtual environment via pipenv"
+pipenv install
+else
+echo "Using the pre-existing virtual environment."
+fi
 else
 echo "pipenv is not installed/enabled. "
 fi

[trafficserver] branch 9.0.x updated: Emits log when OCSP fails to connect to server (#7183)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new adf7331  Emits log when OCSP fails to connect to server (#7183)
adf7331 is described below

commit adf73316881e91883b247d122cf02550c72d8c1a
Author: Randall Meyer 
AuthorDate: Mon Sep 14 10:00:08 2020 -0700

Emits log when OCSP fails to connect to server (#7183)

This also adds a pair of log messages for the initial OCSP update.
ATS doesn't respond until this is complete and may give operators an
understanding where it on load.

Fixes issue #6801

(cherry picked from commit b353df22e09ffaecac1fd561a598cf8c13437f62)
---
 iocore/net/OCSPStapling.cc| 25 ++---
 iocore/net/SSLNetProcessor.cc |  3 +++
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index d39bf6b..7c39d2b 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -374,10 +374,12 @@ query_responder(BIO *b, char *host, char *path, 
OCSP_REQUEST *req, int req_timeo
 
   OCSP_REQ_CTX_free(ctx);
 
-  if (rv) {
+  if (rv == 1) {
 return resp;
   }
 
+  Error("failed to connect to OCSP server; host=%s path=%s", host, path);
+
   return nullptr;
 }
 
@@ -396,7 +398,7 @@ process_responder(OCSP_REQUEST *req, char *host, char 
*path, char *port, int req
 
   BIO_set_nbio(cbio, 1);
   if (BIO_do_connect(cbio) <= 0 && !BIO_should_retry(cbio)) {
-Debug("ssl_ocsp", "process_responder: failed to connect to OCSP response 
server. host=%s port=%s path=%s", host, port, path);
+Debug("ssl_ocsp", "process_responder: failed to connect to OCSP server; 
host=%s port=%s path=%s", host, port, path);
 goto end;
   }
   resp = query_responder(cbio, host, path, req, req_timeout);
@@ -415,16 +417,18 @@ stapling_refresh_response(certinfo *cinf, OCSP_RESPONSE 
**prsp)
   OCSP_REQUEST *req = nullptr;
   OCSP_CERTID *id   = nullptr;
   char *host = nullptr, *port = nullptr, *path = nullptr;
-  int ssl_flag= 0;
-  int req_timeout = -1;
+  int ssl_flag= 0;
+  int response_status = 0;
 
-  Debug("ssl_ocsp", "stapling_refresh_response: querying responder");
   *prsp = nullptr;
 
   if (!OCSP_parse_url(cinf->uri, , , , _flag)) {
+Debug("ssl_ocsp", "stapling_refresh_response: OCSP_parse_url failed; 
uri=%s", cinf->uri);
 goto err;
   }
 
+  Debug("ssl_ocsp", "stapling_refresh_response: querying responder; host=%s 
port=%s path=%s", host, port, path);
+
   req = OCSP_REQUEST_new();
   if (!req) {
 goto err;
@@ -437,19 +441,18 @@ stapling_refresh_response(certinfo *cinf, OCSP_RESPONSE 
**prsp)
 goto err;
   }
 
-  req_timeout = SSLConfigParams::ssl_ocsp_request_timeout;
-  *prsp   = process_responder(req, host, path, port, req_timeout);
-
+  *prsp = process_responder(req, host, path, port, 
SSLConfigParams::ssl_ocsp_request_timeout);
   if (*prsp == nullptr) {
 goto done;
   }
 
-  if (OCSP_response_status(*prsp) == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+  response_status = OCSP_response_status(*prsp);
+  if (response_status == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
 Debug("ssl_ocsp", "stapling_refresh_response: query response received");
 stapling_check_response(cinf, *prsp);
   } else {
-// TODO: We should log the actual openssl error
-Error("stapling_refresh_response: responder error");
+Error("stapling_refresh_response: responder response error; host=%s 
port=%s path=%s response_status=%d", host, port, path,
+  response_status);
   }
 
   if (!stapling_cache_response(*prsp, cinf)) {
diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc
index fd85508..0707cc3 100644
--- a/iocore/net/SSLNetProcessor.cc
+++ b/iocore/net/SSLNetProcessor.cc
@@ -78,7 +78,10 @@ SSLNetProcessor::start(int, size_t stacksize)
 #if TS_USE_TLS_OCSP
   if (SSLConfigParams::ssl_ocsp_enabled) {
 // Call the update initially to get things populated
+Note("Initial OCSP refresh started");
 ocsp_update();
+Note("Initial OCSP refresh finished");
+
 EventType ET_OCSP = eventProcessor.spawn_event_threads("ET_OCSP", 1, 
stacksize);
 eventProcessor.schedule_every(new OCSPContinuation(), 
HRTIME_SECONDS(SSLConfigParams::ssl_ocsp_update_period), ET_OCSP);
   }

