Re: The drive for 2.4.26

Hi Jan, Am 29.05.2017 um 10:54 schrieb Jan Ehrhardt: Rainer Jung in gmane.comp.apache.devel (Sun, 28 May 2017 23:20:35 +0200): Due to quick votes from the team this has now been committed in r1796539 for 2.4.26. Thanks. I checked woth the 2.4.x branch, built on Windows with CMake/VC14 (plus

Re: Ideas from ApacheCon

Thanks for the list. One remark inline ... Am 18.05.2017 um 19:46 schrieb Jim Jagielski: Based on feedback from various sessions: o A new-kind of "hot standby" in mod_proxy which kicks in whenever a worker moves out of the pool (ie, doesn't wait until all workers are out)... ala a

Re: Change from ad-hoc/historical security process to ASF process?

Am 22.05.2017 um 22:38 schrieb Yann Ylavic: On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jr wrote: On May 5, 2017 13:32, "Jim Jagielski" wrote: +1... Lets do it. BTW, I would adjust #16 to include: Add the CVE to the CHANGES file. That way, it's

Re: The drive for 2.4.26

Am 28.05.2017 um 16:16 schrieb Rainer Jung: Am 28.05.2017 um 13:13 schrieb Jan Ehrhardt: Rainer Jung in gmane.comp.apache.devel (Fri, 21 Apr 2017 00:29:38 +0200): ... In addition I noticed the following glitch: ... The "-m" option is independent of SSL use and should be handl

Re: AC_CHECK_LIB issues under maintainer mode (Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today)

Am 15.10.2017 um 16:25 schrieb Yann Ylavic: On Sun, Oct 15, 2017 at 4:03 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: Why is this happening now? The "-Werror" was backported last December in r1772330, which was a backport of r1702948 from trunk (May 2015). Maybe peo

Re: AC_CHECK_LIB issues under maintainer mode (Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today)

Hi Jim, Am 13.10.2017 um 17:51 schrieb Jim Jagielski: Let's recall what is really happening... In maintainer mode, the build system sets -Werror and -Wstrict-prototypes. This means that functions which lack strict prototypes will "fail". Now note that AC_CHECK_LIB does not worry about

Re: AC_CHECK_LIB issues under maintainer mode (Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today)

Am 16.10.2017 um 12:31 schrieb Joe Orton: On Fri, Oct 13, 2017 at 11:51:54AM -0400, Jim Jagielski wrote: The long and short is that under maintainer mode, we cannot expect AC_CHECK_LIB to being correct any longer, because the combination of -Werror and -Wstrict-prototypes means that any and all

Re: buildbot failure in on httpd-trunk

Am 16.10.2017 um 11:23 schrieb build...@apache.org: The Buildbot has detected a new failure on builder httpd-trunk while building . Full details are available at: https://ci.apache.org/builders/httpd-trunk/builds/1199 Buildbot URL: https://ci.apache.org/ Buildslave for this Build:

gcc error (-Werror=pointer-compare) in trunk util_expr_eval.c

I get the following error for an old line (r1037504, but now trying maintainer-mode): .../server/util_expr_eval.c: In function 'ap_expr_eval_re_backref': .../server/util_expr_eval.c:265:63: error: comparison between pointer and zero character constant [-Werror=pointer-compare] if

Re: buildbot failure in on httpd-trunk

Am 17.10.2017 um 02:19 schrieb Yann Ylavic: On Tue, Oct 17, 2017 at 1:23 AM, Yann Ylavic wrote: On Tue, Oct 17, 2017 at 12:48 AM, William A Rowe Jr wrote: Rainer, https://ci.apache.org/builders/httpd-trunk/builds/1203 would you please re-kick this

Re: [VOTE] Release Apache httpd 2.4.28 as GA

An update concerning the sporadic proxy test failures for prefork on Solaris that I observed: These are a bit difficult to nail down, because running only the proxy tests does not fail. One has to run a relatively big part of the test suite to have a chance of triggering the problem during

Solaris prefork proxy failures (Was: [VOTE] Release Apache httpd 2.4.28 as GA)

I observe sporadic failures in the proxy tests for 2.4.x. They only happen on Solaris (Sparc) and only for prefork MPM. Although they are not strictly reproducible, I think they only happen with APR 1.6 an with mod_http2/mod_proxy_http2 loaded (although they do not happen during their test

