Re: [VOTE] Release Apache httpd 2.4.9 as GA
On Thu, Mar 13, 2014 at 5:49 PM, Jim Jagielski wrote: > I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. > > [X] +1: Good to go Debian GNU/Linux 6.0 (squeeze) + libssl-0.9.8o-4squeeze14 Debian GNU/Linux 7.0 (wheezy) + libssl-1.0.1e-2+deb7u4 Debian GNU/Linux 7.0 (wheezy) + openssl-1.0.2-beta2-dev > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why.
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On 15.03.2014 17:25, Rainer Jung wrote: > On 15.03.2014 14:45, Jim Jagielski wrote: >> What platform? I'll try to recreate... > > Solaris 10 Sparc. > > I used the latest and greatest for test framework, Perl 5.18.2 and > needed Per modules build from scratch. Also OpenSSL 1.0.1f. > > For the Linux platforms I used an older stack and there I don't get the > failures. Unfortunately I'm a bit limited on time during this weekend to > narrow down the root cause (test framework, OpenSSL, httpd) on the > failing platform. Looks like it is working with older Perl+Perl modules+OpenSSL even when using newest test framework plus OpenSSL in server. So probably not a regression, but a change in Perl+Perl modules+OpenSSL. Regards, Rainer >> On Mar 14, 2014, at 2:13 PM, Rainer Jung wrote: >> >>> On 13.03.2014 17:49, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.9 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. NOTE: The *-deps are only there for convenience. >>> >>> I get some test failures: >>> >>> t/ssl/pr12355.t (Wstat: 0 Tests: 10 Failed: 4) >>> Failed tests: 3-4, 7-8 >>> t/ssl/pr43738.t (Wstat: 0 Tests: 4 Failed: 2) >>> Failed tests: 1-2 >>> >>> They happen during renegotiation. All parts should be using OpenSSL >>> 1.0.1f. The requests end up with status 403 instead of 200. >>> >>> trace log: >>> >>> ssl_engine_kernel.c(778): AH02260: Performing full renegotiation: >>> complete handshake protocol (client does support secure renegotiation) >>> ssl_engine_kernel.c(1801): OpenSSL: Handshake: start >>> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSL renegotiate ciphers >>> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request A >>> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >>> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 flush data >>> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request C >>> [client 127.0.0.1:39714] AH02226: Awaiting re-negotiation handshake >>> ssl_engine_kernel.c(1801): OpenSSL: Handshake: start >>> ssl_engine_kernel.c(1809): OpenSSL: Loop: before accept initialization >>> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >>> ssl_engine_io.c(2039): OpenSSL: read 5/5 bytes from BIO#2a75a8 [mem: >>> 2aeb5b] (BIO dump follows) >>> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >>> ssl_engine_io.c(2039): OpenSSL: read 458/458 bytes from BIO#2a75a8 [mem: >>> 2aeb60] (BIO dump follows) >>> ssl_engine_kernel.c(1920): AH02043: SSL virtual host for servername >>> localhost found >>> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >>> ssl_engine_kernel.c(1819): OpenSSL: Write: SSLv3 read client hello C >>> ssl_engine_kernel.c(1838): OpenSSL: Exit: error in SSLv3 read client hello C >>> [client 127.0.0.1:39714] AH02261: Re-negotiation handshake failed: Not >>> accepted by client!? >>> >>> More complete log under >>> >>> http://people.apache.org/~rjung/renegotitation-failure-2.4.9.txt >>> >>> Regards, >>> >>> Rainer
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On Mar 15, 2014, at 12:25 PM, Rainer Jung wrote: > On 15.03.2014 14:45, Jim Jagielski wrote: >> What platform? I'll try to recreate... > > Solaris 10 Sparc. > I haven't had access to a Sparc for many many many moons.
