Re: Httpd security reveals

On Mon, Jan 2, 2017 at 11:49 PM, Eric Covener wrote: > On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr > wrote: >> So, Jacob and I... He did most of the grunt work, I only pushed off the >> underlying premise... Have a very very long list of real and

Re: Httpd security reveals

On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr wrote: > So, Jacob and I... He did most of the grunt work, I only pushed off the > underlying premise... Have a very very long list of real and potential > security patches. > > I am asking publicly of (often obstanant) httpd

Httpd security reveals

So, Jacob and I... He did most of the grunt work, I only pushed off the underlying premise... Have a very very long list of real and potential security patches. I am asking publicly of (often obstanant) httpd pmc folks, do we proceed without a 2.2 mitigation? Those in the know, already know.

[proposed] 2.4 Maintenance SIG

So far, discussions are polarized on a single axis... East: Let's work on 3.0; whatever is going on in 2.4 won't distract me, I won't spend time reviewing enhancements, because 3.0 is the goal. West: Let's keep the energy going on 2.4 enhancements, I won't spend time on 3.0 usability because it

Re: HTTP/2 frame prioritization not honored

Thanks Stefan! I just tried the tweaked version. I think I am seeing similar behavior, i.e. the higher-prio HTML reply is sent ~500ms after its request is received, writing ~500 lower-prio DATA frames (~7.5MB) in the meantime. Before any conclusions, I wanted to make sure I compiled/used the

Re: ERR_SPDY_PROTOCOL_ERROR - additional info

On 2017-01-02 10:50, Stefan Eissing wrote: > Are these public facing servers? Do you have low traffic instances where to > enable super-verbose log level and make a test request? Of interest would be Yes, they are and that's why I had to fix the issue right away. I deactivated h2 so that people

Re: Automated tests

Luca Toscano wrote on Mon, Jan 02, 2017 at 15:51:43 +0100: > I don't have a wide experience on build httpd on systems different than > Debian/Ubuntu, so any help/suggestion/pointer would help a lot (for > example, building on Windows). I wouldn't worry about that just yet. Start by having only

Re: ERR_SPDY_PROTOCOL_ERROR - additional info

Are these public facing servers? Do you have low traffic instances where to enable super-verbose log level and make a test request? Of interest would be LogLevel http2:trace2 LogLevel ssl:trace2 LogLevel core:debug That log should then give an idea of what is going on. Thanks. -Stefan > Am

Re: ERR_SPDY_PROTOCOL_ERROR - additional info

On 2017-01-02 04:58, Stefan Eissing wrote: > You get the errors using Chrome? What does Firefox say? On Firefox I only got some unspecified error (the page was not rendered). That's why I switched to Chrome to get at least some info. > There is one new feature in 2.4.25, off by default, that

Re: Automated tests

Hi Stefan, 2016-12-30 23:55 GMT+01:00 Stefan Fritsch : > > > Another thing that is missing: A buildbot that builds current trunk (and > possibly 2.x branches) and runs the test suite and alerts the dev list of > regressions. I guess this "just" needs a volunteer to set it up and

Re: About httpd project

Hi Amol, 2017-01-01 19:42 GMT+01:00 Amol Holani : > Hi, > I want to work on this project. > The subtask - Improve the Request Processing guide. > But I am beginner in this area, so please guide me in proceeding with the > project. > > please check [1], in which a similar

Configuration of trusted OCSP responder certificates

Hi devs, I'd like to enquire about the possibilities to merge the patch to support configuring trusted OCSP responder certificates. We need this change in order to be able to use OCSP with client certificate authentication. The patch is in https://bz.apache.org/bugzilla/show_bug.cgi?id=46037

Re: ERR_SPDY_PROTOCOL_ERROR - additional info

You get the errors using Chrome? What does Firefox say? There is one new feature in 2.4.25, off by default, that causes such errors with Chrome. The Chrome bug report has status "fixed", not sure when it will be released (https://bugs.chromium.org/p/chromium/issues/detail?id=662197). As I