Re: [VOTE] Release Apache httpd 2.4.28 as GA

Am 25.09.2017 um 14:13 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd version 2.4.28 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.28 GA. [X] +1: Good to go [ ] +0: meh [ ] -1: Danger

MPM motorz

During testing the 2.5.0 alpha candidate I observed various problems with the motorz MPM: looping on CPU, segmentation faults and quite some test errors I do not get for the event MPM. Do others see such issues as well? Regards, Rainer

Serf support in trunk

While testing the 2.5.0 alpha candidate I noticed, that our optional use of serf in mod_proxy and mpm_event is pretty outdated (so unmaintained): - the serf API we use was only present in serf until version 0.3.1 (February 2010) - in May 2010 it was changed inside serf and httpd does not

Re: Serf support in trunk

19.11.2017 um 12:49 schrieb Rainer Jung <rainer.j...@kippdata.de>: While testing the 2.5.0 alpha candidate I noticed, that our optional use of serf in mod_proxy and mpm_event is pretty outdated (so unmaintained): - the serf API we use was only present in serf until version 0.3.1 (February

Re: svn commit: r1813027 - /httpd/httpd/branches/2.4.x/STATUS

Hi Bill, Am 31.10.2017 um 21:29 schrieb William A Rowe Jr: On Mon, Oct 23, 2017 at 10:17 AM, wrote: Author: ylavic Date: Mon Oct 23 15:17:02 2017 New Revision: 1813027 URL: http://svn.apache.org/viewvc?rev=1813027=rev Log: Update comment according to patch version (v5).

Re: We have soon 5 SVN repo's

Although that list is almost 5 years old, people interested for some major differences between trunk and 2.4.x might have a look at: https://home.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt especially at items 1)-7). Regards, Rainer

Re: We have soon 5 SVN repo's

Hi Steffen, Am 07.11.2017 um 10:10 schrieb Steffen: Jim wrote below: /What, exactly, are the expected differences between trunk and 2.5.0-alpha?/ I could not find the answer in this (long) thread ? as far as I understand Daniel, he will tag current trunk as 2.5.0-alpha or more likely

Re: mod_ssl and SSLPolicy

Am 28.11.2017 um 16:51 schrieb Rich Bowen: As one of the folks that answers questions on IRC, I would like to object to the existence of SSLPolicy and . I think it's unwise to have two directives with the same name, for reasons of end-user support. As long as it's still only in trunk, we

Re: Pruning working branches (Was: Re: Why?)

Am 24.10.2017 um 23:05 schrieb William A Rowe Jr: On Tue, Oct 24, 2017 at 8:11 AM, William A Rowe Jr wrote: On Tue, Oct 24, 2017 at 3:28 AM, Steffen wrote: On Tuesday 24/10/2017 at 10:26, Steffen wrote: Can someone clean up the not needed anymore

Build error in trunk for json modules (mod_md using md_json plus mod_log_json)

When trying to do a reallyall modules build I get an error during compilation of md_json. The compile command does not contain and "-I" flag for the jansson library. For mod_log_json, which gets build a bit earlier, the include path flag correctly contains jansson. Looking at modules.mk in

Re: Pruning working branches (Was: Re: Why?)

Am 26.10.2017 um 10:30 schrieb Yann Ylavic: I like this "attic" idea better, resurrecting something is easier if you can find that it ever existed (w/o diving into svn history, à la "svn delete"). +1

Re: [VOTE] Release httpd-2.4.30

Am 19.02.2018 um 15:54 schrieb drugg...@primary.net: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.30: [ ] +1: It’s not

Re: [VOTE] Release httpd-2.4.30

Am 19.02.2018 um 15:54 schrieb drugg...@primary.net: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.30: [ ] +1: It’s not

mod_cache: Broken Expires from back end and CacheStoreExpired

I have a situation where I have a caching Apache in front of a back end. The backend sends a response header "Expires: -1" and mod_cache unconditionally refuses to cache the response with the error "Broken expires header". RFC 7234 section 5.3 [1] contains the text:

Fwd: [PHP-DEV] Re: apache2 buckets API masters needed

Hi all, I just noticed this mail on PHP internals (intern...@lists.php.net) and wanted to let the httpd dev list know in case anyone would be able to step up and lend them a hand. Thanks and regards, Rainer --- Begin Message --- Hi! > I need help from somebody who knows how to deal with

Re: svn commit: r1837599 - /httpd/httpd/branches/2.4.x/STATUS

Hi Yann, I will try to comment inline per patch. Yes, that's always a difficult decision. I think for the "?auto" part it should be easy: it uses a line based key-value format, so adding new keys should be fine for nearly any parser. For the HTML based output the decision is more difficult.

