Re: Allow SSLProxy* config in context?

Rainer, There is a commercial apache-based reverse proxy in Switzerland (with substantial market share) which is able to use / create a client certificate _per_ session. So the client connects to the RP, performs authentication. When creating the session serverside, the RP creates a client cert

Re: Allow SSLProxy* config in context?

On 4/13/2016 2:22 PM, Rainer Jung wrote: > > We could pass the worker name from mod_proxy to mod_ssl via a > connection note, similar to currently already passing the SNI name via > the connection note proxy-request-hostname. +1 on the connection note idea, but see below about having to inform

Re: New segfault with 2.4.20 with mod_perl

I wrote the patch for ap_get_useragent_host, but am not familiar with the details of the report. Researching... On Wed, Apr 13, 2016 at 5:33 PM, Stefan Fritsch wrote: > Hi, > > I got a report about a new crash in mod_perl tests with 2.4.20: > > (gdb) bt > #0

New segfault with 2.4.20 with mod_perl

Hi, I got a report about a new crash in mod_perl tests with 2.4.20: (gdb) bt #0 apr_getnameinfo (hostname=hostname@entry=0x7fd4461ee368, sockaddr=0x0, flags=flags@entry=0) at /tmp/buildd/apr-1.5.2/network_io/unix/sockaddr.c:663 #1 0x55feaf0f513a in ap_get_useragent_host

Re: [Bug 53555] Scoreboard full error with event/ssl

On Monday 11 April 2016 18:12:43, Eric Covener wrote: > On Mon, Apr 11, 2016 at 4:59 PM, wrote: > > ServerLimit >= 10 * MaxRequestWorkers / ThreadsPerChild > > Hi Stefan -- I am curious -- prior to the recent patches, just > having the extra capacity in ServerLimit didn't

Re: allow newlines in T_ESCAPE_LOGITEM?

It's especially important when doing log processing on Apache Hadoop, if you give uncompressed text files as input files to a Hadoop job, it'd split large log files on newlines to be processed on multiple nodes. That split should be done on a record boundary. On Wed, Apr 13, 2016 at 5:16 PM,

Re: allow newlines in T_ESCAPE_LOGITEM?

On Wed, Apr 13, 2016 at 11:08 PM, Eric Covener wrote: > On Wed, Apr 13, 2016 at 5:05 PM, Daniel Lescohier > wrote: >> Isn't T_ESCAPE_LOGITEM also used by mod_log_config's use of >> ap_escape_logitem? We rely on the API that data from HTTP requests

Re: allow newlines in T_ESCAPE_LOGITEM?

Isn't T_ESCAPE_LOGITEM also used by mod_log_config's use of ap_escape_logitem? We rely on the API that data from HTTP requests that are logged in our mod_log_config logfiles are newline-escaped, so that one line in the logfile is parsed as one log entry. Our parsers first split on newline to get

Re: svn commit: r1732275 - in /httpd/httpd/branches/2.4.x: ./ include/ap_mmn.h include/http_connection.h include/scoreboard.h modules/generators/mod_status.c modules/ssl/ssl_engine_kernel.c server/con

The old behavior was expected, and very, very useful. It was made that way for a reason. +1 on reverting to old behavior... > On Apr 13, 2016, at 4:04 PM, Yann Ylavic wrote: > > On Thu, Feb 25, 2016 at 11:27 AM, wrote: >> Author: icing >> Date: Thu Feb

Re: svn commit: r1732275 - in /httpd/httpd/branches/2.4.x: ./ include/ap_mmn.h include/http_connection.h include/scoreboard.h modules/generators/mod_status.c modules/ssl/ssl_engine_kernel.c server/con

On Thu, Feb 25, 2016 at 11:27 AM, wrote: > Author: icing > Date: Thu Feb 25 10:27:27 2016 > New Revision: 1732275 > > URL: http://svn.apache.org/viewvc?rev=1732275=rev > Log: > merging pre_close_connection hook, prep_lingering_close and ap_update_child() > additions from trunk

allow newlines in T_ESCAPE_LOGITEM?

Currently newlines get backslash-escaped if written to the errorlog. This is via server/gen_test_char.c and stems from an ancient vuln about escape sequences in log files potentially affecting peoples terminals when cat'ed. On a few occasions I have worked with some libraries that return a

Re: Allow SSLProxy* config in context?

Am 13.04.2016 um 19:49 schrieb Rainer Jung: Am 13.04.2016 um 17:04 schrieb Graham Leggett: On 13 Apr 2016, at 12:40 PM, Rainer Jung wrote: I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both backends

Re: Allow SSLProxy* config in context?

Am 13.04.2016 um 17:04 schrieb Graham Leggett: On 13 Apr 2016, at 12:40 PM, Rainer Jung wrote: I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both backends demand client certs as becomes more and more

Re: Allow SSLProxy* config in context?

On 13 Apr 2016, at 12:40 PM, Rainer Jung wrote: > I stumbled into a situation where a reverse proxy had two different backends > behind the same VHost of the proxy. Both backends demand client certs as > becomes more and more common for services today. Unfortunately

Revision to Release Question (esp rev 1692258)

I need a change for httpd/mod_ssl that was committed to the project's source code repository back on 2015-07-22 ( https://svn.apache.org/viewvc?view=revision=1692258). I checked the source tarball for the most current release, httpd 2.4.20, downloaded from https://httpd.apache.org/download.cgi

Re: Allow SSLProxy* config in context?

> Am 13.04.2016 um 12:55 schrieb Yann Ylavic : > > On Wed, Apr 13, 2016 at 12:40 PM, Rainer Jung wrote: >> >> To me it looks like the "right" way of handling SSLProxy* config would be >> per . > > ++1 +1 > >> Did anyone else already encounter

Re: Allow SSLProxy* config in context?

On Wed, Apr 13, 2016 at 12:40 PM, Rainer Jung wrote: > > To me it looks like the "right" way of handling SSLProxy* config would be > per . ++1 > Did anyone else already encounter a similar problem? Any > thoughts or experiments on how to solve this for the future? Not

Allow SSLProxy* config in context?

I stumbled into a situation where a reverse proxy had two different backends behind the same VHost of the proxy. Both backends demand client certs as becomes more and more common for services today. Unfortunately the CA which issues the client certs in both cases is the same CA, but the