On Feb 16, 2017 17:33, "Jacob Champion" wrote:
On 02/16/2017 03:16 PM, William A Rowe Jr wrote:
> With no docs to that effect, and trying to predict what 1.2.0 might do
> to us, the explicit avoidance seems safer, no?
>
There are docs to that effect for 1.1.0.
On Fri, Feb 17, 2017 at 12:18 AM, William A Rowe Jr wrote:
> On Thu, Feb 16, 2017 at 4:45 PM, Yann Ylavic wrote:
>>
>> Shouldn't this commit (and follow ups) be merged in
>> branches/2.4.x-openssl-1.1.0-compat ?
>
> Yes; however it isn't clear to me
With the passing of OpenSSL 1.0.1, is OpenSSL 1.1.0 on our radar for the
next release?
I'm not clear how that merge branch is intended to be used, I'm don't
understand whether we propose to adopt every feature and API change commit
to modules/ssl/* - and why it has been rebased, unless we intend
On 02/16/2017 03:16 PM, William A Rowe Jr wrote:
With no docs to that effect, and trying to predict what 1.2.0 might do
to us, the explicit avoidance seems safer, no?
There are docs to that effect for 1.1.0.
https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_free.html
On Thu, Feb 16, 2017 at 4:39 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 11:33 PM, Yann Ylavic wrote:
>> On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr
>> wrote:
>>> I'm not clear that this was a good usage of the
On Thu, Feb 16, 2017 at 4:45 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 10:26 PM, wrote:
>> Author: wrowe
>> Date: Thu Feb 16 21:26:34 2017
>> New Revision: 1783305
>>
>> URL: http://svn.apache.org/viewvc?rev=1783305=rev
>> Log:
>> Fix OpenSSL 1.1.0
On Thu, Feb 16, 2017 at 4:48 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 11:27 PM, wrote:
>> Author: wrowe
>> Date: Thu Feb 16 22:27:24 2017
>> New Revision: 1783317
>>
>> URL: http://svn.apache.org/viewvc?rev=1783317=rev
>> Log:
>> Avoid unnecessary
On Thu, Feb 16, 2017 at 10:51 PM, Jacob Champion wrote:
> On 02/16/2017 02:49 AM, Yann Ylavic wrote:
>>
>> +#define FILE_BUCKET_BUFF_SIZE (64 * 1024 - 64) /* > APR_BUCKET_BUFF_SIZE
>> */
>
>
> So, I had already hacked my O_DIRECT bucket case to just be a copy of APR's
> file
On Thu, Feb 16, 2017 at 11:27 PM, wrote:
> Author: wrowe
> Date: Thu Feb 16 22:27:24 2017
> New Revision: 1783317
>
> URL: http://svn.apache.org/viewvc?rev=1783317=rev
> Log:
> Avoid unnecessary code (the deprecation macro wrapper itself emits unused args
> warnings) in OpenSSL
On Thu, Feb 16, 2017 at 10:26 PM, wrote:
> Author: wrowe
> Date: Thu Feb 16 21:26:34 2017
> New Revision: 1783305
>
> URL: http://svn.apache.org/viewvc?rev=1783305=rev
> Log:
> Fix OpenSSL 1.1.0 breakage in r1781575; BIO_s_file_internal() is gone.
Shouldn't this commit (and
On Thu, Feb 16, 2017 at 11:33 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr
> wrote:
>> I'm not clear that this was a good usage of the current API...
>>
>> In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0,
On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr wrote:
> I'm not clear that this was a good usage of the current API...
>
> In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0,
> from httpd-2.x/modules/ssl/ssl_engine_init.c:29:
>
Funny you mention it. Nginx had it first anyways, and was (perhaps still
is) using the deprecated API that dies with libbrotli rev 1.0.0 - part of
that delay might have been affording ngnix a chance to adapt. Versioning
their installed library should allow both to be installed at once.
So...
On Mon, Jan 16, 2017 at 2:28 PM, Evgeny Kotkov
wrote:
>
> There is, however, a potential problem with backporting mod_brotli, since
> it relies on the Brotli library 1.0.0, which has not yet been released.
> In other words, if the upstream changes the API or the
On Thu, Feb 16, 2017 at 2:27 PM, Evgeny Kotkov
wrote:
> William A Rowe Jr writes:
>
>> My open questions; has this been entirely reviewed in conjunction with h2?