Re: svn commit: r1837599 - /httpd/httpd/branches/2.4.x/STATUS

Am 28.08.2018 um 15:54 schrieb Yann Ylavic: On Tue, Aug 7, 2018 at 4:19 PM wrote: Log: Propose a few monitoring improvements. Those changes look fine (and great) to me, I wanted to +1 but I'm wondering if they really belong in 2.4.x since the output of mod_status is changed in a way that

Re: [VOTE] Release Apache httpd 2.4.34 as GA

Am 13.07.2018 um 15:03 schrieb Rainer Jung: e I expect prefork on Solaris still to observe timeouts during   proxy tests like reported for previous versions, but didn't test   it this time due to the long test runs when the problem happens.   I started these runs right now just to be able

Re: svn commit: r1837599 - /httpd/httpd/branches/2.4.x/STATUS

Am 31.08.2018 um 20:30 schrieb Eric Covener: So the question is probably whether Eric thinks keeping the HTML output stable is more important than adding response duration info and proxy busyness info. I'm open to any decision. I didn't mean I had any issue with the HTML change. I think it's

Re: svn commit: r1837599 - /httpd/httpd/branches/2.4.x/STATUS

Am 29.08.2018 um 05:45 schrieb Rainer Jung: Am 28.08.2018 um 15:54 schrieb Yann Ylavic: On Tue, Aug 7, 2018 at 4:19 PM wrote: Log: Propose a few monitoring improvements. Those changes look fine (and great) to me, I wanted to +1 but I'm wondering if they really belong in 2.4.x since

Re: svn commit: r1837590 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/scoreboard.h modules/generators/mod_status.c server/scoreboard.c

Am 31.08.2018 um 14:50 schrieb Ruediger Pluem: On 08/07/2018 12:48 PM, rj...@apache.org wrote: Author: rjung Date: Tue Aug 7 10:48:05 2018 New Revision: 1837590 URL: http://svn.apache.org/viewvc?rev=1837590=rev Log: mod_status: Add cumulated response duration time in milliseconds.

Re: [Bug 62145] Fix crashes when apr_sockaddr_info_get fails

Am 07.09.2018 um 15:48 schrieb bugzi...@apache.org: https://bz.apache.org/bugzilla/show_bug.cgi?id=62145 moh.riza changed: What|Removed |Added URL|

Re: [VOTE] Release Apache httpd 2.4.34 as GA

Am 10.07.2018 um 16:03 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd version 2.4.34 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.34 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger

Re: svn commit: r1826543 - /httpd/httpd/branches/2.4.x/modules/http/http_request.c

Hi Yann, Am 12.03.2018 um 13:24 schrieb yla...@apache.org: Author: ylavic Date: Mon Mar 12 12:24:27 2018 New Revision: 1826543 URL: http://svn.apache.org/viewvc?rev=1826543=rev Log: Fix timeout logging in ap_process_request(). We can't use 'r' after ap_process_request_after_handler(), the

Re: mod_security Chrash in 2.9.2 libapr1.dll

Hi Steffen, hi list, Am 12.03.2018 um 14:07 schrieb Steffen: I think it should released with 2.4.32 (+) . Endly  solved  a pain with  all that crashes. thanks for reminding us of that problem. Since it is a logging only change for INFO log level and our default log level is WARN, plus as

Re: [RESULT] [VOTE] Release httpd-2.4.32

Am 15.03.2018 um 18:09 schrieb Eric Covener: On Thu, Mar 15, 2018 at 12:54 PM, Jan Ehrhardt wrote: Eric Covener in gmane.comp.apache.devel (Thu, 15 Mar 2018 12:35:38 -0400): +1, probably the least confusing, and Windows users aren't quickly/casually picking up source

Re: mod_proxy_balancer doesn't work with 2.4.32

Am 15.03.2018 um 18:25 schrieb lucas29252: Steffen sent me the patched module and it works! Same here. Regards, Rainer

Re: mod_proxy_balancer doesn't work with 2.4.32

Am 15.03.2018 um 16:48 schrieb Yann Ylavic: On Thu, Mar 15, 2018 at 3:20 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: Index: modules/slotmem/mod_slotmem_shm.c === --- modules/slotmem/mod_slotmem_shm.c (revision 1

