Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c

2021-10-07 Thread Rainer Jung
Am 07.10.2021 um 14:27 schrieb yla...@apache.org: Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff ==

Re: [VOTE] Release httpd-2.4.50-rc1 as httpd-2.4.50

2021-10-02 Thread Rainer Jung
Thanks for testing Dennis. We need to get this release out quick due to regressions, so it wasn't the right moment to apply the OpenSSL patch. I'm confident, that Joe's OpenSSL 3.0.0 patch will be included in the next regular 2.4 release. Best regards, Rainer Am 02.10.2021 um 13:01 schrieb

Re: sending announcement mail

2021-09-18 Thread Rainer Jung
Am 16.09.2021 um 13:59 schrieb ste...@eissing.org: Am 16.09.2021 um 13:57 schrieb ste...@eissing.org: Am 16.09.2021 um 13:50 schrieb ste...@eissing.org: Am 16.09.2021 um 13:46 schrieb Daniel Gruno : it's on announce@httpd.a.o already. I modded it through. You need to send it to

Re: trunk/rc usable with OpenSSL 3.0.0 ?

2021-09-13 Thread Rainer Jung
Hi Dennis, Am 13.09.2021 um 11:05 schrieb Dennis Clarke: On 9/13/21 04:22, Joe Orton wrote: On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote: ALL : I may receive no reply to this but in general I have been able to build Apache httpd from any release tarball as well as from

APR 1.7.1 release?

2021-08-31 Thread Rainer Jung
Hi there, any chance we find an RM for a APR 1.7.1 release? At least there was the fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them platform specific or build improvements). Last release 1.7.0 was in April 2019. For APR-util I don't know the current state and release

Re: Late(r) stop of children processes on restart

2021-08-25 Thread Rainer Jung
Thanks for the headroom explanation Yann, good reading! Rainer Am 25.08.2021 um 13:23 schrieb Yann Ylavic: On Tue, Jun 29, 2021 at 3:00 PM Rainer Jung wrote: Am 29.06.2021 um 14:31 schrieb Stefan Eissing: Can comment really on the diff, but totally agree on the goal to minimize

Re: Late(r) stop of children processes on restart

2021-06-29 Thread Rainer Jung
Am 29.06.2021 um 14:31 schrieb Stefan Eissing: Can comment really on the diff, but totally agree on the goal to minimize the unresponsive time and make graceful less disruptive. So +1 for that. +1 on the intention as well. Not sure, whether that means people would need more headroom in the

Question about APR trunk and httpd ldap modules

2021-05-27 Thread Rainer Jung
Hi there, is my understanding correct, that even httpd trunk (and then also 2.4.x) needs LDAP support in APR/APU to build mod_ldap and mod_authnz_ldap? So since we removed LDAP support from APR trunk, that means those modules currently can not be build using APR trunk, neither in httpd

Test suite using OpenSSL 0.9.8 client against OpenSSL 3.0.0 server

2021-05-24 Thread Rainer Jung
FYI: the problems I observed when running the httpd test suite using an OpenSSL 0.9.8zh based client against a server build using OpenSSL 3.0.0 originated in the fact, that OpenSSL 3.0.0 by default no longer allows RSA SHA1 and DSA SHA1 as signature algorithms. But 0.9.8 only support TLS 1.0

Re: [VOTE] Release httpd-2.4.48

2021-05-23 Thread Rainer Jung
Am 17.05.2021 um 23:36 schrieb Christophe JAILLET: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.48: [X] +1: It's not just

Re: Build warnings in 2.4.48

2021-05-20 Thread Rainer Jung
Am 20.05.2021 um 14:07 schrieb Noel Butler: On 20/05/2021 21:19, Rainer Jung wrote: Hi there, I saw the following build warnings in 2.4.48: modules/md/md_crypt.c:1382: warning: passing argument 1 of ‘BIO_new_mem_buf’ discards qualifiers from pointer target type [-Wdiscarded-qualifiers

Build warnings in 2.4.48

2021-05-20 Thread Rainer Jung
Hi there, I saw the following build warnings in 2.4.48: modules/md/md_crypt.c:1382: warning: passing argument 1 of ‘BIO_new_mem_buf’ discards qualifiers from pointer target type [-Wdiscarded-qualifiers] => happens only when building against OpenSSL 1.0.2 (initial release, no letter suffix).

Re: [VOTE] Release httpd-2.4.47

2021-04-27 Thread Rainer Jung
Am 22.04.2021 um 11:25 schrieb Christophe JAILLET: Hi, all;   Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.47: [ ] +1: It's not just

Re: httpd 2.4.x TLS proxy and OpenSSL 3.0.0alpha15: CRL problem

2021-04-26 Thread Rainer Jung
OK, it is a bug or behavior change in the "openssl crl" command line for 3.0.0 that leads to the CRL symlinks not being created any more. I raised https://github.com/openssl/openssl/issues/15031 Regards, Rainer Am 26.04.2021 um 15:34 schrieb Rainer Jung: I am still investigati