[trafficserver] branch 9.0.x updated: Do not lose original inactivity timeout on disable (#7134)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 47724ce  Do not lose original inactivity timeout on disable (#7134)
47724ce is described below

commit 47724ce4125a9a95585d2b5014be298c7f154e83
Author: Susan Hinrichs 
AuthorDate: Mon Sep 14 12:05:09 2020 -0500

Do not lose original inactivity timeout on disable (#7134)

(cherry picked from commit a4e203da740abe9b10661576d54476d5d8700c90)
---
 iocore/net/P_UnixNet.h | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/iocore/net/P_UnixNet.h b/iocore/net/P_UnixNet.h
index 2c74a3e..cd87219 100644
--- a/iocore/net/P_UnixNet.h
+++ b/iocore/net/P_UnixNet.h
@@ -548,7 +548,9 @@ static inline void
 read_disable(NetHandler *nh, NetEvent *ne)
 {
   if (!ne->write.enabled) {
-ne->set_inactivity_timeout(0);
+// Clear the next scheduled inactivity time, but don't clear 
inactivity_timeout_in,
+// so the current timeout is used when the NetEvent is reenabled and not 
the default inactivity timeout
+ne->next_inactivity_timeout_at = 0;
 Debug("socket", "read_disable updating inactivity_at %" PRId64 ", 
NetEvent=%p", ne->next_inactivity_timeout_at, ne);
   }
   ne->read.enabled = 0;
@@ -569,7 +571,9 @@ static inline void
 write_disable(NetHandler *nh, NetEvent *ne)
 {
   if (!ne->read.enabled) {
-ne->set_inactivity_timeout(0);
+// Clear the next scheduled inactivity time, but don't clear 
inactivity_timeout_in,
+// so the current timeout is used when the NetEvent is reenabled and not 
the default inactivity timeout
+ne->next_inactivity_timeout_at = 0;
 Debug("socket", "write_disable updating inactivity_at %" PRId64 ", 
NetEvent=%p", ne->next_inactivity_timeout_at, ne);
   }
   ne->write.enabled = 0;

[trafficserver] branch 8.1.x updated: Emits log when OCSP fails to connect to server (#7183) (#7191)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/8.1.x by this push:
 new f78b4e0  Emits log when OCSP fails to connect to server (#7183) (#7191)
f78b4e0 is described below

commit f78b4e0b01dd10dd68fce93199b668e04f04af4f
Author: Randall Meyer 
AuthorDate: Tue Sep 15 09:54:46 2020 -0700

Emits log when OCSP fails to connect to server (#7183) (#7191)

This also adds a pair of log messages for the initial OCSP update.
ATS doesn't respond until this is complete and may give operators an
understanding where it on load.

Fixes issue #6801

(cherry picked from commit b353df22e09ffaecac1fd561a598cf8c13437f62)
---
 iocore/net/OCSPStapling.cc| 25 ++---
 iocore/net/SSLNetProcessor.cc |  3 +++
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index eb6c240..3123e86 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -336,10 +336,12 @@ query_responder(BIO *b, char *host, char *path, 
OCSP_REQUEST *req, int req_timeo
 
   OCSP_REQ_CTX_free(ctx);
 
-  if (rv) {
+  if (rv == 1) {
 return resp;
   }
 
+  Error("failed to connect to OCSP server; host=%s path=%s", host, path);
+
   return nullptr;
 }
 
@@ -358,7 +360,7 @@ process_responder(OCSP_REQUEST *req, char *host, char 
*path, char *port, int req
 