Re: mod_proxy_balancer doesn't work with 2.4.32

Am 15.03.2018 um 16:48 schrieb Yann Ylavic: On Thu, Mar 15, 2018 at 3:20 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: For the sake of completeness, here are the full trace8 (failed) startup logs for this reproduction scenario: Thanks Rainer! Could you (or Steffen, or Luca

Re: [RESULT] [VOTE] Release httpd-2.4.32

Am 15.03.2018 um 17:34 schrieb Yann Ylavic: On Thu, Mar 15, 2018 at 5:20 PM, Daniel Ruggeri wrote: Personally, I would like to see *another* T (again, I volunteer and will see it through quickly) and no mention of this release be made public via ANNOUNCE. Thoughts? I

Re: [VOTE] Release httpd-2.4.32

Am 10.03.2018 um 03:49 schrieb Daniel Ruggeri: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.32: [X] +1: It's not just

Re: [VOTE] Release httpd-2.4.32

Am 14.03.2018 um 16:10 schrieb Joe Orton: On Wed, Mar 14, 2018 at 02:56:19PM +, Joe Orton wrote: This looks like the failure I see when localhost resolves to both ::1 and 127.0.0.1, which happens with modern Fedora hosts: $ grep localhost /etc/hosts 127.0.0.1 localhost

Re: mod_proxy_balancer doesn't work with 2.4.32

Am 15.03.2018 um 15:06 schrieb Yann Ylavic: On Thu, Mar 15, 2018 at 2:59 PM, lucas29252 wrote: Hi, I'm the original reporter. I've just make a fresh install of httpd-2.4.32-Win64-VC15.zip

Re: [VOTE] Release httpd-2.4.32

Am 14.03.2018 um 19:59 schrieb Daniel Ruggeri: On 2018-03-14 09:56, Joe Orton wrote: On Wed, Mar 14, 2018 at 12:10:20PM +0100, Rainer Jung wrote: All 280 builds succeeded. Geez, now I feel bad just testing one build ;) Great stuff! +1! Rainer must be a machine... or, perhaps only partially

Re: buildbot success in on httpd-trunk

don't know enough about how hooks work on Windows to propose a solution. Builds fine now with OpenSSL 1.1.1 pre4, tls1.3 test looks promising. Thanks. The below errors was my fault, was mixing, sorry. OK, no problem. Regards, Rainer On Monday 09/04/2018 at 19:22, Rainer Jung wrote:

Re: buildbot success in on httpd-trunk

Hi Steffen, are the below errors you reported from building trunk or from building 2.4? Your mail subject was "Re: buildbot success in on httpd-trunk" so I thought trunk but after trying for quite some time couldn't find any reason for problems there. Your second email makes me wonder

Re: TLSv1.3

I don't know whether it helps, but OpenSSL release pre4 (beta 2) yesterday. Regards, Rainer Am 04.04.2018 um 13:24 schrieb Stefan Eissing: Thanks for the tip. Unfortunately, my FF 58.0.2 and 59.0.2 still keeps doing TLSv1.2 while the Nightly goes TLSv1.3. Perhaps a matter of the previous

Re: svn commit: r1828670 - in /httpd/httpd/branches/2.4.x: ./ CHANGES CMakeLists.txt

NP, that was an easy one. Thanks for the useful feature :) I did not try to fix the missing mod_md build. I'm hoping for someone more cmake-aware to fix it ... Regards, Rainer

Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)

Am 18.04.2018 um 15:07 schrieb Jim Jagielski: There are, IMO at least, 3 types of "regression" that we should be concerned about or that some people are concerned about: 1. New features: Undoubtedly, new features will likely have bugs and no by adding new features we could be

Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)

Am 18.04.2018 um 18:07 schrieb William A Rowe Jr: On Wed, Apr 18, 2018 at 10:57 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Since this thread was triggered by the mod_ssl config merging problems: I think that was a case where a new feature was really nice, but to implement it the

Re: So... when should we do 2.4.34? [WAS: Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)]

Do we need a quick APR 1.6.4 to pick up r1819938? From CHANGES: *) poll, port: re-add the wakeup pipe to the pollset after it triggered. Not doing this occasionally lead to httpd event MPM processes hanging during process shutdown. PR 61786. [Yann Ylavic] From the commit log:

Re: So... when should we do 2.4.34? [WAS: Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)]

Am 20.04.2018 um 09:22 schrieb William A Rowe Jr: On Fri, Apr 20, 2018 at 2:15 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Do we need a quick APR 1.6.4 to pick up r1819938? From CHANGES: *) poll, port: re-add the wakeup pipe to the pollset after it triggered. Not

Re: So... when should we do 2.4.34? [WAS: Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)]

Am 20.04.2018 um 11:39 schrieb Eric Covener: On Fri, Apr 20, 2018 at 3:15 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Do we need a quick APR 1.6.4 to pick up r1819938? From CHANGES: *) poll, port: re-add the wakeup pipe to the pollset after it triggered. Not doing this occasi

Re: A proposal...

