Re: [VOTE] Release Apache httpd 2.4.9 as GA

2014-03-14 Thread Jim Jagielski 
+1: Fed18, CentOS6, OSX 10.9.2 (Xcode 5.1)

On Mar 13, 2014, at 12:49 PM, Jim Jagielski j...@jagunet.com wrote:

 The pre-release test tarballs for Apache httpd 2.4.9 can be found
 at the usual place:
 
   http://httpd.apache.org/dev/dist/
 
 I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA.
 
 [ ] +1: Good to go
 [ ] +0: meh
 [ ] -1: Danger Will Robinson. And why.
 
 Vote will last the normal 72 hrs.
 
 NOTE: The *-deps are only there for convenience.

Re: [VOTE] Release Apache httpd 2.4.9 as GA

2014-03-14 Thread Reindl Harald 

Am 13.03.2014 17:49, schrieb Jim Jagielski:
 The pre-release test tarballs for Apache httpd 2.4.9 can be found
 at the usual place:
 
   http://httpd.apache.org/dev/dist/
 
 I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA.
 
 [ ] +1: Good to go
 [ ] +0: meh
 [ ] -1: Danger Will Robinson. And why.
 
 Vote will last the normal 72 hrs

+1

Fedora 20 x86_64
openssl-1.0.1e-37.fc20.20140109.rh.x86_64
apr-util-1.5.3-1.fc20.x86_64
apr-1.5.0-4.fc20.20131231.rh.x86_64
___

2.4.8 RC was also stable with that openssl containing backports
https://bugzilla.redhat.com/show_bug.cgi?id=1074163

openssl-1.0.1e-37.fc20.20140109.rh.x86_64 is a cpu-optimized rebuild
of Fedora's src.rpm with no other changes than compiler/linker flags
___

thanks for https://issues.apache.org/bugzilla/show_bug.cgi?id=56094



signature.asc
Description: OpenPGP digital signature

rewriterule

2014-03-14 Thread Ligade, Shailesh [USA] 
Hello,

I want to log client certificate chain, when there is ssl verification failure.

So I have a rule

RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule ^(.*)$ /cgi-bin/printenv.pl [QSA,PT,L]

But it doesn’t work. If change the rule to success, it works, but I need to log 
the chain only when client verification fails.

It appears that, when there is failure, my condition and rule never gets 
executed.

Any work around doing that?

Thanks

S

Re: [VOTE] Release Apache httpd 2.4.9 as GA

2014-03-14 Thread Rainer Jung 
On 13.03.2014 17:49, Jim Jagielski wrote:
 The pre-release test tarballs for Apache httpd 2.4.9 can be found
 at the usual place:
 
   http://httpd.apache.org/dev/dist/
 
 I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA.
 
 [ ] +1: Good to go
 [ ] +0: meh
 [ ] -1: Danger Will Robinson. And why.
 
 Vote will last the normal 72 hrs.
 
 NOTE: The *-deps are only there for convenience.

I get some test failures:

t/ssl/pr12355.t   (Wstat: 0 Tests: 10 Failed: 4)
  Failed tests:  3-4, 7-8
t/ssl/pr43738.t   (Wstat: 0 Tests: 4 Failed: 2)
  Failed tests:  1-2

They happen during renegotiation. All parts should be using OpenSSL
1.0.1f. The requests end up with status 403 instead of 200.

trace log:

ssl_engine_kernel.c(778): AH02260: Performing full renegotiation:
complete handshake protocol (client does support secure renegotiation)
ssl_engine_kernel.c(1801): OpenSSL: Handshake: start
ssl_engine_kernel.c(1809): OpenSSL: Loop: SSL renegotiate ciphers
ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request A
core_filters.c(525): core_output_filter: flushing because of FLUSH bucket
ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 flush data
ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request C
[client 127.0.0.1:39714] AH02226: Awaiting re-negotiation handshake
ssl_engine_kernel.c(1801): OpenSSL: Handshake: start
ssl_engine_kernel.c(1809): OpenSSL: Loop: before accept initialization
core_filters.c(525): core_output_filter: flushing because of FLUSH bucket
ssl_engine_io.c(2039): OpenSSL: read 5/5 bytes from BIO#2a75a8 [mem:
2aeb5b] (BIO dump follows)
core_filters.c(525): core_output_filter: flushing because of FLUSH bucket
ssl_engine_io.c(2039): OpenSSL: read 458/458 bytes from BIO#2a75a8 [mem:
2aeb60] (BIO dump follows)
ssl_engine_kernel.c(1920): AH02043: SSL virtual host for servername
localhost found
core_filters.c(525): core_output_filter: flushing because of FLUSH bucket
ssl_engine_kernel.c(1819): OpenSSL: Write: SSLv3 read client hello C
ssl_engine_kernel.c(1838): OpenSSL: Exit: error in SSLv3 read client hello C
[client 127.0.0.1:39714] AH02261: Re-negotiation handshake failed: Not
accepted by client!?

More complete log under

http://people.apache.org/~rjung/renegotitation-failure-2.4.9.txt

Regards,

Rainer

AW: [VOTE] Release Apache httpd 2.4.9 as GA

2014-03-14 Thread Plüm , Rüdiger , Vodafone Group 


 -Ursprüngliche Nachricht-
 Von: Rainer Jung [mailto:rainer.j...@kippdata.de]
 Gesendet: Freitag, 14. März 2014 19:14
 An: dev@httpd.apache.org
 Betreff: Re: [VOTE] Release Apache httpd 2.4.9 as GA
 
 On 13.03.2014 17:49, Jim Jagielski wrote:
  The pre-release test tarballs for Apache httpd 2.4.9 can be found
  at the usual place:
 
  http://httpd.apache.org/dev/dist/
 
  I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA.
 
  [ ] +1: Good to go
  [ ] +0: meh
  [ ] -1: Danger Will Robinson. And why.
 
  Vote will last the normal 72 hrs.
 
  NOTE: The *-deps are only there for convenience.
 
 I get some test failures:
 
 t/ssl/pr12355.t   (Wstat: 0 Tests: 10 Failed: 4)
   Failed tests:  3-4, 7-8
 t/ssl/pr43738.t   (Wstat: 0 Tests: 4 Failed: 2)
   Failed tests:  1-2
 
 They happen during renegotiation. All parts should be using OpenSSL
 1.0.1f. The requests end up with status 403 instead of 200.

Which MPM?

Regards

Rüdiger

Re: Rich is looking for a substitute httpd talk for Denver

2014-03-14 Thread Rich Bowen 
So, looks like we'll just leave that one slot empty in the httpd track, 
or fill it with something off-topic.


Unless ... last ditch effort here - if anyone would like to do a what's 
coming in 2.6 kind of discussion, that could be a way to fill the 
space. But I'm reluctant to just fill the space to fill the space.


--Rich

--
Rich Bowen - rbo...@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon