Re: remoteip module - extended support in 2.4 branch

2018-01-12 Thread Marcin Giedz
Perhaps you're right but it really does what I want - at least on test . I did svn from trunk, complied this module and installed on latest 2.4.29. In my env we've got haproxy (pass-through) on the front side and then apaches terminating SSL. There is a need to record real IP address when

Re: remoteip module - extended support in 2.4 branch

2018-01-12 Thread William A Rowe Jr
You are confusing functionality. the remoteip evaluation happens after the proxy protocol endpoints are identified. PROXY is a connection-oriented change of the apparent request origin. The remoteip behavior is a request-oriented change of the apparent origin, and it can vary from request to

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Luca Toscano
2018-01-12 13:34 GMT+01:00 Ruediger Pluem : > > > On 01/12/2018 01:32 PM, Eric Covener wrote: > > On Fri, Jan 12, 2018 at 6:51 AM, Yann Ylavic > wrote: > >> A bit orthogonal, I'd also like to sync 2.4.x "event" with trunk's > >> w.r.t. cosmetic changes

Re: can we haz backports?

2018-01-12 Thread Jim Jagielski
Vetos must be justified... for solid, technical reasons. One cannot just cast a -1 vote because one doesn't like something. Way too often I see being blocking stuff instead of working to *unblock* stuff. > On Jan 12, 2018, at 6:32 AM, Steffen wrote: > > Now mod_md

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Jim Jagielski
> On Jan 12, 2018, at 7:32 AM, Eric Covener wrote: > > On Fri, Jan 12, 2018 at 6:51 AM, Yann Ylavic > wrote: >> A bit orthogonal, I'd also like to sync 2.4.x "event" with trunk's >> w.r.t. cosmetic changes before (and to

Re: can we haz backports?

2018-01-12 Thread Stefan Eissing
I try a high level, short summary of the current ACME "TLS-SNI" issue: 1. There are 3 basic ways to verify domain ownership: a) "http-01" on port 80 requests /.well-known/acme-challenge/ response: signed token as base64url b) "tls-sni-01" on port 443 client hello with SNI for

Re: can we haz backports?

2018-01-12 Thread Ruediger Pluem
On 01/12/2018 01:50 PM, Eric Covener wrote: > On Fri, Jan 12, 2018 at 7:38 AM, Steffen wrote: >> Yann: it is not working (anymore) when you have only port 443 open. >> Yann: I am/was testing in real live, no boulder. >> Eric: proposed change: to begin with warns/errors

Re: can we haz backports?

2018-01-12 Thread Eric Covener
> Generally, we don't use -1 for something like that. Although not all > -1's are actually "vetoes" -- it is still reserved for something > actively detrimental. Whoops, they are actuallt vetoes for code or backports.

Re: can we haz backports?

2018-01-12 Thread Eric Covener
On Fri, Jan 12, 2018 at 7:38 AM, Steffen wrote: > Yann: it is not working (anymore) when you have only port 443 open. > Yann: I am/was testing in real live, no boulder. > Eric: proposed change: to begin with warns/errors user > > I am talking about SSL configurations

Re: can we haz backports?

2018-01-12 Thread Steffen

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Eric Covener
> I don't mean to make it API, still a private (unix specific/common) > thing, something like "os/unix/unixd.c"'s non-AP_DECLARE things. seems like there should be no big surprises here with analogs like unixd, mpm_common, etc

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Ruediger Pluem
On 01/12/2018 01:32 PM, Eric Covener wrote: > On Fri, Jan 12, 2018 at 6:51 AM, Yann Ylavic wrote: >> A bit orthogonal, I'd also like to sync 2.4.x "event" with trunk's >> w.r.t. cosmetic changes before (and to help) further backport >> proposals. >> >> That's possibly

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Eric Covener
On Fri, Jan 12, 2018 at 6:51 AM, Yann Ylavic wrote: > A bit orthogonal, I'd also like to sync 2.4.x "event" with trunk's > w.r.t. cosmetic changes before (and to help) further backport > proposals. > > That's possibly something that'll help *us* for later backports, but >

Re: can we haz backports?

2018-01-12 Thread Yann Ylavic
On Fri, Jan 12, 2018 at 12:32 PM, Steffen wrote: > > Propose to change mod_md regarding above, now I vote -1. Could you please elaborate on what isn't working for Windows/you? Is it a general failure for Windows users or something that can be addressed as follow up? I

Re: can we haz backports?

2018-01-12 Thread Eric Covener
On Fri, Jan 12, 2018 at 6:14 AM, Stefan Eissing wrote: > Team, > > the frequency that people keep on asking me when ACME > support in Apache will be released is going up. For > this to happen, two backports need 1(!) more vote: > > 1. core/mod_ssl: Add new flag int

Re: can we haz backports?

2018-01-12 Thread Eric Covener
On Fri, Jan 12, 2018 at 6:32 AM, Steffen wrote: > Now mod_md contains features which are not supported anymore ! > > For SSL only config mod_md is not usable anymore, see >

Re: can we haz backports?

2018-01-12 Thread Stefan Eissing
> Am 12.01.2018 um 13:07 schrieb Yann Ylavic : > > On Fri, Jan 12, 2018 at 12:14 PM, Stefan Eissing > wrote: >> >> Is anyone planning to review this in the next days? > > I plan to do so, is there a strong need to own a domain for tesing or

Re: can we haz backports?

2018-01-12 Thread Yann Ylavic
On Fri, Jan 12, 2018 at 12:14 PM, Stefan Eissing wrote: > > Is anyone planning to review this in the next days? I plan to do so, is there a strong need to own a domain for tesing or can I use a "standalone" thingy (if that's ever relevant)?

Re: can we haz backports?

2018-01-12 Thread Yann Ylavic
On Fri, Jan 12, 2018 at 12:32 PM, Steffen wrote: > Now mod_md contains features which are not supported anymore ! > > For SSL only config mod_md is not usable anymore, see >

Re: can we haz backports?

2018-01-12 Thread Stefan Eissing
> Am 12.01.2018 um 12:32 schrieb Steffen : > > Now mod_md contains features which are not supported anymore ! > > For SSL only config mod_md is not usable anymore, see >

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Yann Ylavic
A bit orthogonal, I'd also like to sync 2.4.x "event" with trunk's w.r.t. cosmetic changes before (and to help) further backport proposals. That's possibly something that'll help *us* for later backports, but not necessarily distros with (security-)fixes only policy. Is that something we should

Re: can we haz backports?

2018-01-12 Thread Steffen
Now mod_md contains features which are not supported anymore ! For SSL only config mod_md is not usable anymore, see https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188 Propose to change mod_md regarding above, now I vote -1.

can we haz backports?

2018-01-12 Thread Stefan Eissing
Team, the frequency that people keep on asking me when ACME support in Apache will be released is going up. For this to happen, two backports need 1(!) more vote: 1. core/mod_ssl: Add new flag int to module struct. existing votes: icing, ylavic 2. mod_md: backport of ACME (Let's Encrypt)

Re: Align worker's worker's fdqueue with event's?

2018-01-12 Thread Yann Ylavic
On Thu, Jan 11, 2018 at 1:34 PM, Stefan Eissing wrote: >> Am 11.01.2018 um 13:02 schrieb Yann Ylavic : >> >> there a several optimizations and correctness fixes in event/fdqueue.c >> that don't land in worker/fdqueue.c. [] > If we had a single,