Nobody else seems to have responded, so here's a ++1!
Good forward progress, and I'll offer a complimentary 2.2 release in
tandem to keep people in sync with regression fixes and security
questions.
On Tue, Feb 4, 2014 at 7:58 AM, Jim Jagielski j...@jagunet.com wrote:
I'd like to TR and release
With no objection, I will tag and roll 2.2 branch for release a week
from Friday, with the intent to announce both the proper 2.4 'current'
and the 2.2 'legacy' at the same time in tandem with Jim's efforts.
We obviously need to clean up the TLS/hostname mess we've left for the
2.2.26 adopters,
On Thu, Feb 20, 2014 at 1:50 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
There is no embedded. httpd-2.2 included apr, apr-util. httpd-2.4 by
vote of the PMC excluded apr, apr-util, so you might be imagining
Sorry, sloppy terminology: I built httpd with apr and apr-util inside
its tree,
Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
I believe that Kaspar and Ruediger are still entirely at odds with my
position, but this 'enhancement' should never have been unilaterally
applied as it was to 2.2.26 and must be reverted (even as the feature
is 'fixed' with
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
0x08078a32 in update_child_status_internal ()
(gdb) where
#0 0x08078a32 in update_child_status_internal ()
#1 0x0809952d in
On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja pa...@netsafe.cz wrote:
Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
I believe that Kaspar and Ruediger are still entirely at odds with my
position, but this 'enhancement' should never have been unilaterally
applied as it was to
Dne Čt 20. února 2014 08:13:13, Eric Covener napsal(a):
On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja pa...@netsafe.cz wrote:
Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
I believe that Kaspar and Ruediger are still entirely at odds with my
position, but this 'enhancement'
mod_ssl won't fill in the SNI if it's an IP address, the check is not
in mod_proxy_http but in ssl_io_filter_connect() :
if (hostname_note
sc-proxy-protocol != SSL_PROTOCOL_SSLV2
sc-proxy-protocol != SSL_PROTOCOL_SSLV3
apr_ipsubnet_create(ip,
Dne Čt 20. února 2014 15:00:05, Yann Ylavic napsal(a):
mod_ssl won't fill in the SNI if it's an IP address, the check is not
in mod_proxy_http but in ssl_io_filter_connect() :
if (hostname_note
sc-proxy-protocol != SSL_PROTOCOL_SSLV2
sc-proxy-protocol !=
Please post the full details in a bug report
It's qute simple.
I meant the full details (config, logs, etc) in bugzilla.
https://issues.apache.org/bugzilla/
Anyone?
The doc build tools are confused as well ;-)
nd
On Sunday 16 February 2014 15:58:18 André Malo wrote:
Hi there,
We do have one duplicate directive in our tree: HeartbeatStorage (defined
in mod_lbmethod_heartbeat.c and mod_heartmonitor.c)
I find this confusing. How does it work?
On Thu, Feb 20, 2014 at 10:04 AM, André Malo n...@perlig.de wrote:
Anyone?
The doc build tools are confused as well ;-)
nd
On Sunday 16 February 2014 15:58:18 André Malo wrote:
Hi there,
We do have one duplicate directive in our tree: HeartbeatStorage (defined
in
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
0x08078a32 in update_child_status_internal ()
(gdb) where
#0 0x08078a32 in
On Thu, Feb 20, 2014 at 10:23 AM, Joe Orton jor...@redhat.com wrote:
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
There seem to be different questions in this thread regarding SNI.
Maybe we can enumerate them first to see what's going on (at least I need to)
1. What should the client-provided SNI be checked against?
1.1. for server or proxy-reverse
1.2. for proxy-forward/CONNECT
Possibilities are :
1.a.
On Thu, Feb 20, 2014 at 6:35 AM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Feb 20, 2014 at 1:50 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
There is no embedded. httpd-2.2 included apr, apr-util. httpd-2.4 by
vote of the PMC excluded apr, apr-util, so you might be imagining
Seems to me that they could also use that slave connection
just added to trunk ;)
That's 2 useful modules (mod_spdy and wsgi) that provide
some clues on what's needed to break out connections
from requests.
PS: An mpm should also provide an API to spin-out a thread...
On Feb 20, 2014, at 10:23
Output from ldd /user/local/bin/httpd ?
mod_ssl and aprutil-1.so aught to have the right rpath to resolve. One of
your other libs is bound to openssl, as I warned you before about
libldap/lber.
On Thu, Feb 20, 2014 at 10:23 AM, Joe Orton jor...@redhat.com wrote:
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
Hi,
you missed the possibility when client goes to numeric IP
(https://1.2.3.4/) in reverse proxy configuration.
In such case you don't have useable 1.a, 1.b, 2.b nor 2.c. so there
should be 2.d. ServerName.
In 3. you have to check backend CN against proxy VirualServer's
ServerName in such
That looks like an *old* diff/patch, fwiw.
On Feb 20, 2014, at 10:23 AM, Joe Orton jor...@redhat.com wrote:
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to
On Thu, Feb 20, 2014 at 11:45 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
Output from ldd /user/local/bin/httpd ?
linux-gate.so.1 = (0xb77a9000)
libpcre.so.1 = /usr/local/lib/libpcre.so.1 (0xb7782000)
libaprutil-1.so.0 = /usr/local/apache2/lib/libaprutil-1.so.0 (0xb775c000)
libexpat.so.1 =
On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja pa...@netsafe.cz wrote:
Hi,
you missed the possibility when client goes to numeric IP (https://1.2.3.4/)
in reverse proxy configuration.
In such case you don't have useable 1.a, 1.b, 2.b nor 2.c. so there should
be 2.d. ServerName.
IMHO in this
Dne 20.2.2014 19:18, Yann Ylavic napsal(a):
On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja pa...@netsafe.cz wrote:
Hi,
you missed the possibility when client goes to numeric IP (https://1.2.3.4/)
in reverse proxy configuration.
In such case you don't have useable 1.a, 1.b, 2.b nor 2.c. so there
On Thu, Feb 20, 2014 at 1:04 PM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Feb 20, 2014 at 11:45 AM, William A. Rowe Jr. wmr...@gmail.com
wrote:
Output from ldd /user/local/bin/httpd ?
My system is up and running and serving https using the system openssl library.
I would like to use
Date: Thu, 20 Feb 2014 07:35:01 +0100
That's part of the mod_ssl backport proposal currently in 2.4.x/STATUS.
(A previous version had a vote from jorton, but I'm not sure if he's
willing to refresh that... perhaps people feel uneasy with getting this
into 2.4.8? A third vote would be needed
On 21 February 2014 02:23, Joe Orton jor...@redhat.com wrote:
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
0x08078a32 in
Maybe what you need is a new ProxyPreserveHost on/off/canon option so
that mod_proxy uses the ServerName to fill in the Host header (hence
the SNI and the proxy-request-hostname note checked later by mod_ssl
against the CN).
I may be misguided but I see some relation between UseCanonicalName
and
28 matches
Mail list logo