>> Will A-E: br,gzip,deflate axe all others from that list when deciding to
>>
On 02/16/2017 01:52 PM, William A Rowe Jr wrote:
This looks like a no-op now in OpenSSL 1.1.0.
https://github.com/openssl/openssl/issues/1437 seems to explain it.
--Jacob
I'm not clear that this was a good usage of the current API...
In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0,
from httpd-2.x/modules/ssl/ssl_engine_init.c:29:
httpd-2.x/modules/ssl/ssl_engine_init.c: In function ‘ssl_init_server_certs’:
On 02/16/2017 02:49 AM, Yann Ylavic wrote:
+#define FILE_BUCKET_BUFF_SIZE (64 * 1024 - 64) /* > APR_BUCKET_BUFF_SIZE */
So, I had already hacked my O_DIRECT bucket case to just be a copy of
APR's file bucket, minus the mmap() logic. I tried making this change on
top of it...
...and holy
William A Rowe Jr writes:
> My open questions; has this been entirely reviewed in conjunction with h2?
> Will A-E: br,gzip,deflate axe all others from that list when deciding to
> enable brotli? (I presume not-yet.) Will gzip filter work where A-E: gzip was
> given without
Whatever... nginx will have it 1st anyway. And once
again we fail our users by having a nickel holding up
a dollar.
> On Feb 16, 2017, at 2:48 PM, William A Rowe Jr wrote:
>
> On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>>
>>> On Feb 16, 2017,
On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>
>> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr wrote:
>>
>>
>> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate
>> before adding this to httpd 2.4.x - so far as I've read
On Thu, Feb 16, 2017 at 2:16 PM, Stefan Eissing
wrote:
> I will sleep soundly then. Thanks a lot! :)
Thanks to both of you for your persistence!
--
Eric Covener
cove...@gmail.com
> Am 16.02.2017 um 19:51 schrieb Stefan Priebe - Profihost AG
> :
>
> Hi,
>
> Am 16.02.2017 um 11:39 schrieb Stefan Eissing:
>>
>>> Am 15.02.2017 um 20:53 schrieb Stefan Priebe - Profihost AG
>>> :
>>>
>>> Hi,
>>>
>>> still no segfaults.
>>
>>
Hi,
Am 16.02.2017 um 11:39 schrieb Stefan Eissing:
>
>> Am 15.02.2017 um 20:53 schrieb Stefan Priebe - Profihost AG
>> :
>>
>> Hi,
>>
>> still no segfaults.
>
> My heart sings with joy. Can you keep on sending that message every morning?
> thanks!
I've no time tomorrow
> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr wrote:
>
>
> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate
> before adding this to httpd 2.4.x - so far as I've read none have suggested
> this as an experimental addition to 2.4.
>
I do. We
On 02/16/2017 02:48 AM, Niklas Edmundsson wrote:
While I applaud the efforts to get https to behave performance-wise I
would hate for http to be left out of being able to do top-notch on
latest networking :-)
My intent in focusing there was to discover why disabling mmap() seemed
to be
To close up some loose ends/confusion;
On Mon, Jan 16, 2017 at 6:42 PM, Jacob Champion wrote:
> On 01/16/2017 04:06 PM, William A Rowe Jr wrote:
>>
>> Before we push this at users.. is there a concern that brotoli
>> compression has similar dictionary or simply size based
On 02/16/2017 03:41 AM, Yann Ylavic wrote:
I can't reproduce it anymore, somehow I failed with my restarts
between EnableMMap on=>off.
Sorry for the noise...
This is suspiciously similar to what I've been fighting the last three days.
It's still entirely possible that you and I both messed up
Would be nice, I think, to start discussion on a T of 2.4.26 and
to open the doors to who wants to RM. Note, that if *nobody*
offers to RM, I will... and no matter what, I offer to help
whoever wishes to RM.
> On Feb 15, 2017, at 7:07 AM, Yann Ylavic wrote:
>
> On Mon, Feb 13, 2017 at 10:00 PM, wrote:
>> Author: icing
>> Date: Mon Feb 13 21:00:30 2017
>> New Revision: 1782875
>>
>> URL: http://svn.apache.org/viewvc?rev=1782875=rev
>> Log:
>> On the trunk:
On Thu, Feb 16, 2017 at 11:41 AM, Plüm, Rüdiger, Vodafone Group
wrote:
>
>> -Ursprüngliche Nachricht-
>> Von: Yann Ylavic [mailto:ylavic@gmail.com]
>> Gesendet: Donnerstag, 16. Februar 2017 11:35
>> An: httpd-dev
>> Betreff: Re:
On Thu, Feb 16, 2017 at 11:48 AM, Niklas Edmundsson wrote:
> On Thu, 16 Feb 2017, Yann Ylavic wrote:
>
>> Here are some SSL/core_write outputs (sizes) for me, with 2.4.x.
