LUA: add response headers bug
Hi Conditions: - The website sends 2 "link" headers in response - I'm trying to add more from LUA, using "http-response lua.processResponse" (backend section) -> "core.register_action("processResponse", { "http-res" }, function(txn)" - Haproxy 1.9.7, LUA 5.3 Case 1: Syntax that I use since old versions: txn.http:res_add_header('link','12231') - New header doesn't appear and even native website's headers deleted Case 2: Syntax from current docs: txn.http:res_add_header(txn.http,'link','12232') - New header doesn't appear, but native headers stay Case 3: Funny mix with both types. txn.http:res_add_header('link','12231') txn.http:res_add_header(txn.http,'link','12232') - The first new header appear successfully and native headers also stay Case 4: Same mix backwards. txn.http:res_add_header(txn.http,'link','12232') txn.http:res_add_header('link','12231') - Same as case #2 Should it be some other syntax?) -- Wert
stable-bot: WARNING: 33 bug fixes in queue for next release
Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent periodically once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the severity of these fixes and their merge date. Responses to this mail must be sent to the mailing list. Last release 1.8.19 was issued on 2019/02/11. There are currently 33 patches in the queue cut down this way: - 5 MAJOR, first one merged on 2019/03/11 - 19 MEDIUM, first one merged on 2019/03/11 - 9 MINOR, first one merged on 2019/03/11 Thus the computed ideal release date for 1.8.20 would be 2019/03/25, which was five weeks ago. The current list of patches in the queue is: - MAJOR : listener: Make sure the listener exist before using it. - MAJOR : spoe: Fix initialization of thread-dependent fields - MAJOR : http_fetch: Get the channel depending on the keyword used - MAJOR : stats: Fix how huge POST data are read from the channel - MAJOR : checks: segfault during tcpcheck_main - MEDIUM : listener: use a self-locked list for the dequeue lists - MEDIUM : listener: make sure the listener never accepts too many conns - MEDIUM : list: fix the rollback on addq in the locked liss - MEDIUM : logs: Only attempt to free startup_logs once. - MEDIUM : pattern: assign pattern IDs after checking the config validity - MEDIUM : ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites - MEDIUM : list: fix LIST_POP_LOCKED's removal of the last pointer - MEDIUM : list: add missing store barriers when updating elements and head - MEDIUM : lists: Properly handle the case we're removing the first elt. - MEDIUM : maps: only try to parse the default value when it's present - MEDIUM : peers: fix a case where peer session is not cleanly reset on release. - MEDIUM : 51d: fix possible segfault on deinit_51degrees() - MEDIUM : thread/http: Add missing locks in set-map and add-acl HTTP rules - MEDIUM : list: fix incorrect pointer unlocking in LIST_DEL_LOCKED() - MEDIUM : list: fix again LIST_ADDQ_LOCKED - MEDIUM : list: correct fix for LIST_POP_LOCKED's removal of last element - MEDIUM : spoe: Return an error if nothing is encoded for fragmented messages - MEDIUM : spoe: Queue message only if no SPOE applet is attached to the stream - MEDIUM : threads/fd: do not forget to take into account epoll_fd/pipes - MINOR : acl: properly detect pattern type SMP_T_ADDR - MINOR : spoe: Don't systematically wakeup SPOE stream in the applet handler - MINOR : da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - MINOR : 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - MINOR : cli: correctly handle abns in 'show cli sockets' - MINOR : http/counters: fix missing increment of fe->srv_aborts - MINOR : ssl: fix warning about ssl-min/max-ver support - MINOR : listener: keep accept rate counters accurate under saturation - MINOR : threads: fix the process range of thread masks --- The haproxy stable-bot is freely provided by HAProxy Technologies to help improve the quality of each HAProxy release. If you have any issue with these emails or if you want to suggest some improvements, please post them on the list so that the solutions suiting the most users can be found.