   BIO_set_nbio(cbio, 1);
   if (BIO_do_connect(cbio) <= 0 && !BIO_should_retry(cbio)) {
-Debug("ssl_ocsp", "process_responder: failed to connect to OCSP response 
server. host=%s port=%s path=%s", host, port, path);
+Debug("ssl_ocsp", "process_responder: failed to connect to OCSP server; 
host=%s port=%s path=%s", host, port, path);
 goto end;
   }
   resp = query_responder(cbio, host, path, req, req_timeout);
@@ -377,16 +379,18 @@ stapling_refresh_response(certinfo *cinf, OCSP_RESPONSE 
**prsp)
   OCSP_REQUEST *req = nullptr;
   OCSP_CERTID *id   = nullptr;
   char *host = nullptr, *port = nullptr, *path = nullptr;
-  int ssl_flag= 0;
-  int req_timeout = -1;
+  int ssl_flag= 0;
+  int response_status = 0;
 
-  Debug("ssl_ocsp", "stapling_refresh_response: querying responder");
   *prsp = nullptr;
 
   if (!OCSP_parse_url(cinf->uri, , , , _flag)) {
+Debug("ssl_ocsp", "stapling_refresh_response: OCSP_parse_url failed; 
uri=%s", cinf->uri);
 goto err;
   }
 
+  Debug("ssl_ocsp", "stapling_refresh_response: querying responder; host=%s 
port=%s path=%s", host, port, path);
+
   req = OCSP_REQUEST_new();
   if (!req) {
 goto err;
@@ -399,19 +403,18 @@ stapling_refresh_response(certinfo *cinf, OCSP_RESPONSE 
**prsp)
 goto err;
   }
 
-  req_timeout = SSLConfigParams::ssl_ocsp_request_timeout;
-  *prsp   = process_responder(req, host, path, port, req_timeout);
-
+  *prsp = process_responder(req, host, path, port, 
SSLConfigParams::ssl_ocsp_request_timeout);
   if (*prsp == nullptr) {
 goto done;
   }
 
-  if (OCSP_response_status(*prsp) == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+  response_status = OCSP_response_status(*prsp);
+  if (response_status == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
 Debug("ssl_ocsp", "stapling_refresh_response: query response received");
 stapling_check_response(cinf, *prsp);
   } else {
-// TODO: We should log the actual openssl error
-Error("stapling_refresh_response: responder error");
+Error("stapling_refresh_response: responder response error; host=%s 
port=%s path=%s response_status=%d", host, port, path,
+  response_status);
   }
 
   if (!stapling_cache_response(*prsp, cinf)) {
diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc
index df12b31..00087f8 100644
--- a/iocore/net/SSLNetProcessor.cc
+++ b/iocore/net/SSLNetProcessor.cc
@@ -78,7 +78,10 @@ SSLNetProcessor::start(int, size_t stacksize)
 #if TS_USE_TLS_OCSP
   if (SSLConfigParams::ssl_ocsp_enabled) {
 // Call the update initially to get things populated
+Note("Initial OCSP refresh started");
 ocsp_update();
+Note("Initial OCSP refresh finished");
+
 EventType ET_OCSP = eventProcessor.spawn_event_threads("ET_OCSP", 1, 
stacksize);
 eventProcessor.schedule_every(new OCSPContinuation(), 
HRTIME_SECONDS(SSLConfigParams::ssl_ocsp_update_period), ET_OCSP);
   }

[trafficserver] branch master updated: Updates the list of supported / linked Docs versions (#7152)

2020-09-15 Thread zwoop

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 39c7be5  Updates the list of supported / linked Docs versions (#7152)
39c7be5 is described below

commit 39c7be57e453fe92b20f769d7b9a70f1d21d2ece
Author: Leif Hedstrom 
AuthorDate: Tue Sep 15 10:53:49 2020 -0600

Updates the list of supported / linked Docs versions (#7152)
---
 doc/static/languages.json | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/doc/static/languages.json b/doc/static/languages.json
index eb11a87..5769c1b 100644
--- a/doc/static/languages.json
+++ b/doc/static/languages.json
@@ -4,9 +4,8 @@
 "versions": [
 "latest",
 "9.0.x",
-"8.0.x",
-"7.1.x",
-"6.2.x"
+"8.1.x",
+"7.1.x"
 ]
 },
 "ja": {
@@ -14,9 +13,8 @@
 "versions": [
 "latest",
 "9.0.x",
-"8.0.x",
-"7.1.x",
-"6.2.x"
+"8.1.x",
+"7.1.x"
 ]
 }
 }

[trafficserver] branch master updated: Make custom xdebug HTTP header name available to other plugins. (#7193)

2020-09-15 Thread wkaras

This is an automated email from the ASF dual-hosted git repository.