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On 15.03.2014 14:45, Jim Jagielski wrote: > What platform? I'll try to recreate... Solaris 10 Sparc. I used the latest and greatest for test framework, Perl 5.18.2 and needed Per modules build from scratch. Also OpenSSL 1.0.1f. For the Linux platforms I used an older stack and there I don't get the failures. Unfortunately I'm a bit limited on time during this weekend to narrow down the root cause (test framework, OpenSSL, httpd) on the failing platform. Regards, Rainer > On Mar 14, 2014, at 2:13 PM, Rainer Jung wrote: > >> On 13.03.2014 17:49, Jim Jagielski wrote: >>> The pre-release test tarballs for Apache httpd 2.4.9 can be found >>> at the usual place: >>> >>> http://httpd.apache.org/dev/dist/ >>> >>> I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. >>> >>> [ ] +1: Good to go >>> [ ] +0: meh >>> [ ] -1: Danger Will Robinson. And why. >>> >>> Vote will last the normal 72 hrs. >>> >>> NOTE: The *-deps are only there for convenience. >> >> I get some test failures: >> >> t/ssl/pr12355.t (Wstat: 0 Tests: 10 Failed: 4) >> Failed tests: 3-4, 7-8 >> t/ssl/pr43738.t (Wstat: 0 Tests: 4 Failed: 2) >> Failed tests: 1-2 >> >> They happen during renegotiation. All parts should be using OpenSSL >> 1.0.1f. The requests end up with status 403 instead of 200. >> >> trace log: >> >> ssl_engine_kernel.c(778): AH02260: Performing full renegotiation: >> complete handshake protocol (client does support secure renegotiation) >> ssl_engine_kernel.c(1801): OpenSSL: Handshake: start >> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSL renegotiate ciphers >> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request A >> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 flush data >> ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request C >> [client 127.0.0.1:39714] AH02226: Awaiting re-negotiation handshake >> ssl_engine_kernel.c(1801): OpenSSL: Handshake: start >> ssl_engine_kernel.c(1809): OpenSSL: Loop: before accept initialization >> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >> ssl_engine_io.c(2039): OpenSSL: read 5/5 bytes from BIO#2a75a8 [mem: >> 2aeb5b] (BIO dump follows) >> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >> ssl_engine_io.c(2039): OpenSSL: read 458/458 bytes from BIO#2a75a8 [mem: >> 2aeb60] (BIO dump follows) >> ssl_engine_kernel.c(1920): AH02043: SSL virtual host for servername >> localhost found >> core_filters.c(525): core_output_filter: flushing because of FLUSH bucket >> ssl_engine_kernel.c(1819): OpenSSL: Write: SSLv3 read client hello C >> ssl_engine_kernel.c(1838): OpenSSL: Exit: error in SSLv3 read client hello C >> [client 127.0.0.1:39714] AH02261: Re-negotiation handshake failed: Not >> accepted by client!? >> >> More complete log under >> >> http://people.apache.org/~rjung/renegotitation-failure-2.4.9.txt >> >> Regards, >> >> Rainer
Re: [VOTE] Release Apache httpd 2.4.9 as GA
What platform? I'll try to recreate... On Mar 14, 2014, at 2:13 PM, Rainer Jung wrote: > On 13.03.2014 17:49, Jim Jagielski wrote: >> The pre-release test tarballs for Apache httpd 2.4.9 can be found >> at the usual place: >> >> http://httpd.apache.org/dev/dist/ >> >> I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. >> >> [ ] +1: Good to go >> [ ] +0: meh >> [ ] -1: Danger Will Robinson. And why. >> >> Vote will last the normal 72 hrs. >> >> NOTE: The *-deps are only there for convenience. > > I get some test failures: > > t/ssl/pr12355.t (Wstat: 0 Tests: 10 Failed: 4) > Failed tests: 3-4, 7-8 > t/ssl/pr43738.t (Wstat: 0 Tests: 4 Failed: 2) > Failed tests: 1-2 > > They happen during renegotiation. All parts should be using OpenSSL > 1.0.1f. The requests end up with status 403 instead of 200. > > trace log: > > ssl_engine_kernel.c(778): AH02260: Performing full renegotiation: > complete handshake protocol (client does support secure renegotiation) > ssl_engine_kernel.c(1801): OpenSSL: Handshake: start > ssl_engine_kernel.c(1809): OpenSSL: Loop: SSL renegotiate ciphers > ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request A > core_filters.c(525): core_output_filter: flushing because of FLUSH bucket > ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 flush data > ssl_engine_kernel.c(1809): OpenSSL: Loop: SSLv3 write hello request C > [client 127.0.0.1:39714] AH02226: Awaiting re-negotiation handshake > ssl_engine_kernel.c(1801): OpenSSL: Handshake: start > ssl_engine_kernel.c(1809): OpenSSL: Loop: before accept initialization > core_filters.c(525): core_output_filter: flushing because of FLUSH bucket > ssl_engine_io.c(2039): OpenSSL: read 5/5 bytes from BIO#2a75a8 [mem: > 2aeb5b] (BIO dump