Change to Module DB
User ID : 1758 Title: Apache Rivet Details : https://modules.apache.org/search.php?id=2592
output filters unit-testing frame-work
Hello I'm looking for a frame-work to perform unit-tests for Apache output filters. The problem of writing such frame-work is how to provide the filter with the whole context (request record, module_config etc.) I didn't find something like this under Apache HTTP Test Project, nor in test directory of Apache source. Can anyone reference me to such existing frame-work? Thanks in advanced Yehezkel Horowitz Check Point Software Technologies Ltd.
Re: output filters unit-testing frame-work
Look for Apache::Test in CPAN. It's pretty much the standard Apache test framework today, and supports C and Perl (mod_perl) modules. Issac On 25/09/2011 16:47, Yehezkel Horowitz wrote: Hello I'm looking for a frame-work to perform unit-tests for Apache output filters. The problem of writing such frame-work is how to provide the filter with the whole context (request record, module_config etc.) I didn't find something like this under Apache HTTP Test Project, nor in test directory of Apache source. Can anyone reference me to such existing frame-work? Thanks in advanced Yehezkel Horowitz Check Point Software Technologies Ltd.
httpd 2.0.65 - when?
Hi all, currently the 2.0.65 release seems a bit forgotten ... 2.0.x STATUS reads: 2.0.65 : In maintainance. Jim proposes TR 9/12-15 and offers to RM. http://httpd.apache.org/security/CVE-2011-3192.txt mentions: ... Version 2.0.65 has not been released, but will include this fix, and is anticipated in September. ... Jeff has already released APR-0.9.20 at 15-Sep-2011: http://www.apache.org/dist/apr/Announcement0.9.html but we have even not yet commited the 2.0.x byterange fix to 2.0.x-HEAD ... if we still want to release in September as stated in the security advice then we should asap start with the release process, or? Gün.
Re: httpd 2.0.65 - when?
Been a little… preoccupied... Will push this week (and try to finalize the patch to propose). On Sep 25, 2011, at 11:17 AM, Guenter Knauf wrote: Hi all, currently the 2.0.65 release seems a bit forgotten ... 2.0.x STATUS reads: 2.0.65 : In maintainance. Jim proposes TR 9/12-15 and offers to RM. http://httpd.apache.org/security/CVE-2011-3192.txt mentions: ... Version 2.0.65 has not been released, but will include this fix, and is anticipated in September. ... Jeff has already released APR-0.9.20 at 15-Sep-2011: http://www.apache.org/dist/apr/Announcement0.9.html but we have even not yet commited the 2.0.x byterange fix to 2.0.x-HEAD ... if we still want to release in September as stated in the security advice then we should asap start with the release process, or? Gün.
Re: svn commit: r1172010 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On 9/23/2011 10:07 AM, Kaspar Brand wrote:
On 22.09.2011 22:25, Daniel Ruggeri wrote:
trunk suggestion - if this jives, I'll commit later when I have a bit
Looks good, just some nits:
for (n = 0; n ncerts; n++) {
int i, res;
res is no longer used, AFAICT
Correct - removed
if (chain != NULL) {
/* Dicard end entity cert from the chain */
/* XXX: This is not needed if we collapse the two
* checks in ssl_engine_kernel in the future */
X509_free(sk_X509_shift(chain));
s/Di/Dis/. As for the XXX, do you mean the idea of having a common
routine for checking server certs and proxy client certs? That would
probably go to ssl_engine_init.c as well, as sort of a companion to
ssl_check_public_cert().
In the proxy client cert callback function in ssl_engine_kernel, each
cert is first checked if it is directly signed by each of the CA's in
the list. If that fails, then we start trying to match by chain. The
comment I added just points out that if we leave the end cert in the
STACK_OF(X509) we will perform the same check twice - once for the
direct issuer check and once again for the first item in the chain
without shifting it off.
Alternatively, we could adjust the callback and init functions to always
build a chain (even if SSLProxyMachineCertificateChainFile is not set)
and check by chain by doing the X509_NAME_cmp for each item in the
STACK_OF(X509) in pkp-ca_certs rather than checking the issuer of each
item in pkp-certs. If the new directive is not set, everything would
*essentially* function the same way. To me, they are two ways to do the
same thing, though with the current approach, the verification messages
in startup will not show up unless using the new directive.
... I'm not sure if I explained my thought process well, though, so let
me know if I should elaborate further.
else {
/* Discard empty chain */
sk_X509_pop_free(chain, X509_free);
pkp-ca_certs[n] = NULL;
Strictly speaking, the last assignment isn't necessary, since your
calloc'ing ca_certs before.
Setting to NULL will be caught by the update Rüdiger put in for 1162103
and will skip all of the new logic in the callback function. IMO, I feel
this way is just a bit cleaner and easier to follow. I can be swayed if
you feel strongly about it, though.
Style - missing spaces. Kaspar
I'm so bad about this. Corrected also. Thank you very much for
reviewing. I'll wait for feedback before committing and updating 2.2 STATUS.
--
Daniel Ruggeri
Re: Pushing for httpd 2.4.0 GA
I've done a backport patch of the mod_proxy_balancer PROXY_WORKER_DRAIN for the 2.2.x stream in the hopes it could be included in a future 2.2.x release. https://issues.apache.org/bugzilla/show_bug.cgi?id=51247 \|/- Keith Mashinter kmash...@yahoo.com From: Daniel Ruggeri drugg...@primary.net To: dev@httpd.apache.org Sent: Tuesday, September 20, 2011 6:36:51 AM Subject: Re: Pushing for httpd 2.4.0 GA On 9/19/2011 8:42 PM, Keith Mashinter wrote: Just a reminder about this, providing a way to phase out a server by only accepting existing sessions/routed requests. |51247|New|Enh|2011-05-23|Enhance mod_proxy and _balancer with worker status Jim did add this feature as indicated in that bug report. The patch provides for a 'drain' setting which should do the trick. -- Daniel Ruggeri