wkaras pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new b09e043  Make custom xdebug HTTP header name available to other 
plugins. (#7193)
b09e043 is described below

commit b09e04390717422e7b9917b158cd3e63c78709d1
Author: Walt Karas 
AuthorDate: Tue Sep 15 11:43:44 2020 -0500

Make custom xdebug HTTP header name available to other plugins. (#7193)

The custom header name is passed to the xdebug plugin as plugin parameter.  
This change makes it available
as a global TS API user parameter.
---
 plugins/xdebug/xdebug.cc | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/plugins/xdebug/xdebug.cc b/plugins/xdebug/xdebug.cc
index 5e81190..30a1d10 100644
--- a/plugins/xdebug/xdebug.cc
+++ b/plugins/xdebug/xdebug.cc
@@ -706,6 +706,13 @@ TSPluginInit(int argc, const char *argv[])
   }
   xDebugHeader.len = strlen(xDebugHeader.str);
 
+  // Make xDebugHeader available to other plugins, as a C-style string.
+  //
+  int idx = -1;
+  TSReleaseAssert(TSUserArgIndexReserve(TS_USER_ARGS_GLB, "XDebugHeader", 
"XDebug header name", ) == TS_SUCCESS);
+  TSReleaseAssert(idx >= 0);
+  TSUserArgSet(nullptr, idx, const_cast(xDebugHeader.str));
+
   AuxDataMgr::init("xdebug");
 
   // Setup the global hook

[trafficserver] branch master updated: Update sni outbound policy to allow directly setting the outbound SNI. (#7188)

2020-09-15 Thread amc

This is an automated email from the ASF dual-hosted git repository.

amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 50ef963  Update sni outbound policy to allow directly setting the 
outbound SNI. (#7188)
50ef963 is described below

commit 50ef963e42376d8fee0585597cf406274dde6be9
Author: Alan M. Carroll 
AuthorDate: Tue Sep 15 09:37:59 2020 -0500

Update sni outbound policy to allow directly setting the outbound SNI. 
(#7188)
---
 doc/admin-guide/files/records.config.en.rst | 38 +++--
 proxy/http/HttpSM.cc| 18 --
 2 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/doc/admin-guide/files/records.config.en.rst 
b/doc/admin-guide/files/records.config.en.rst
index 78e3551..9060916 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -3621,23 +3621,35 @@ Client-Related Configuration
 .. ts:cv:: CONFIG proxy.config.ssl.client.sni_policy STRING NULL
:overridable:
 
-   Indicate how the SNI value for the TLS connection to the origin is 
selected.  By default it is
-   `host` which means the host header field value is used for the SNI.  If 
`remap` is specified, the
-   remapped origin name is used for the SNI value.  If 
`verify_with_name_source` is specified, the
-   SNI will be the host header value and the name to check in the server 
certificate will be the
-   remap header value.
+   Indicate how the SNI value for the TLS connection to the origin is selected.
+
+   ``host``
+  This is the default. The value of the ``Host`` field in the proxy 
request is used.
+
+   ``remap``
+  The remapped upstream name is used.
+
+   ``verify_with_name_source``
+  The value of the ``Host`` field in the proxy request is used. In 
addition, if the names in the
+  server certificate of the upstream are checked, they are checked against 
the remapped upstream
+  name, not the SNI.
+
+   ``@...``
+  If the policy starts with the ``@`` character, it is treated as a 
literal, less the leading
+  ``@``. E.g. if the policy is "@apache.org" the SNI will be "apache.org".
+
We have two names that could be used in the transaction host header and the 
SNI value to the
origin. These could be the host header from the client or the remap host 
name. Unless you have
pristine host header enabled, these are likely the same values.
-   If sni_policy = host, both the sni and the host header to origin will be 
the same.
-   If sni_policy = remap, the sni value with be the remap host name and the 
host header will be the
-   host header from the client.
-   In addition, We may want to set the SNI and host headers the same (makes 
some common web servers
-   happy), but the certificate served by the origin may have a name that 
corresponds to the remap
-   name. So instead of using the SNI name for the name check, we may want to 
use the remap name.
-   So if sni_policy = verify_with_name_source, the sni will be the host header 
value and the name to
-   check in the server certificate will be the remap header value.
+   If sni_policy = ``host``, both the sni and the value of the ``Host`` field 
to origin will be the
+   same. If sni_policy = ``remap``, the sni value will be the remap host name 
and the host header
+   will be the host header from the client.
 
