Am 09.02.2016 um 19:20 schrieb Stefan Eissing:
Ah, closer look revealed that the first test was a cipher renegotiation using
HTTP/1.1. That no longer works, but the slave connection checks do. So, false
alarm on that front. Will disable the renegotiation tests that fail for now
until the
Hi Jim,
2016-02-09 21:25 GMT+01:00 Jim Jagielski :
> The more I think of it, a HowTo guide, like the ones we have
> for public_html, Authn, etc regarding reverse proxy
> makes the most sense...
>
> > On Feb 9, 2016, at 12:55 PM, Tim Bannister
> wrote:
>
I noticed today that errors about invalid flags on rewrite rules do not
have APLOGNO() on them.
cmd_rewriterule calls cmd_rewriterule_setflag and if a string is returned,
prefixes "RewriteRule: " and returns that as an error.
Should these have APLOGNO()? They are errors, but they don't
use
The more I think of it, a HowTo guide, like the ones we have
for public_html, Authn, etc regarding reverse proxy
makes the most sense...
> On Feb 9, 2016, at 12:55 PM, Tim Bannister wrote:
>
> On 9 Feb 2016, at 16:02, Rainer Jung wrote:
>> Am
On Fri, Jan 22, 2016 at 4:30 PM, wrote:
> Author: covener
> Date: Fri Jan 22 15:30:19 2016
> New Revision: 1726233
>
> URL: http://svn.apache.org/viewvc?rev=1726233=rev
> Log:
> from feedback, assume all parameters to SetHandler are expressions.
>
> Modified:
>
> Am 09.02.2016 um 00:38 schrieb Gregg Smith :
>
>> On 2/8/2016 9:07 AM, Stefan Eissing wrote:
>> PS. I did not update Windows Makefiles. I feel bad.
>
> Don't, I need to play catch-up anyway :)
>
> Should this be in modules/proxy like all the rest of the mod_proxy_* modules?
>
I started adding support for OpenSSL 1.1.0 in trunk.
As some might know, the OpenSSL API changes and especially many
structures have been made opaque.
I resolved all the stuff that could be done on a local/formal level, but
some items remain, where I'm not sure how to proceed. I have marked
On 09/02/2016 14:36, Rainer Jung wrote:
> Hi Steve,
>
> thanks a lot for your review and comments. More inline.
>
> Am 09.02.2016 um 13:34 schrieb Dr Stephen Henson:
>> On 09/02/2016 10:20, Rainer Jung wrote:
>>>
>>> 3) ssl_engine_ocsp.c
>>>
>>> In modssl_verify_ocsp() the following code
Hi Steve,
thanks a lot for your review and comments. More inline.
Am 09.02.2016 um 13:34 schrieb Dr Stephen Henson:
On 09/02/2016 10:20, Rainer Jung wrote:
3) ssl_engine_ocsp.c
In modssl_verify_ocsp() the following code accesses the struct member "valid",
for which currently no accessor
On Mon, Feb 8, 2016 at 6:07 PM, Stefan Eissing
wrote:
>
> One thing: the ssl_hostname that is used for SNI by the generic proxy utils
> seems to get lost when the socket needs to reset and is then not available on
> the next connect. That should affect
On Mon, Feb 8, 2016 at 6:07 PM, Stefan Eissing
wrote:
> FYI: I just checked in a very experimental mod_proxy_http2 that registers on
> h2:// and h2c:// proxy URLs. I did this naming to have the module totally
> separate from mod_proxy_http, not wanting to make a
On Mon, Feb 8, 2016 at 12:57 PM, William A Rowe Jr
wrote:
> This is excellent, thanks for the effort!
>
> You should note that there was no binary compatibility between 2.2.x final
> and 2.4.x. And there will be no binary compatibility between 2.next (3.0?)
> and 2.4.x.
We currently have really really little info about the balancer-
manager in our docs, just a short little blurb on how to enable
it and a brief description of what it does [1]. I'd like to extend
that, but does it make sense to add it to the mod_proxy_balancer
module page, or have a separate page
Hello Bill, I'll try to add 2.2.x and 2.4.x branches to the compatibility table soon (the 2.2.x on top of all 2.2.* versions and 2.4.x on top of all 2.4.*). But it requires some time to improve the code base. Thank you. 08.02.2016, 21:20, "William A Rowe Jr":This is excellent, thanks for the
On 09/02/2016 10:20, Rainer Jung wrote:
>
> 3) ssl_engine_ocsp.c
>
> In modssl_verify_ocsp() the following code accesses the struct member "valid",
> for which currently no accessor function exists in 1.1.0:
>
> 268 else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
> 269
09.02.2016, 15:02, "Jeff Trawick" :On Mon, Feb 8, 2016 at 12:57 PM, William A Rowe Jr wrote:This is excellent, thanks for the effort! You should note that there was no binary compatibility between 2.2.x finaland 2.4.x. And there will be no binary
Am 09.02.2016 um 13:25 schrieb Jim Jagielski:
We currently have really really little info about the balancer-
manager in our docs, just a short little blurb on how to enable
it and a brief description of what it does [1]. I'd like to extend
that, but does it make sense to add it to the
.. is meant to do a simple TCP readability check on the connection,
using ap_proxy_is_socket_connected().