follows) > core_filters.c(525): core_output_filter: flushing because of FLUSH bucket > ssl_engine_io.c(2039): OpenSSL: read 458/458 bytes from BIO#2a75a8 [mem: > 2aeb60] (BIO dump follows) > ssl_engine_kernel.c(1920): AH02043: SSL virtual host for servername > localhost found > core_filters.c(525): core_output_filter: flushing because of FLUSH bucket > ssl_engine_kernel.c(1819): OpenSSL: Write: SSLv3 read client hello C > ssl_engine_kernel.c(1838): OpenSSL: Exit: error in SSLv3 read client hello C > [client 127.0.0.1:39714] AH02261: Re-negotiation handshake failed: Not > accepted by client!? > > More complete log under > > http://people.apache.org/~rjung/renegotitation-failure-2.4.9.txt > > Regards, > > Rainer >
Re: Rich is looking for a substitute httpd talk for Denver
For me, the issue is that I'm flying out Thurs am. On Mar 14, 2014, at 4:15 PM, Rich Bowen wrote: > So, looks like we'll just leave that one slot empty in the httpd track, or > fill it with something off-topic. > > Unless ... last ditch effort here - if anyone would like to do a "what's > coming in 2.6" kind of discussion, that could be a way to fill the space. But > I'm reluctant to just fill the space to fill the space. > > --Rich > > -- > Rich Bowen - rbo...@rcbowen.com - @rbowen > http://apachecon.com/ - @apachecon >
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On Thu, Mar 13, 2014 at 12:49 PM, Jim Jagielski wrote: > The pre-release test tarballs for Apache httpd 2.4.9 can be found > at the usual place: > > http://httpd.apache.org/dev/dist/ > > I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. > > [ ] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. +1 AIX 7.1 / xlc / ppc64, 100% test framework. (For posterity: I built on a new system and had a minor issue with autoconf and third-party openssl, but for a platform like AIX this is par for the course. PR56270)
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On Thursday 13/03/2014 at 17:49, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.9 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. NOTE: The *-deps are only there for convenience. Good to go on Windows. Detail: Add a note in httpd-ssl.conf about the now depreciated SSLCertificateChainFile
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On 13.03.2014 17:49, Jim Jagielski wrote: > I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. > > [ ] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. +1. Perl framework tests run with mod_ssl compiled against OpenSSL 0.9.8y, 1.0.0k, 1.0.1c, 1.0.1e, 1.0.1f and (today's state of) 1.0.2-beta2-dev, no unexpected failures/regressions. Kaspar
Re: [VOTE] Release Apache httpd 2.4.9 as GA
On 3/13/2014 9:49 AM, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.9 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. NOTE: The *-deps are only there for convenience. +1 on many of the usual Windows suspects OpenSSL 0.9.8y & 1.0.1f
Re: [VOTE] Release Apache httpd 2.4.9 as GA
I do not know whether this is relevant to these errors, but in ssl_engine_kernel.c there is a comment about renegotiation with the perl test framework, line 806: /* XXX: Should replace setting state with SSL_renegotiate(ssl); * However, this causes failures in perl-framework currently, * perhaps pre-test if we have already negotiated? */ As of 2.4.9: (tested with OpenSSL 1.0.1f and 1.0.2-dev on Ubuntu) +1: SLES11 SP3 (32bit + 64bit), Ubuntu 13.10 (64bit) Falco On Fri, Mar 14, 2014 at 11:51 PM, Rainer Jung wrote: > On 14.03.2014 20:55, Plüm, Rüdiger, Vodafone Group wrote: > > > > > >> -Ursprüngliche Nachricht- > >> Von: Rainer Jung [mailto:rainer.j...@kippdata.de] > >> Gesendet: Freitag, 14. März 2014 19:14 > >> An: dev@httpd.apache.org > >> Betreff: Re: [VOTE] Release Apache httpd 2.4.9 as GA > >> > >> On 13.03.2014 17:49, Jim Jagielski wrote: > >>> The pre-release test tarballs for Apache httpd 2.4.9 can be found > >>> at the usual place: > >>> > >>> http://httpd.apache.org/dev/dist/ > >>> > >>> I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA. > >>> > >>> [ ] +1: Good to go > >>> [ ] +0: meh > >>> [ ] -1: Danger Will Robinson. And why. > >>> > >>> Vote will last the normal 72 hrs. > >>> > >>> NOTE: The *-deps are only there for convenience. > >> > >> I get some test failures: > >> > >> t/ssl/pr12355.t (Wstat: 0 Tests: 10 Failed: 4) > >> Failed tests: 3-4, 7-8 > >> t/ssl/pr43738.t (Wstat: 0 Tests: 4 Failed: 2) > >> Failed tests: 1-2 > >> > >> They happen during renegotiation. All parts should be using OpenSSL > >> 1.0.1f. The requests end up with status 403 instead of 200. > > > > Which MPM? > > I think all of them, but definitly prefork. > > Regards, > > Rainer >