+   In addition, We may want to set the SNI and host headers the same (makes 
some common web servers
+   happy), but the server certificate for the upstream may have a name that 
corresponds to the remap
+   name. So instead of using the SNI name for the name check, we may want to 
use the remap name. So
+   if sni_policy = ``verify_with_name_source``, the sni will be the host 
header value and the name
+   to check in the server certificate will be the remap header value.
 
 .. ts:cv:: CONFIG proxy.config.ssl.client.TLSv1 INT 0
 
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index b401c8f..c6ee656 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4820,17 +4820,21 @@ HttpSM::get_outbound_cert() const
 std::string_view
 HttpSM::get_outbound_sni() const
 {
-  const char *sni_name = nullptr;
-  size_t len   = 0;
-  if (t_state.txn_conf->ssl_client_sni_policy == nullptr || 
!strcmp(t_state.txn_conf->ssl_client_sni_policy, "host")) {
+  using namespace ts::literals;
+  ts::TextView zret;
+  ts::TextView policy{t_state.txn_conf->ssl_client_sni_policy, 
ts::TextView::npos};
+  if (policy.empty() || !strcmp(policy, "host"_tv)) {
 // By default the host header field value is used for the SNI.
-sni_name = t_state.hdr_info.server_request.host_get(reinterpret_cast());
+int len;
+char const *ptr = t_state.hdr_info.server_request.host_get();
+zret.assign(ptr, len);
+  } else if (policy.front() == '@') { // guaranteed non-empty from

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

2020-09-15 Thread maskit

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 112fc71  Merge branch 'master' into quic-latest
 add 42e8898  Simplify interface between H3 and QUIC, and remove memcopy 
between them

No new revisions were added by this update.

Summary of changes:
 iocore/net/quic/Makefile.am|   3 +
 iocore/net/quic/Mock.h |  90 +++-
 iocore/net/quic/QUICApplication.cc | 248 +-
 iocore/net/quic/QUICApplication.h  |  52 +--
 iocore/net/quic/QUICBidirectionalStream.cc | 347 --
 iocore/net/quic/QUICBidirectionalStream.h  |  23 +-
 iocore/net/quic/QUICStream.cc  | 144 +-
 iocore/net/quic/QUICStream.h   |  45 +-
 .../net/quic/QUICStreamAdapter.cc  |  16 +-
 .../{QUICFrameDispatcher.h => QUICStreamAdapter.h} |  49 +-
 iocore/net/quic/QUICStreamFactory.cc   |   8 +-
 iocore/net/quic/QUICStreamFactory.h|   6 +-
 iocore/net/quic/QUICStreamManager.cc   |  60 ++-
 iocore/net/quic/QUICStreamManager.h|   6 +-
 iocore/net/quic/QUICStreamVCAdapter.cc | 320 +
 iocore/net/quic/QUICStreamVCAdapter.h  | 105 +
 iocore/net/quic/QUICTransferProgressProvider.cc|  83 
 iocore/net/quic/QUICTransferProgressProvider.h |  44 +-
 iocore/net/quic/QUICUnidirectionalStream.cc| 503 -
 iocore/net/quic/QUICUnidirectionalStream.h |  20 +-
 iocore/net/quic/test/test_QUICStream.cc| 189 +---
 proxy/http3/Http09App.cc   |  53 ++-
 proxy/http3/Http09App.h|   4 +
 proxy/http3/Http3App.cc| 157 ---
 proxy/http3/Http3App.h |  28 +-
 proxy/http3/Http3DataFramer.cc |   8 +-
 proxy/http3/Http3DataFramer.h  |   2 +-
 proxy/http3/Http3Frame.cc  | 127 --
 proxy/http3/Http3Frame.h   |  12 +-
 proxy/http3/Http3FrameCollector.cc |  22 +-
 proxy/http3/Http3FrameCollector.h  |   4 +-
 proxy/http3/Http3FrameDispatcher.cc|  15 +-
 proxy/http3/Http3FrameDispatcher.h |   4 +-
 proxy/http3/Http3FrameGenerator.h  |   4 +-
 proxy/http3/Http3HeaderFramer.cc   |   9 +-
 proxy/http3/Http3HeaderFramer.h|   2 +-
 proxy/http3/Http3HeaderVIOAdaptor.cc   | 122 -
 proxy/http3/Http3HeaderVIOAdaptor.h|  23 +-
 proxy/http3/Http3Transaction.cc| 178 ++--
 proxy/http3/Http3Transaction.h |  19 +-
 proxy/http3/QPACK.cc   | 159 ---
 proxy/http3/QPACK.h|  33 +-
 proxy/http3/test/main.cc   |   8 +
 proxy/http3/test/test_Http3Frame.cc|  24 +-
 proxy/http3/test/test_QPACK.cc |  22 +-
 src/traffic_quic/quic_client.cc|  67 ++-
 src/traffic_quic/quic_client.h |  11 +
 47 files changed, 1686 insertions(+), 1792 deletions(-)
 copy proxy/http3/Http3FrameGenerator.h => iocore/net/quic/QUICStreamAdapter.cc 
(78%)
 copy iocore/net/quic/{QUICFrameDispatcher.h => QUICStreamAdapter.h} (50%)
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.cc
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.h
 create mode 100644 iocore/net/quic/QUICTransferProgressProvider.cc

