Re: cPanel Apache 2.4
Nice! -- Daniel Ruggeri Original Message From: Jacob Perkins jacob.perk...@cpanel.net Sent: May 15, 2015 10:18:08 AM CDT To: dev@httpd.apache.org Subject: cPanel Apache 2.4 Good afternoon, As some of you may be aware, cPanel is a leader in the hosting industry as we provide software that allows end users to easily run a server and associated LAMP stack. Yesterday, May 14th, we changed the default installation target to Apache 2.4 over Apache 2.2. Currently, around 80% of our user base uses Apache 2.2. I’m hoping to have those customers using Apache 2.4 in the next year. I know that you guys like to keep track of 2.2 vs 2.4 usage, so hopefully we’ll start noticing the 2.4 usage increase gradually over the next year or so. Thanks for your time! — Jacob Perkins Product Owner cPanel Inc. jacob.perk...@cpanel.net mailto:jacob.perk...@cpanel.net Office: 713-529-0800 x 4046 Cell: 713-560-8655
Re: How to wait on a global lock with timeout
Hi Yann, thanks for your explanation. Am 16.05.2015 um 19:05 schrieb Yann Ylavic: Trying to get locked mutex... timed out after 1 second (expected) Child trying to unlock the mutex got 1 (unexpected) Trying to get locked mutex... timed out after 2 seconds (unexpected) Did I do anything wrong? A mutex must be unlocked by the thread which locked it (error 1 is EPERM). Ok, makes sense to me. Regards, Micha
Re: How to wait on a global lock with timeout
Hi Micha, On Sat, May 16, 2015 at 5:22 PM, Micha Lenk mi...@lenk.info wrote: Sorry, took me a while to give your patch a try. As the patch didn't apply cleanly to trunk (ie. SVN rev. 1676013), I assume that it is already applied in trunk. So I went ahead without applying your patch. Is this correct? Yes, links point to svn commits in trunk. I wrote a small test program that should prove me that timed global locks work across process boundaries (see attached source). But for some reason apr_global_mutex_unlock() return 1 if called in the child process. This is the output that I get from the compiled test program: Trying to get locked mutex... timed out after 1 second (expected) Child trying to unlock the mutex got 1 (unexpected) Trying to get locked mutex... timed out after 2 seconds (unexpected) Did I do anything wrong? A mutex must be unlocked by the thread which locked it (error 1 is EPERM). Thus you can: lock() if fork() == 0: lock() else: unlock() but not: lock() if fork() == 0: unlock() else: lock() Regards, Yann.
Re: silly ab patch for SNI and OCSP stapling
On Sat, May 16, 2015 at 10:39 AM, Daniel Ruggeri drugg...@primary.net
wrote:
+1, but I would also propose a command line flag to override the SNI host
name supplied in case one is testing directly by IP address.
in that case shouldn't you also be overriding Host:, so the SNI host name
can use the same override? I think this may lead the user into a more
helpful scenario, if indeed they don't already know when to override Host:,
and I don't know how useful it is to have different values for Host: and
SNI.
--
Daniel Ruggeri
--
*From:* Jeff Trawick traw...@gmail.com
*Sent:* May 12, 2015 2:31:37 PM CDT
*To:* Apache HTTP Server Development List dev@httpd.apache.org
*Subject:* silly ab patch for SNI and OCSP stapling
... where OCSP stapling means get the server to do the related work
but don't care what you get back.
Perhaps this doesn't save any time for anybody that would want to test
such a thing, but who knows?
Index: support/ab.c
--
--- support/ab.c(revision 1679028)
+++ support/ab.c(working copy)
@@ -1287,6 +1287,8 @@
bio = BIO_new_socket(fd, BIO_NOCLOSE);
SSL_set_bio(c-ssl, bio, bio);
SSL_set_connect_state(c-ssl);
+SSL_set_tlsext_host_name(c-ssl, hostname);
+SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
if (verbosity = 4) {
BIO_set_callback(bio, ssl_print_cb);
BIO_set_callback_arg(bio, (void *)bio_err);
The lack of SNI is a pretty big hole now; it probably doesn't need much
extra in the way of #if/if to do the right thing.