Am 24.04.2018 um 19:58 schrieb Daniel Ruggeri: On 2018-04-24 09:22, Eric Covener wrote: On Tue, Apr 24, 2018 at 10:08 AM, William A Rowe Jr wrote: On Tue, Apr 24, 2018 at 8:27 AM, Eric Covener wrote: Yes, exactly correct. We have three "contracts" to

Re: A proposal...

Am 23.04.2018 um 16:00 schrieb Jim Jagielski: It seems that, IMO, if there was not so much concern about "regressions" in releases, this whole revisit-versioning debate would not have come up. This implies, to me at least, that the root cause (as I've said before) appears to be one related to

Re: Expanding httpd adoption internationally - POC

Am 24.04.2018 um 07:20 schrieb Marion et Christophe JAILLET: Le 24/04/2018 à 02:58, William A Rowe Jr a écrit : On Thu, Apr 19, 2018 at 12:20 AM, Marion et Christophe JAILLET wrote: Le 18/04/2018 à 22:12, William A Rowe Jr a écrit : On Wed, Apr 18, 2018 at 2:31

Re: A proposal...

Am 24.04.2018 um 13:19 schrieb Daniel Ruggeri: On April 24, 2018 1:38:26 AM CDT, "Plüm, Rüdiger, Vodafone Group" <ruediger.pl...@vodafone.com> wrote: -Ursprüngliche Nachricht----- Von: Rainer Jung <rainer.j...@kippdata.de> Gesendet: Montag, 23. Ap

Re: Start using RCs (Was: Re: So... when should we do 2.4.34? [WAS: Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)])

Am 19.04.2018 um 17:37 schrieb Jim Jagielski: On Apr 19, 2018, at 11:26 AM, William A Rowe Jr wrote: On Thu, Apr 19, 2018 at 10:11 AM, Jim Jagielski wrote: With all this in mind, should we try to set things up so that the next release cycle uses the

Re: [RESULT] [VOTE] Release httpd-2.4.33

Am 24.03.2018 um 15:16 schrieb Eric Covener: On Sat, Mar 24, 2018 at 9:07 AM, Christophe Jaillet <christophe.jail...@wanadoo.fr> wrote: Le 22/03/2018 à 11:14, Rainer Jung a écrit : Am 22.03.2018 um 08:32 schrieb Eric Covener: On Wed, Mar 21, 2018 at 11:38 AM, Daniel Ruggeri

Bugzilla admin rights for httpd should now be available to Christophe

Am 24.03.2018 um 15:55 schrieb Rainer Jung: Am 24.03.2018 um 15:16 schrieb Eric Covener: On Sat, Mar 24, 2018 at 9:07 AM, Christophe Jaillet Could mod_md, mod_macro and mod_authnz_fcgi be added to the Component list, please? Done -- thanks for pointing it out and all the maintenance

Re: TLSv1.3

Am 29.03.2018 um 16:15 schrieb Eric Covener: If you have this setup handy, could you check what happens if you negotiate TLS1.3 then request a directory that has per-directory SSL settings in it? I assume it fails (renegotiation) but not sure how the logs will look. That would be one big

Poll: increase OpenSSL version requirement for trunk?

Last time we had the discussion was 2010/2011. We might increase minimum OpenSSL version for everything newer than 2.4.x to OpenSSL 1.0.1. I think RHEL 6 and SLES11 both provide OpenSSL 1.0.1 at least as an alternative. RHEL 7 and SLES 12 still seems to be at 1.0.1 (at least without service

Re: Poll: increase OpenSSL version requirement for trunk?

Am 16.03.2018 um 13:20 schrieb Eric Covener: On Fri, Mar 16, 2018 at 8:07 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Last time we had the discussion was 2010/2011. We might increase minimum OpenSSL version for everything newer than 2.4.x to OpenSSL 1.0.1. I think RHEL 6 and SLES1

Re: Poll: increase OpenSSL version requirement for trunk?