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

2020-09-15 Thread maskit

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 112fc71  Merge branch 'master' into quic-latest
 add 42e8898  Simplify interface between H3 and QUIC, and remove memcopy 
between them

No new revisions were added by this update.

Summary of changes:
 iocore/net/quic/Makefile.am|   3 +
 iocore/net/quic/Mock.h |  90 +++-
 iocore/net/quic/QUICApplication.cc | 248 +-
 iocore/net/quic/QUICApplication.h  |  52 +--
 iocore/net/quic/QUICBidirectionalStream.cc | 347 --
 iocore/net/quic/QUICBidirectionalStream.h  |  23 +-
 iocore/net/quic/QUICStream.cc  | 144 +-
 iocore/net/quic/QUICStream.h   |  45 +-
 .../net/quic/QUICStreamAdapter.cc  |  16 +-
 .../{QUICFrameDispatcher.h => QUICStreamAdapter.h} |  49 +-
 iocore/net/quic/QUICStreamFactory.cc   |   8 +-
 iocore/net/quic/QUICStreamFactory.h|   6 +-
 iocore/net/quic/QUICStreamManager.cc   |  60 ++-
 iocore/net/quic/QUICStreamManager.h|   6 +-
 iocore/net/quic/QUICStreamVCAdapter.cc | 320 +
 iocore/net/quic/QUICStreamVCAdapter.h  | 105 +
 iocore/net/quic/QUICTransferProgressProvider.cc|  83 
 iocore/net/quic/QUICTransferProgressProvider.h |  44 +-
 iocore/net/quic/QUICUnidirectionalStream.cc| 503 -
 iocore/net/quic/QUICUnidirectionalStream.h |  20 +-
 iocore/net/quic/test/test_QUICStream.cc| 189 +---
 proxy/http3/Http09App.cc   |  53 ++-
 proxy/http3/Http09App.h|   4 +
 proxy/http3/Http3App.cc| 157 ---
 proxy/http3/Http3App.h |  28 +-
 proxy/http3/Http3DataFramer.cc |   8 +-
 proxy/http3/Http3DataFramer.h  |   2 +-
 proxy/http3/Http3Frame.cc  | 127 --
 proxy/http3/Http3Frame.h   |  12 +-
 proxy/http3/Http3FrameCollector.cc |  22 +-
 proxy/http3/Http3FrameCollector.h  |   4 +-
 proxy/http3/Http3FrameDispatcher.cc|  15 +-
 proxy/http3/Http3FrameDispatcher.h |   4 +-
 proxy/http3/Http3FrameGenerator.h  |   4 +-
 proxy/http3/Http3HeaderFramer.cc   |   9 +-
 proxy/http3/Http3HeaderFramer.h|   2 +-
 proxy/http3/Http3HeaderVIOAdaptor.cc   | 122 -
 proxy/http3/Http3HeaderVIOAdaptor.h|  23 +-
 proxy/http3/Http3Transaction.cc| 178 ++--
 proxy/http3/Http3Transaction.h |  19 +-
 proxy/http3/QPACK.cc   | 159 ---
 proxy/http3/QPACK.h|  33 +-
 proxy/http3/test/main.cc   |   8 +
 proxy/http3/test/test_Http3Frame.cc|  24 +-
 proxy/http3/test/test_QPACK.cc |  22 +-
 src/traffic_quic/quic_client.cc|  67 ++-
 src/traffic_quic/quic_client.h |  11 +
 47 files changed, 1686 insertions(+), 1792 deletions(-)
 copy proxy/http3/Http3FrameGenerator.h => iocore/net/quic/QUICStreamAdapter.cc 
(78%)
 copy iocore/net/quic/{QUICFrameDispatcher.h => QUICStreamAdapter.h} (50%)
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.cc
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.h
 create mode 100644 iocore/net/quic/QUICTransferProgressProvider.cc

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

2020-09-15 Thread maskit

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 112fc71  Merge branch 'master' into quic-latest
 add 42e8898  Simplify interface between H3 and QUIC, and remove memcopy 
between them

No new revisions were added by this update.

