[PATCH] CI: dynamically determine actual h2spec version

2022-05-05 Thread Илья Шипицин 
Hi,

small improvement, no need to use hardcoded version.

Ilya
From e3e4f129c7d7a56955133a29bedced021bf624a6 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Thu, 5 May 2022 15:15:12 +0500
Subject: [PATCH] CI: dynamically determine actual version of h2spec

previously we used hardcoded h2spec version. let us switch to
the latest available
---
 .github/workflows/compliance.yml | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
index 1105abbf2..9d14ff57d 100644
--- a/.github/workflows/compliance.yml
+++ b/.github/workflows/compliance.yml
@@ -18,15 +18,16 @@ jobs:
 - TARGET: linux-glibc
   CC: gcc
   os: ubuntu-latest
-env:
-  H2SPEC_VERSION: '2.6.0'
 steps:
 - uses: actions/checkout@v3
 - name: Install h2spec
+  id: install-h2spec
   run: |
-curl -fsSL 
https://github.com/summerwind/h2spec/releases/download/v${H2SPEC_VERSION}/h2spec_linux_amd64.tar.gz
 -o h2spec.tar.gz
+H2SPEC_VERSION=`curl --silent 
"https://api.github.com/repos/summerwind/h2spec/releases/latest; | jq -r -j 
'.tag_name'`
+curl -fsSL 
https://github.com/summerwind/h2spec/releases/download/${H2SPEC_VERSION}/h2spec_linux_amd64.tar.gz
 -o h2spec.tar.gz
 tar xvf h2spec.tar.gz
 sudo install -m755 h2spec /usr/local/bin/h2spec
+echo "::set-output name=version::${H2SPEC_VERSION}"
 - name: Compile HAProxy with ${{ matrix.CC }}
   run: |
 make -j$(nproc) all \
@@ -52,5 +53,5 @@ jobs:
 echo "::set-output name=version::$(haproxy -v |awk 'NR==1{print $3}')"
 - name: Launch HAProxy ${{ steps.show-version.outputs.version }}
   run: haproxy -f .github/h2spec.config -D
-- name: Run h2spec
+- name: Run h2spec ${{ steps.install-h2spec.outputs.version }}
   run: h2spec -Svtk -h 127.0.0.1 -p 8443
-- 
2.35.3.windows.1

2.5: Possibility to upgrade http/1.0 clients to http/1.1?

2022-05-05 Thread Froehlich, Dominik 
Hello everyone,

We recently bumped our HAproxy deployment to 2.5 and are now getting hit by 
this fix:

MEDIUM: mux-h1: Reject HTTP/1.0 GET/HEAD/DELETE requests with a payload


http://git.haproxy.org/?p=haproxy-2.5.git;a=blob_plain;f=CHANGELOG

The issue is we have many legacy customers using very old systems and we can’t 
tell all of them to rewrite their clients to http/1.1.

I get the security fix to prevent request smuggling where some servers ignore 
the body and treat it as another request, I’m not arguing that.

However, I was wondering if it was possible to intercept HTTP/1.0 client 
requests and upgrade them to HTTP/1.1 without hitting the rejection code of the 
commit here: 
https://github.com/haproxy/haproxy/commit/e136bd12a32970bc90d862d5fe09ea1952b62974

This way we would not have to downgrade to HAproxy 2.4 again – which would be 
very unfortunate as we need many of the nice features of 2.5.


Thanks a lot!