Am 16.03.2018 um 13:20 schrieb Eric Covener: On Fri, Mar 16, 2018 at 8:07 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: Last time we had the discussion was 2010/2011. We might increase minimum OpenSSL version for everything newer than 2.4.x to OpenSSL 1.0.1. I think RHEL 6 and SLES1

Re: mod_md : not possible to use Lets-Encrypt-Win-Simple

Am 18.03.2018 um 20:07 schrieb Eric Covener: On Sun, Mar 18, 2018 at 2:25 PM, Steffen wrote: It is indeed a limitation for an "old" account, and when LE enables TLS again (not sure it does already in ACMEv2 protocol) When did this become about TLS-SNI challenges and

Re: [NOTICE] T of 2.4.33 imminent

Am 17.03.2018 um 20:37 schrieb Daniel Ruggeri: Hi, all; I will be doing the tag and roll of 2.4.33 very soon (2ish hours). I am on mobile so haven't reviewed STATUS since yesterday during the day - now would be a great time for votes and backports just before bundling it all up :-) In

Re: [RESULT] [VOTE] Release httpd-2.4.33

Am 22.03.2018 um 08:32 schrieb Eric Covener: On Wed, Mar 21, 2018 at 11:38 AM, Daniel Ruggeri wrote: Hi, all; I am pleased to report that the vote to release httpd-2.4.33 has PASSED with 7 binding votes and 2 non-binding votes. I will begin the process of pushing the

Re: [VOTE] Release httpd-2.4.33

Am 18.03.2018 um 00:43 schrieb Daniel Ruggeri: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.33: [X] +1: It's not just good,

mod_md OpenSSL version requirement 1.0.0

It seems mod_md (trunk and 2.4, currently identical) needs OpenSSL 1.0.2 (for ASN1_TIME_diff), but with a small change (using the already existing LIBRESSL alternative code) it only needs 1.0.0. Since we still support 0.9.8a+ for 2.4.x and trunk, I think we need to add a version check to

Re: mod_md OpenSSL version requirement 1.0.0

Am 16.03.2018 um 12:21 schrieb Rainer Jung: It seems mod_md (trunk and 2.4, currently identical) needs OpenSSL 1.0.2 (for ASN1_TIME_diff), but with a small change (using the already existing LIBRESSL alternative code) it only needs 1.0.0. Since we still support 0.9.8a+ for 2.4.x and trunk, I

Re: apr trunk make test results on LFS

Am 27.02.2018 um 00:13 schrieb Alain Toussaint: Hello, I have a test log of trunk apr build with these configure settings: ./configure --prefix=/usr --disable-static --enable-nonportable-atomics --enable-threads --enable- posix-shm --enable-allocator-uses-mmap --enable-allocator-guard-pages

Re: [Bug 42610] mod_rewrite and mod_proxy handle ';' incorrectly

show_bug.cgi?id=42610> Rainer Jung <rainer.j...@kippdata.de <mailto:rainer.j...@kippdata.de>> changed: --- Comment #3 from Rainer Jung <rainer.j...@kippdata.de <mailto:rainer.j...@kippdata.de>> --- Undo spam change Thanks a lot for cleaning up all t

Re: Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T 2.4.36]

Adding another debug snippet at the end ... Am 13.10.2018 um 13:14 schrieb Rainer Jung: Hi Stefan, Am 10.10.2018 um 16:04 schrieb Stefan Eissing: Am 10.10.2018 um 15:06 schrieb Joe Orton : I believe that t/modules/http2.t is dying in this:     my $old_ref = \&{ 'AnyEvent:

Re: [VOTE] Release httpd-2.4.36

Am 11.10.2018 um 20:55 schrieb Ruediger Pluem: On 10/11/2018 08:10 PM, Christophe JAILLET wrote: No issue on my Ubuntu 18.04 VM. On what configuration are you running your tests, Rüdiger? macOS, just like Jim? Centos 7.5 64 Bit Regards Rüdiger The test fails for me as well for 2.4.36

Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T 2.4.36]

Hi Stefan, Am 10.10.2018 um 16:04 schrieb Stefan Eissing: Am 10.10.2018 um 15:06 schrieb Joe Orton : I believe that t/modules/http2.t is dying in this: my $old_ref = \&{ 'AnyEvent::TLS::_get_session' }; *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) { piece of magic which I don't

t/modules/buffer.t failing in 2.4.36, LWP bug [Was: [VOTE] Release httpd-2.4.36]

Am 13.10.2018 um 11:46 schrieb Rainer Jung: Am 11.10.2018 um 20:55 schrieb Ruediger Pluem: On 10/11/2018 08:10 PM, Christophe JAILLET wrote: No issue on my Ubuntu 18.04 VM. On what configuration are you running your tests, Rüdiger? macOS, just like Jim? Centos 7.5 64 Bit Regards

Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to SSL_MODE_AUTO_RETRY?