>> This is with a GET for a 2MB file, on localhost...
>>
>> Please note that "EnableMMap on" avoids
On Thu, Feb 16, 2017 at 11:48 AM, Niklas Edmundsson wrote:
> On Thu, 16 Feb 2017, Yann Ylavic wrote:
>
>> Here are some SSL/core_write outputs (sizes) for me, with 2.4.x.
>> This is with a GET for a 2MB file, on localhost...
>>
>> Please note that "EnableMMap on" avoids
On Thu, Feb 16, 2017 at 11:01 AM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 10:49 AM, Yann Ylavic wrote:
>>
>> - http + !EnableMMap + !EnableSendfile => 125KB writes
>
> This is due to MAX_IOVEC_TO_WRITE being 16 in
> send_brigade_nonblocking(),
On Thu, 16 Feb 2017, Yann Ylavic wrote:
Here are some SSL/core_write outputs (sizes) for me, with 2.4.x.
This is with a GET for a 2MB file, on localhost...
Please note that "EnableMMap on" avoids EnableSendfile (i.e.
"EnableMMap on" => "EnableSendfile off"), which is relevant only in
the http
> -Ursprüngliche Nachricht-
> Von: Yann Ylavic [mailto:ylavic@gmail.com]
> Gesendet: Donnerstag, 16. Februar 2017 11:35
> An: httpd-dev
> Betreff: Re: httpd 2.4.25, mpm_event, ssl: segfaults
>
> On Thu, Feb 16, 2017 at 11:20 AM, Plüm, Rüdiger, Vodafone Group
>
> Am 15.02.2017 um 20:53 schrieb Stefan Priebe - Profihost AG
> :
>
> Hi,
>
> still no segfaults.
My heart sings with joy. Can you keep on sending that message every morning?
thanks!
>
> @Yann
> Are those patches (the addon on top of v7) and the one on top of mod_ssl
Is this the same as https://github.com/icing/mod_h2/issues/124 ?
It seems that the ProxyPreserveHost is not (correctly) implemented.
> Am 16.02.2017 um 10:42 schrieb Steffen :
>
>
> Have an Apache ssl only in front of an Apache on port 80 with several vhosts.
>
> In
On Thu, Feb 16, 2017 at 11:20 AM, Plüm, Rüdiger, Vodafone Group
wrote:
>>
>> Please note that "EnableMMap on" avoids EnableSendfile (i.e.
>> "EnableMMap on" => "EnableSendfile off")
>
> Just for clarification: If you placed EnableMMap on in your test
> configuration
> -Ursprüngliche Nachricht-
> Von: Yann Ylavic [mailto:ylavic@gmail.com]
> Gesendet: Donnerstag, 16. Februar 2017 10:49
> An: httpd-dev
> Betreff: Re: httpd 2.4.25, mpm_event, ssl: segfaults
>
> Here are some SSL/core_write outputs (sizes) for me, with 2.4.x.
On Thu, Feb 16, 2017 at 10:49 AM, Yann Ylavic wrote:
>
> - http + !EnableMMap + !EnableSendfile => 125KB writes
This is due to MAX_IOVEC_TO_WRITE being 16 in
send_brigade_nonblocking(), 125KB is 16 * 8000B.
So playing with MAX_IOVEC_TO_WRITE might also be worth a try for
Here are some SSL/core_write outputs (sizes) for me, with 2.4.x.
This is with a GET for a 2MB file, on localhost...
Please note that "EnableMMap on" avoids EnableSendfile (i.e.
"EnableMMap on" => "EnableSendfile off"), which is relevant only in
the http (non-ssl) case anyway.
Outputs (and the
Have an Apache ssl only in front of an Apache on port 80 with several
vhosts.
In front have:
ProtocolsHonorOrder On
Protocols h2 http/1.1
LoadModule http2_module modules/mod_http2.so
ProxyPass / http://127.0.0.1:80/
ProxyPassReverse / http://127.0.0.1:80/
In backend have:
Not at my comp, but the mod_http2 output has special handling for file buckts.
Because apr_buckt_read returns a max of 8k and splits itself. It instead grabs
the file and reads the size it needs, if memory serves me well.
I assume when it's mmapped it does not make much of a difference.
> Am
44 matches
Mail list logo