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Re: silly ab patch for SNI and OCSP stapling
Yep, my mistake. I thought there was a command line switch to change the host header. You're correct - it wouldn't make much sense to override one and not the other. -- Daniel Ruggeri On 5/16/2015 11:25 AM, Jeff Trawick wrote: in that case shouldn't you also be overriding Host:, so the SNI host name can use the same override? I think this may lead the user into a more helpful scenario, if indeed they don't already know when to override Host:, and I don't know how useful it is to have different values for Host: and SNI.
Re: silly ab patch for SNI and OCSP stapling
+1, but I would also propose a command line flag to override the SNI host name
supplied in case one is testing directly by IP address.
--
Daniel Ruggeri
Original Message
From: Jeff Trawick traw...@gmail.com
Sent: May 12, 2015 2:31:37 PM CDT
To: Apache HTTP Server Development List dev@httpd.apache.org
Subject: silly ab patch for SNI and OCSP stapling
... where OCSP stapling means get the server to do the related work
but don't care what you get back.
Perhaps this doesn't save any time for anybody that would want to test
such a thing, but who knows?
Index: support/ab.c
===
--- support/ab.c(revision 1679028)
+++ support/ab.c(working copy)
@@ -1287,6 +1287,8 @@
bio = BIO_new_socket(fd, BIO_NOCLOSE);
SSL_set_bio(c-ssl, bio, bio);
SSL_set_connect_state(c-ssl);
+SSL_set_tlsext_host_name(c-ssl, hostname);
+SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
if (verbosity = 4) {
BIO_set_callback(bio, ssl_print_cb);
BIO_set_callback_arg(bio, (void *)bio_err);
The lack of SNI is a pretty big hole now; it probably doesn't need much
extra in the way of #if/if to do the right thing.
Re: Style checker?
All; I still develop in what a lot of folks would consider a fairly primiti= ve environment (vi) that doesn't do anything for style checking things lik= e line width/spacing before and after control statements/indentation/variab= le declaration/etc=2E I know of the indent tool available on most unix-like= systems, but was wondering if you folks use any other tools to help along = that path? I use vi too: :help !}fmt 76 :se ai :se noai :se list :se nolist PS Caution: fmt on FreeBSD is (or was) not 8 bit clean. http://berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/usr.bin/fmt/ Some of the vi clones do more formatting colour highlighting syntax/ bracket matching (while fine for Reading code, the colour flashing drives one mad adding new code) I forgot the name 'vim' but found again via http://www.freebsd.org/cgi/ports.cgi?query=vistype=allsektion=editors I just noticed http://berklix.com/~jhs/src/bsd/jhs/bin/public/tab/ does not take pipes (so forget that with !} ). Oh well, I'm too busy ! http://berklix.com/~jhs/src/bsd/jhs/bin/public/brackets/ 'tidy' for html of course http://www.w3.org/People/Raggett/tidy/ http://svnweb.freebsd.org/ports/head/www/tidy/pkg-descr?revision=HEAD http://berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/contrib/nvi/README.wysiwyg.multi_linked.no_customise My WYSIWYG hooks for tying nvi into ghostview, chimera etc for .ps .pdf .html viewers (so one can hack txt with vi auto format redisplay each ':w' ) - no reason one couldnt extend such a trick to C ) There's been C beatifiers for decades, https://www.google.de/search?q=c+beautifierie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-agfe_rd=crei=PF5XVanWG8WK8QfT1oGQBg From man style I just found man indent indent and format C program source http://www.freebsd.org/cgi/man.cgi?query=indentapropos=0sektion=0manpath=FreeBSD+10.1-RELEASEarch=defaultformat=html Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Indent previous with . Reply Below as a play script. Send plain text, Not quoted-printable, HTML, or base64.
Style checker?
All; I still develop in what a lot of folks would consider a fairly primitive environment (vi) that doesn't do anything for style checking things like line width/spacing before and after control statements/indentation/variable declaration/etc. I know of the indent tool available on most unix-like systems, but was wondering if you folks use any other tools to help along that path? -- Daniel Ruggeri
Re: How to wait on a global lock with timeout
Hi Yann,
Am 25.03.2015 um 09:56 schrieb Yann Ylavic:
To mitigate that design flaw I would provide the timeout by reference
and update it by the functions using it. This has also the nice benefit
that the caller is able to retrieve the time it needed to wait.
By doing so, you have to get the current time (call apr_time_now())
each time, and I wanted to avoid it when the native functions don't
need it.