Summary of changes:
 iocore/net/quic/Makefile.am|   3 +
 iocore/net/quic/Mock.h |  90 +++-
 iocore/net/quic/QUICApplication.cc | 248 +-
 iocore/net/quic/QUICApplication.h  |  52 +--
 iocore/net/quic/QUICBidirectionalStream.cc | 347 --
 iocore/net/quic/QUICBidirectionalStream.h  |  23 +-
 iocore/net/quic/QUICStream.cc  | 144 +-
 iocore/net/quic/QUICStream.h   |  45 +-
 .../net/quic/QUICStreamAdapter.cc  |  16 +-
 .../{QUICFrameDispatcher.h => QUICStreamAdapter.h} |  49 +-
 iocore/net/quic/QUICStreamFactory.cc   |   8 +-
 iocore/net/quic/QUICStreamFactory.h|   6 +-
 iocore/net/quic/QUICStreamManager.cc   |  60 ++-
 iocore/net/quic/QUICStreamManager.h|   6 +-
 iocore/net/quic/QUICStreamVCAdapter.cc | 320 +
 iocore/net/quic/QUICStreamVCAdapter.h  | 105 +
 iocore/net/quic/QUICTransferProgressProvider.cc|  83 
 iocore/net/quic/QUICTransferProgressProvider.h |  44 +-
 iocore/net/quic/QUICUnidirectionalStream.cc| 503 -
 iocore/net/quic/QUICUnidirectionalStream.h |  20 +-
 iocore/net/quic/test/test_QUICStream.cc| 189 +---
 proxy/http3/Http09App.cc   |  53 ++-
 proxy/http3/Http09App.h|   4 +
 proxy/http3/Http3App.cc| 157 ---
 proxy/http3/Http3App.h |  28 +-
 proxy/http3/Http3DataFramer.cc |   8 +-
 proxy/http3/Http3DataFramer.h  |   2 +-
 proxy/http3/Http3Frame.cc  | 127 --
 proxy/http3/Http3Frame.h   |  12 +-
 proxy/http3/Http3FrameCollector.cc |  22 +-
 proxy/http3/Http3FrameCollector.h  |   4 +-
 proxy/http3/Http3FrameDispatcher.cc|  15 +-
 proxy/http3/Http3FrameDispatcher.h |   4 +-
 proxy/http3/Http3FrameGenerator.h  |   4 +-
 proxy/http3/Http3HeaderFramer.cc   |   9 +-
 proxy/http3/Http3HeaderFramer.h|   2 +-
 proxy/http3/Http3HeaderVIOAdaptor.cc   | 122 -
 proxy/http3/Http3HeaderVIOAdaptor.h|  23 +-
 proxy/http3/Http3Transaction.cc| 178 ++--
 proxy/http3/Http3Transaction.h |  19 +-
 proxy/http3/QPACK.cc   | 159 ---
 proxy/http3/QPACK.h|  33 +-
 proxy/http3/test/main.cc   |   8 +
 proxy/http3/test/test_Http3Frame.cc|  24 +-
 proxy/http3/test/test_QPACK.cc |  22 +-
 src/traffic_quic/quic_client.cc|  67 ++-
 src/traffic_quic/quic_client.h |  11 +
 47 files changed, 1686 insertions(+), 1792 deletions(-)
 copy proxy/http3/Http3FrameGenerator.h => iocore/net/quic/QUICStreamAdapter.cc 
(78%)
 copy iocore/net/quic/{QUICFrameDispatcher.h => QUICStreamAdapter.h} (50%)
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.cc
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.h
 create mode 100644 iocore/net/quic/QUICTransferProgressProvider.cc

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

2020-09-15 Thread maskit

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 112fc71  Merge branch 'master' into quic-latest
 add 42e8898  Simplify interface between H3 and QUIC, and remove memcopy 
between them

No new revisions were added by this update.