This is trunk only AFAICT.
However all our proxy modules handle this just after calling
ap_proxy_connect_backend() which already calls
ap_proxy_is_socket_connected() for the same purpose.
Why the change to modules/proxy/mod_proxy_hcheck.c?
> On Feb 9, 2016, at 10:58 AM, Yann Ylavic wrote:
>
>
I had the effect that when a socket was determined to be dead, the SNI was
cleared and a new connection was made without any SNI. So, I save the first
ssl_hostname I see and set that on every new connection.
> Am 09.02.2016 um 15:42 schrieb Yann Ylavic :
>
> On Mon, Feb
On Tue, Feb 9, 2016 at 5:42 PM, Jim Jagielski wrote:
> Why the change to modules/proxy/mod_proxy_hcheck.c?
The call to ap_proxy_connect_backend() just above already calls
ap_proxy_is_socket_connected() for any reused connection, so why check
it twice?
If the connection is not
For the request itself, yes. mod_proxy_http2 follows the same pattern as
mod_proxy_http. It does not setup a faked request_rec that mod_proxy_http does
since I did not need it and did not see the point. Might have missed something.
> Am 09.02.2016 um 15:51 schrieb Yann Ylavic
After some feedbacks I updated the trunk documentation:
https://httpd.apache.org/docs/trunk/mod/event.html
Please let me know if you like the new page and the new information
contained. In case, I'll backport the change to 2.4.x, otherwise I'll
revert.
Thanks!
Luca
2016-02-08 15:32 GMT+01:00
Testing in trunk, 2.4.x seems to be fine. It's the httpd/test/mod_h2/trunk test
cases (do not expect you to get that running). I will take a closer look
tomorrow as there is more fishy than just the renegotiation. I see more
failures than that. I will try an earlier mod_ssl tomorrow and try to
This hasn't made it into the 2.4.x branch yet, what is the status of getting
this in the .19 release?
http://svn.apache.org/viewvc?view=revision=1711479
Thanks,
Brian
> On Oct 16, 2015, at 8:06 AM, Yann Ylavic wrote:
>
> Hi Jan,
>
> On Fri, Oct 16, 2015 at 1:58 PM,
Am 09.02.2016 um 20:03 schrieb Stefan Eissing:
Am 09.02.2016 um 19:58 schrieb Rainer Jung :
Am 09.02.2016 um 19:20 schrieb Stefan Eissing:
Ah, closer look revealed that the first test was a cipher renegotiation using
HTTP/1.1. That no longer works, but the slave
> Am 09.02.2016 um 19:58 schrieb Rainer Jung :
>
> Am 09.02.2016 um 19:20 schrieb Stefan Eissing:
>> Ah, closer look revealed that the first test was a cipher renegotiation
>> using HTTP/1.1. That no longer works, but the slave connection checks do.
>> So, false alarm
With the new renegotiate code, I get failures in trunk for my tests that expect
renegotiation to fail on slave connections. Rainer, not sure how this works
now. Can you have a look?
-Stefan
Ah, closer look revealed that the first test was a cipher renegotiation using
HTTP/1.1. That no longer works, but the slave connection checks do. So, false
alarm on that front. Will disable the renegotiation tests that fail for now
until the 1.1.0 openssl work is done...
Sorry for the
> On Feb 9, 2016, at 11:49 AM, Yann Ylavic wrote:
>
> On Tue, Feb 9, 2016 at 5:42 PM, Jim Jagielski wrote:
>> Why the change to modules/proxy/mod_proxy_hcheck.c?
>
> The call to ap_proxy_connect_backend() just above already calls
>
On 9 Feb 2016, at 16:02, Rainer Jung wrote:
> Am 09.02.2016 um 13:25 schrieb Jim Jagielski:
>> We currently have really really little info about the balancer-manager in
>> our docs, just a short little blurb on how to enable it and a brief
>> description of what it does
31 matches
Mail list logo