Adjusted SSL_read() rc value 0 handling applied in r1843954 to trunk. I'll let it sit there until tomorrow for comments and then suggest for backport. Am 15.10.2018 um 12:55 schrieb Rainer Jung: Am 15.10.2018 um 10:02 schrieb Stefan Eissing: Am 14.10.2018 um 00:46 schrieb Rainer Jung

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Am 14.10.2018 um 21:59 schrieb William A Rowe Jr: On Sun, Oct 14, 2018 at 8:32 AM Jim Jagielski > wrote: All we are checking is the error code. Nothing else.    % openssl version    OpenSSL 1.0.2p  14 Aug 2018    % openssl ocsp 2>/dev/null    %

Re: t/modules/buffer.t failing in 2.4.36, LWP bug [Was: [VOTE] Release httpd-2.4.36]

Hi Daniel, Am 14.10.2018 um 23:30 schrieb Daniel Ruggeri: On 2018/10/14 11:33:08, Rainer Jung wrote: > Am 13.10.2018 um 11:46 schrieb Rainer Jung:> > > Am 11.10.2018 um 20:55 schrieb Ruediger Pluem:> > >>> > >>> > >> On 10/11/2018 08:1

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Am 14.10.2018 um 22:58 schrieb William A Rowe Jr: On Sun, Oct 14, 2018 at 3:50 PM Rainer Jung <mailto:rainer.j...@kippdata.de>> wrote: And Jim already set "With 1.1.1, both return 1, but so what, we know that it has oscp." That, of course, is nonsense. O

Re: t/modules/buffer.t failing in 2.4.36, LWP bug [Was: [VOTE] Release httpd-2.4.36]

Am 15.10.2018 um 02:37 schrieb William A Rowe Jr: On Sun, Oct 14, 2018, 18:47 Rainer Jung <mailto:rainer.j...@kippdata.de>> wrote: On the contrary, the http2 tests (other thread) fail for me also with curl or browser, but only when the server is build with Open

Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to SSL_MODE_AUTO_RETRY?

Am 15.10.2018 um 10:02 schrieb Stefan Eissing: Am 14.10.2018 um 00:46 schrieb Rainer Jung : It seems the h2 failure only happens when building httpd against OpenSSL 1.1.1 (independent of TLS version used). I did a quick check with an httpd build against 1.1.0i and there the same vhost

Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to SSL_MODE_AUTO_RETRY?

Hi Stefan, Joe and all, Am 16.10.2018 um 11:15 schrieb Joe Orton: On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote: I'm currently testing the following patch which looks OK wrt. test suite results. Need to run more combinations (OpenSSL version client versus server) though. Server

Re: OCSP in 2.4 with OpenSSL 0.9.8(zh)

Some answers inline and the solution at the end ... Am 18.10.2018 um 15:01 schrieb William A Rowe Jr: On Thu, Oct 18, 2018 at 7:27 AM Rainer Jung <mailto:rainer.j...@kippdata.de>> wrote: I get test suite failures for t/ssl/ocsp.t when the server is build against OpenSSL 0

Re: httpd and php integration

Am 19.10.2018 um 00:46 schrieb Dennis Clarke: On 10/18/2018 04:57 PM, Rainer Jung wrote: Am 18.10.2018 um 21:55 schrieb Dennis Clarke: You debugger output shows jump = 0x101e2915c. This address is not divisible by 8, so it seems it confirms the alignment problem.  0x101e2915c ?? Not sure

Re: svn commit: r1844286 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Thanks! Am 18.10.2018 um 23:10 schrieb yla...@apache.org: Author: ylavic Date: Thu Oct 18 21:10:10 2018 New Revision: 1844286 URL: http://svn.apache.org/viewvc?rev=1844286=rev Log: Add 'use Net::SSLeay' required by Net::SSLeay::OPENSSL_VERSION_NUMBER(). Modified:

Re: httpd and php integration

Am 18.10.2018 um 21:55 schrieb Dennis Clarke: On 10/18/2018 03:42 PM, Rainer Jung wrote: Am 18.10.2018 um 21:18 schrieb Dennis Clarke: On 10/18/2018 02:12 PM, Daniel Ruggeri wrote: php: "5.6.38" I do build PHP 7.x myself including recent library versions both on some Linux

Re: [VOTE] Release httpd-2.4.37

Am 18.10.2018 um 21:18 schrieb Dennis Clarke: On 10/18/2018 02:12 PM, Daniel Ruggeri wrote: php: "5.6.38" Slightly off topic but I see you have ye old php 5.6.38 there. Was this built and installed yourself? Just curious is there is any guidance anywhere regarding php 7.x which builds but it

Re: t/security/CVE-2009-3555.t fails in 2.4.37 with TLS 1.3 - also false positive?

Can anyone comment on the below, especially whether this test should be disabled when used with TLS 1.3 (modern access) and whether it is OK (a wrong test definition) for 1.3 to actually handle the prefix attack request? Regards, Rainer Am 20.10.2018 um 08:16 schrieb Rainer Jung: Test t

Re: Test framework regressions - spelling and usertrack

Am 22.10.2018 um 15:45 schrieb Yann Ylavic: On Mon, Oct 22, 2018 at 3:28 PM Yann Ylavic wrote: On Mon, Oct 22, 2018 at 3:09 PM Jim Jagielski wrote: These are new from a coupla day ago: Both tests were added a few days ago, so probably not a regression (test issues likely). FWIW, both

Re: t/modules/http2.t: Run only if OpenSSL >= 1.0.0 is available

This seems to work nicely, committed in r1844546. Tests with old OpenSSL either in client or server result in TLSv1 and disable h2 tests. TLS test requests that result in TLSv1_2 or TLSv1_3 enable h2 tests. Regards, Rainer Am 22.10.2018 um 12:37 schrieb Rainer Jung: I wonder whether it would

Re: [VOTE] Release httpd-2.4.37

Hi Dennis, Am 22.10.2018 um 02:15 schrieb Dennis Clarke: On 10/21/2018 08:03 PM, Rainer Jung wrote: Am 18.10.2018 um 16:36 schrieb Daniel Ruggeri: Hi, all;     Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call

Re: t/modules/http2.t: Run only if OpenSSL >= 1.0.0 is available

6:46 AM, Rainer Jung wrote: Am 18.10.2018 um 14:23 schrieb Stefan Eissing: Am 18.10.2018 um 14:12 schrieb Rainer Jung : - t/modules/http2.t fails when the server is build using OpenSSL 0.9.8zh with the "Bad plan.  You planned 52 tests..." message indicating, that h2 using TLS doe

Test suite and OpenSSL 1.1.1

Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not make the test suite framework work with 1.1.1 (cpan -u didn't help). Although the ssl tests report SUCCESS, httpd actually timeouts on SSL_peek() (as already reported). Indeed I checked my test suite logs and until now all tests only used

Re: Test suite and OpenSSL 1.1.1

To make the raw TLS socket tests work I added r1844393. Both, r1844389 and r1844393 are part of the /perl/Apache-Test/trunk/ external which gets pulled into our test framework. Regards, Rainer Am 20.10.2018 um 06:28 schrieb Rainer Jung: Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could

t/security/CVE-2009-3555.t fails in 2.4.37 with TLS 1.3 - also false positive?

Test t/security/CVE-2009-3555.t (hardening against MITM SSL-renegotiation) fails in 2.4.37 when actually using TLS 1.3. It is not that easy to use TLS 1.3 for this test. The test uses a raw SSL socket created by Net::SSL, but that module is outdated and does not support TLS 1.3. I patched

OCSP with TLS 1.3 in 2.4.37 false positive?

After Yann's mail I double checked and fixed my setup to actually use TLS 1.3 in the test suite when OpenSSL 1.1.1 is available. I now see a new OCSP test failure, namely test 3 (revoked certificate). The revocation is correctly detected [Sat Oct 20 06:14:46.492343 2018] [ssl:error] [pid

Re: error: ‘DEFAULT_REL_STATEDIR’ undeclared

Am 21.10.2018 um 12:58 schrieb Danesh Daroui: Hi all, I cannot compile the code on trunk. I get the following error when I try to compile the code: error: ‘DEFAULT_REL_STATEDIR’ undeclared I bisected the mainstream using git and the erroneous commit seems to be: --- commit

<    6   7   8   9   10   11   12   13   14   >