fix LibreSSL builds
Hi, I tested the following patch on LibreSSL-2.7.5, 2.8.3, 2.9.1 thanks! Ilya Shipitcin From 12c3a7b0eac4bab73864869bf8fcb365c9ba06ef Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 28 Apr 2019 00:00:16 +0500 Subject: [PATCH] BUILD: add defines to support LibreSSL tested on LibreSSL-2.7.5, 2.8.3, 2.9.1 --- include/proto/openssl-compat.h | 2 +- include/proto/ssl_sock.h | 2 +- src/cli.c | 2 +- src/ssl_sock.c | 44 +- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h index ffee2e40..47d7bbd2 100644 --- a/include/proto/openssl-compat.h +++ b/include/proto/openssl-compat.h @@ -89,7 +89,7 @@ static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned cha } #endif -#if (OPENSSL_VERSION_NUMBER < 0x101fL) || defined(LIBRESSL_VERSION_NUMBER) +#if (OPENSSL_VERSION_NUMBER < 0x101fL) || (LIBRESSL_VERSION_NUMBER < 0x207fL) /* * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL */ diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index ce52fb74..586ebb90 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -85,7 +85,7 @@ SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_co int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf); unsigned int ssl_sock_generated_cert_key(const void *data, size_t len); -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) void ssl_async_fd_handler(int fd); void ssl_async_fd_free(int fd); #endif diff --git a/src/cli.c b/src/cli.c index 9581369c..508d70e9 100644 --- a/src/cli.c +++ b/src/cli.c @@ -1002,7 +1002,7 @@ static int cli_io_handler_show_fd(struct appctx *appctx) (fdt.iocb == poller_pipe_io_handler) ? "poller_pipe_io_handler" : (fdt.iocb == mworker_accept_wrapper) ? "mworker_accept_wrapper" : #ifdef USE_OPENSSL -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) (fdt.iocb == ssl_async_fd_free) ? "ssl_async_fd_free" : (fdt.iocb == ssl_async_fd_handler) ? "ssl_async_fd_handler" : #endif diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 015943ee..e2b98a0b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -57,7 +57,7 @@ #include #endif -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) #include #endif @@ -573,7 +573,7 @@ fail_get: } #endif -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) /* * openssl async fd handler */ @@ -2295,7 +2295,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx) SSL_set_SSL_CTX(ssl, ctx); } -#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL) +#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER) static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) { @@ -4027,7 +4027,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf) SSL_CTX_set_options(ctx, options); -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) if (global_ssl.async) mode |= SSL_MODE_ASYNC; #endif @@ -4039,7 +4039,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf) #ifdef OPENSSL_IS_BORINGSSL SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); -#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) +#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) if (bind_conf->ssl_conf.early_data) { SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite); @@ -4815,7 +4815,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv) options |= SSL_OP_NO_TICKET; SSL_CTX_set_options(ctx, options); -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) +#if (OPENSSL_VERSION_NUMBER >= 0x101fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) if (global_ssl.async) mode |= SSL_MODE_ASYNC; #endif @@ -5368,7 +5368,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) if (!conn->xprt_ctx) goto out_error; -#if OPENSSL_VERSION_NUMBER >= 0x10101000L +#if
Re: MEDIUM: Adding upstream socks4 proxy support
Hi Tim, Ic, let me resent it here, thank you. Hi List, Willy, I have the updated patch attached to this email, please help to review it. If you want to give it a try, you can use "ssh -D 1080 ..." to setup a quick socks4 tunnel proxy for testing. Thank you. Regards, Alexander Liu On Sat, Apr 27, 2019 at 5:55 PM Tim Düsterhus wrote: > > Alec, > > Am 27.04.19 um 11:39 schrieb Alec Liu: > > Got it, thank you. > > btw: I have the patch sent to the mail loop of the issue #82 already. > > please keep it on the list (in this specific thread). GitHub strips the > attachments and generally does not forward the emails unmodified. You > can see the result here: > https://github.com/haproxy/haproxy/issues/82#issuecomment-487271175 > > Best regards > Tim Düsterhus 0001-MEDIUM-connection-issue-82-Adding-upstream-socks4-pr.patch Description: Binary data
Re: MEDIUM: Adding upstream socks4 proxy support
Alec, Am 27.04.19 um 11:39 schrieb Alec Liu: > Got it, thank you. > btw: I have the patch sent to the mail loop of the issue #82 already. please keep it on the list (in this specific thread). GitHub strips the attachments and generally does not forward the emails unmodified. You can see the result here: https://github.com/haproxy/haproxy/issues/82#issuecomment-487271175 Best regards Tim Düsterhus
Re: MEDIUM: Adding upstream socks4 proxy support
Hi Tim, Got it, thank you. btw: I have the patch sent to the mail loop of the issue #82 already. Regards, Alexander Liu On Sat, Apr 27, 2019 at 5:21 PM Tim Düsterhus wrote: > > Alec, > > Am 27.04.19 um 08:54 schrieb Alec Liu: > > Thank you for the comment. I will have them fix. > > But I have a question, I am not sure which subsystem should I put it > > in? Looks like I have more than one subsystem touched. > > > > In my previous reply I suggested 'connection' which seems fitting. But > in the end I'm not the person applying the patch. Don't sweat it too > much though, Willy usually is happy to adjust small things if the patch > is fine in general. > > Best regards > Tim Düsterhus
Re: MEDIUM: Adding upstream socks4 proxy support
Hi Tim, Thank you for the comment. I will have them fix. But I have a question, I am not sure which subsystem should I put it in? Looks like I have more than one subsystem touched. Thank you. Regards, Alexander Liu On Sat, Apr 27, 2019 at 7:57 AM Tim Düsterhus wrote: > > Alec, > > Am 26.04.19 um 22:10 schrieb Alec Liu: > > Here is the patch for adding upstream socks4 proxy support. > > Please help to review it, thank you. > > > > I can't comment on the technical side, but a few comments on the > 'process' side: > > 1. You did not update the documentation yet (doc/configuration.txt) > 2. The subsystem is missing from your commit message. It probably should > be: MEDIUM: connection: Add socks4 support for upstream connections > 3. The two commits should be merged into a single one. > 4. Please mention the issue number in the commit message: 'See issue #82' > > Best regards > Tim Düsterhus