Summary of changes:
 iocore/net/quic/Makefile.am|   3 +
 iocore/net/quic/Mock.h |  90 +++-
 iocore/net/quic/QUICApplication.cc | 248 +-
 iocore/net/quic/QUICApplication.h  |  52 +--
 iocore/net/quic/QUICBidirectionalStream.cc | 347 --
 iocore/net/quic/QUICBidirectionalStream.h  |  23 +-
 iocore/net/quic/QUICStream.cc  | 144 +-
 iocore/net/quic/QUICStream.h   |  45 +-
 .../net/quic/QUICStreamAdapter.cc  |  16 +-
 .../{QUICFrameDispatcher.h => QUICStreamAdapter.h} |  49 +-
 iocore/net/quic/QUICStreamFactory.cc   |   8 +-
 iocore/net/quic/QUICStreamFactory.h|   6 +-
 iocore/net/quic/QUICStreamManager.cc   |  60 ++-
 iocore/net/quic/QUICStreamManager.h|   6 +-
 iocore/net/quic/QUICStreamVCAdapter.cc | 320 +
 iocore/net/quic/QUICStreamVCAdapter.h  | 105 +
 iocore/net/quic/QUICTransferProgressProvider.cc|  83 
 iocore/net/quic/QUICTransferProgressProvider.h |  44 +-
 iocore/net/quic/QUICUnidirectionalStream.cc| 503 -
 iocore/net/quic/QUICUnidirectionalStream.h |  20 +-
 iocore/net/quic/test/test_QUICStream.cc| 189 +---
 proxy/http3/Http09App.cc   |  53 ++-
 proxy/http3/Http09App.h|   4 +
 proxy/http3/Http3App.cc| 157 ---
 proxy/http3/Http3App.h |  28 +-
 proxy/http3/Http3DataFramer.cc |   8 +-
 proxy/http3/Http3DataFramer.h  |   2 +-
 proxy/http3/Http3Frame.cc  | 127 --
 proxy/http3/Http3Frame.h   |  12 +-
 proxy/http3/Http3FrameCollector.cc |  22 +-
 proxy/http3/Http3FrameCollector.h  |   4 +-
 proxy/http3/Http3FrameDispatcher.cc|  15 +-
 proxy/http3/Http3FrameDispatcher.h |   4 +-
 proxy/http3/Http3FrameGenerator.h  |   4 +-
 proxy/http3/Http3HeaderFramer.cc   |   9 +-
 proxy/http3/Http3HeaderFramer.h|   2 +-
 proxy/http3/Http3HeaderVIOAdaptor.cc   | 122 -
 proxy/http3/Http3HeaderVIOAdaptor.h|  23 +-
 proxy/http3/Http3Transaction.cc| 178 ++--
 proxy/http3/Http3Transaction.h |  19 +-
 proxy/http3/QPACK.cc   | 159 ---
 proxy/http3/QPACK.h|  33 +-
 proxy/http3/test/main.cc   |   8 +
 proxy/http3/test/test_Http3Frame.cc|  24 +-
 proxy/http3/test/test_QPACK.cc |  22 +-
 src/traffic_quic/quic_client.cc|  67 ++-
 src/traffic_quic/quic_client.h |  11 +
 47 files changed, 1686 insertions(+), 1792 deletions(-)
 copy proxy/http3/Http3FrameGenerator.h => iocore/net/quic/QUICStreamAdapter.cc 
(78%)
 copy iocore/net/quic/{QUICFrameDispatcher.h => QUICStreamAdapter.h} (50%)
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.cc
 create mode 100644 iocore/net/quic/QUICStreamVCAdapter.h
 create mode 100644 iocore/net/quic/QUICTransferProgressProvider.cc

[trafficserver] branch 9.0.x updated: Updated ChangeLog

[trafficserver] branch 8.1.x updated: Updated ChangeLog

[trafficserver] branch 9.0.x updated: leaks in logs (#7172)

[trafficserver] branch 9.0.x updated: AuTest: Reuse venv if it exists already (#7178)

[trafficserver] branch 9.0.x updated: Emits log when OCSP fails to connect to server (#7183)

[trafficserver] branch 9.0.x updated: Do not lose original inactivity timeout on disable (#7134)

[trafficserver] branch 8.1.x updated: Emits log when OCSP fails to connect to server (#7183) (#7191)

[trafficserver] branch master updated: Updates the list of supported / linked Docs versions (#7152)

[trafficserver] branch master updated: Make custom xdebug HTTP header name available to other plugins. (#7193)

[trafficserver] branch master updated: Update sni outbound policy to allow directly setting the outbound SNI. (#7188)

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

[trafficserver] branch quic-latest updated (112fc71 -> 42e8898)

14 matches

Site Navigation

Mail list logo

Footer information