The remaining time is not important if you can pass an absolute time (IMHO).
Ok, understood. You're right.
Sorry, took me a while to give your patch a try. As the patch didn't
apply cleanly to trunk (ie. SVN rev. 1676013), I assume that it is
already applied in trunk. So I went ahead without applying your patch.
Is this correct?
I wrote a small test program that should prove me that timed global
locks work across process boundaries (see attached source). But for some
reason apr_global_mutex_unlock() return 1 if called in the child
process. This is the output that I get from the compiled test program:
Trying to get locked mutex... timed out after 1 second (expected)
Child trying to unlock the mutex got 1 (unexpected)
Trying to get locked mutex... timed out after 2 seconds (unexpected)
Did I do anything wrong?
Best regards,
Micha
#include assert.h
#include stdio.h
#include unistd.h
#include apr.h
#include apr_pools.h
#include apr_global_mutex.h
#define LOCKFILE /tmp/apr-synctest-lockfile
int main(int argc, const char *argv[]) {
apr_pool_t *pool = NULL;
apr_global_mutex_t *mutex = NULL;
apr_time_t timeout;
apr_status_t rv;
pid_t child;
int child_rc;
int rc = 0;
assert(apr_initialize() == APR_SUCCESS);
assert(apr_pool_create(pool, NULL) == APR_SUCCESS);
apr_global_mutex_create(mutex, LOCKFILE, APR_LOCK_DEFAULT_TIMED, pool);
/*
* LOCK
*/
apr_global_mutex_lock(mutex);
timeout = apr_time_from_sec(1);
printf(Trying to get locked mutex...);
rv = apr_global_mutex_timedlock(mutex, timeout, 0);
if (rv == APR_TIMEUP) {
printf( timed out after 1 second (expected)\n);
} else {
printf( FAILED: %d (unexpected)\n, rv);
rc = 1;
goto cleanup;
}
child = fork();
if (child == 0) { // child process
assert(apr_global_mutex_child_init(mutex, LOCKFILE, pool) == APR_SUCCESS);
(void)sleep(1);
/*
* UNLOCK in forked child
*/
rv = apr_global_mutex_unlock(mutex);
if (rv != APR_SUCCESS) {
rc = 1;
printf(Child trying to unlock the mutex got %d (unexpected)\n, rv);
}
} else if (child 0) { // parent process
timeout = apr_time_from_sec(2);
printf(Trying to get locked mutex...);
rv = apr_global_mutex_timedlock(mutex, timeout, 0);
if (rv == APR_SUCCESS) {
printf( OK (expected)\n);
} else if (rv == APR_TIMEUP) {
printf( timed out after 2 seconds (unexpected)\n);
rc = 1;
} else {
printf( FAILED: %d (unexpected)\n, rv);
rc = 1;
}
wait(child_rc);
if (rc == 0)
rc = child_rc;
} else { // fork() failed
printf(failed to fork(): %m);
rc = 1;
goto cleanup;
}
cleanup:
apr_pool_destroy(pool);
apr_terminate();
return rc;
}
Re: SO_REUSEPORT
On Fri, May 15, 2015 at 5:12 PM, Jeff Trawick traw...@gmail.com wrote:
On Fri, May 15, 2015 at 11:02 AM, William A Rowe Jr wr...@rowe-clan.net
wrote:
My chief concern was that the phrase Common Log has a specific meaning
to us.
ap_mpm_common_log_startup() or something else descriptive would be a
better name, but our crew is famous for not being terrific namers of things
:)
Did this compile with no warnings? It seems statics were used without
being explicitly initialized, and I don't have my copy of KR to check that
these are always NULL, but guessing that's so.
yes; but ISTR that NetWare is the reason for explicit initialization in some
of our multi-platform code; I dunno the rhyme
s/ap_log_common/ap_log_mpm_common/ in r1679714 and added to backport proposal.
Regarding globals/statics explicit initializations (implicit
initialization to {0} is required by the C standard), I don't think it
is necessary/suitable since and it may move these variables from the
.bss to the .data section, the former being quicker to initialize (as
a whole) at load time (though explicit initializations to {0} usually
go to .bss too but it depends on the compiler and/or flags, and we
don't explicitely need .data for those).
So I did not change the code wrt this...
