Change to Module DB
User ID : 1758 Title: Apache Rivet Details : https://modules.apache.org/search.php?id=2592
output filters unit-testing frame-work
Hello I'm looking for a frame-work to perform unit-tests for Apache output filters. The problem of writing such frame-work is how to provide the filter with the whole context (request record, module_config etc.) I didn't find something like this under Apache HTTP Test Project, nor in test directory of Apache source. Can anyone reference me to such existing frame-work? Thanks in advanced Yehezkel Horowitz Check Point Software Technologies Ltd.
Re: output filters unit-testing frame-work
Look for Apache::Test in CPAN. It's pretty much the standard Apache test framework today, and supports C and Perl (mod_perl) modules. Issac On 25/09/2011 16:47, Yehezkel Horowitz wrote: Hello I'm looking for a frame-work to perform unit-tests for Apache output filters. The problem of writing such frame-work is how to provide the filter with the whole context (request record, module_config etc.) I didn't find something like this under Apache HTTP Test Project, nor in test directory of Apache source. Can anyone reference me to such existing frame-work? Thanks in advanced Yehezkel Horowitz Check Point Software Technologies Ltd.
httpd 2.0.65 - when?
Hi all, currently the 2.0.65 release seems a bit forgotten ... 2.0.x STATUS reads: 2.0.65 : In maintainance. Jim proposes TR 9/12-15 and offers to RM. http://httpd.apache.org/security/CVE-2011-3192.txt mentions: ... Version 2.0.65 has not been released, but will include this fix, and is anticipated in September. ... Jeff has already released APR-0.9.20 at 15-Sep-2011: http://www.apache.org/dist/apr/Announcement0.9.html but we have even not yet commited the 2.0.x byterange fix to 2.0.x-HEAD ... if we still want to release in September as stated in the security advice then we should asap start with the release process, or? Gün.
Re: httpd 2.0.65 - when?
Been a little… preoccupied... Will push this week (and try to finalize the patch to propose). On Sep 25, 2011, at 11:17 AM, Guenter Knauf wrote: Hi all, currently the 2.0.65 release seems a bit forgotten ... 2.0.x STATUS reads: 2.0.65 : In maintainance. Jim proposes TR 9/12-15 and offers to RM. http://httpd.apache.org/security/CVE-2011-3192.txt mentions: ... Version 2.0.65 has not been released, but will include this fix, and is anticipated in September. ... Jeff has already released APR-0.9.20 at 15-Sep-2011: http://www.apache.org/dist/apr/Announcement0.9.html but we have even not yet commited the 2.0.x byterange fix to 2.0.x-HEAD ... if we still want to release in September as stated in the security advice then we should asap start with the release process, or? Gün.
Re: svn commit: r1172010 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On 9/23/2011 10:07 AM, Kaspar Brand wrote: On 22.09.2011 22:25, Daniel Ruggeri wrote: trunk suggestion - if this jives, I'll commit later when I have a bit Looks good, just some nits: for (n = 0; n ncerts; n++) { int i, res; res is no longer used, AFAICT Correct - removed if (chain != NULL) { /* Dicard end entity cert from the chain */ /* XXX: This is not needed if we collapse the two * checks in ssl_engine_kernel in the future */ X509_free(sk_X509_shift(chain)); s/Di/Dis/. As for the XXX, do you mean the idea of having a common routine for checking server certs and proxy client certs? That would probably go to ssl_engine_init.c as well, as sort of a companion to ssl_check_public_cert(). In the proxy client cert callback function in ssl_engine_kernel, each cert is first checked if it is directly signed by each of the CA's in the list. If that fails, then we start trying to match by chain. The comment I added just points out that if we leave the end cert in the STACK_OF(X509) we will perform the same check twice - once for the direct issuer check and once again for the first item in the chain without shifting it off. Alternatively, we could adjust the callback and init functions to always build a chain (even if SSLProxyMachineCertificateChainFile is not set) and check by chain by doing the X509_NAME_cmp for each item in the STACK_OF(X509) in pkp-ca_certs rather than checking the issuer of each item in pkp-certs. If the new directive is not set, everything would *essentially* function the same way. To me, they are two ways to do the same thing, though with the current approach, the verification messages in startup will not show up unless using the new directive. ... I'm not sure if I explained my thought process well, though, so let me know if I should elaborate further. else { /* Discard empty chain */ sk_X509_pop_free(chain, X509_free); pkp-ca_certs[n] = NULL; Strictly speaking, the last assignment isn't necessary, since your calloc'ing ca_certs before. Setting to NULL will be caught by the update Rüdiger put in for 1162103 and will skip all of the new logic in the callback function. IMO, I feel this way is just a bit cleaner and easier to follow. I can be swayed if you feel strongly about it, though. Style - missing spaces. Kaspar I'm so bad about this. Corrected also. Thank you very much for reviewing. I'll wait for feedback before committing and updating 2.2 STATUS. -- Daniel Ruggeri
Re: Pushing for httpd 2.4.0 GA
I've done a backport patch of the mod_proxy_balancer PROXY_WORKER_DRAIN for the 2.2.x stream in the hopes it could be included in a future 2.2.x release. https://issues.apache.org/bugzilla/show_bug.cgi?id=51247 \|/- Keith Mashinter kmash...@yahoo.com From: Daniel Ruggeri drugg...@primary.net To: dev@httpd.apache.org Sent: Tuesday, September 20, 2011 6:36:51 AM Subject: Re: Pushing for httpd 2.4.0 GA On 9/19/2011 8:42 PM, Keith Mashinter wrote: Just a reminder about this, providing a way to phase out a server by only accepting existing sessions/routed requests. |51247|New|Enh|2011-05-23|Enhance mod_proxy and _balancer with worker status Jim did add this feature as indicated in that bug report. The patch provides for a 'drain' setting which should do the trick. -- Daniel Ruggeri