Re: httpd 2.4.x TLS proxy and OpenSSL 3.0.0alpha15: CRL problem

2021-04-26 Thread Rainer Jung
I am still investigating further, bit this is due to the fact, that the CRL symlink in the crl directory is missing. Might be a local integration issue. Will look further. Am 26.04.2021 um 13:27 schrieb Rainer Jung: When building 2.4.47 using OpenSSL 3.0.0alpha15 and running the test suite

httpd 2.4.x TLS proxy and OpenSSL 3.0.0alpha15: CRL problem

2021-04-26 Thread Rainer Jung
When building 2.4.47 using OpenSSL 3.0.0alpha15 and running the test suite, the proxy TLS connection fails with "Certificate Verification: Error (3): unable to get certificate CRL": [Mon Apr 26 10:00:50.352111 2021] [ssl:trace3] [pid 16699:tid 140438686086912] ssl_engine_kernel.c(2213):

OpenSSL 3.0.0 deprecations

2021-04-26 Thread Rainer Jung
FYI: here's a list of symbols for which I get deprecation warnings when compiling httpd 2.4.47 (plus bundled APU) against current OpenSSL 3.0.0alpha15: srclib/apr-util/crypto/apr_crypto_openssl.c:141:5 ENGINE_load_builtin_engines srclib/apr-util/crypto/apr_crypto_openssl.c:142:5

Re: mod_http2: .gitignore contains Makefile.in

2020-08-10 Thread Rainer Jung
: Am 10.08.2020 um 16:38 schrieb Rainer Jung : Hi there, the .gitignore file in modules/http2 contains "Makefile.in". That's probably OK for the upstream Github variant, which contains a Makefile.am, but in our svn repos for httpd the Makefile.in is needed as the source of the Makefile

mod_http2: .gitignore contains Makefile.in

2020-08-10 Thread Rainer Jung
Hi there, the .gitignore file in modules/http2 contains "Makefile.in". That's probably OK for the upstream Github variant, which contains a Makefile.am, but in our svn repos for httpd the Makefile.in is needed as the source of the Makefile generation. Of course our svn doesn't care about

Re: svn commit: r40863 - /dev/httpd/ /release/httpd/

2020-08-05 Thread Rainer Jung
and to ensure the type of release (bug, security, enhancement) is correct. It appears as though the file was just changed, but really it's just because the text was bumped as-is from the 'dev' location to the 'dist' location. -- Daniel Ruggeri On August 5, 2020 7:23:33 AM CDT, Rainer Jung wrote

Re: svn commit: r40863 - /dev/httpd/ /release/httpd/

2020-08-05 Thread Rainer Jung
no longer linked against -lsystemd if mod_systemd + is enabled (and built as a DSO). [Rainer Jung] + + *) mod_proxy_http2: respect ProxyTimeout settings on backend connections + while waiting on incoming data. [Ruediger Pluem, Stefan Eissing] + Changes with Apache 2.4.43 + *) mod_ssl: F

Re: First impressions from OpenSSL 3.0.0 and httpd 2.4.45

2020-08-04 Thread Rainer Jung
ith a auto-loaded openssl.cnf which contained the lines to load the legacy provider. The provider got loaded, but still the handshakes with the old OpenSSL fail. Don't know why. Probably not the biggest problem, because 0.9.8 based clients should really not matter when thinking about 3.0.0 su

Re: [VOTE] Release httpd-2.4.46

2020-08-04 Thread Rainer Jung
Am 01.08.2020 um 16:13 schrieb Daniel Ruggeri: Hi, all;    Third time is a charm! Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.46: [X] +1:

First impressions from OpenSSL 3.0.0 and httpd 2.4.45

2020-08-01 Thread Rainer Jung
Hi there, during release testing for 2.4.45 I also built and tested using OpenSSL 3.0.0alpha5 on the server. Overall first results are pretty good: - a few deprecation warnings during compilation: modules/ssl/ssl_engine_config.c:610:5: warning: 'ENGINE_by_id' is deprecated

Re: Pending fixes or reroll? Was: [RESULT] [VOTE] Release httpd-2.4.45

2020-07-31 Thread Rainer Jung
(who fixed it on trunk) oand/or Christophe, who backported it. Best regards, Rainer Am 31.07.2020 um 15:36 schrieb Rainer Jung: Since there wasn't yet any reaction to Daniel's question: Is anybody right now working on more warnings fixes for Windows? The most prominent one (missing APLO

Pending fixes or reroll? Was: [RESULT] [VOTE] Release httpd-2.4.45

2020-07-31 Thread Rainer Jung
Since there wasn't yet any reaction to Daniel's question: Is anybody right now working on more warnings fixes for Windows? The most prominent one (missing APLOGNo number = missing macro argument) IMHO was already fixed by Christophe in r1880438. Anything else worth waiting for or are we (is

Re: Providing near-time averaged monitoring data for mod_systemd and mod_status

2020-04-27 Thread Rainer Jung
Am 27.04.2020 um 15:57 schrieb Joe Orton: On Sat, Apr 25, 2020 at 08:10:40PM +0200, Rainer Jung wrote: Patch available at home.apache.org/~rjung/patches/httpd-trunk-mon-snaps-v1_2.patch Very nice! +1 from me. Does the times_per_thread logic still make any sense? It's always been wrong

Re: Providing near-time averaged monitoring data for mod_systemd and mod_status

2020-04-27 Thread Rainer Jung
Am 27.04.2020 um 17:28 schrieb Yann Ylavic: On Mon, Apr 27, 2020 at 5:18 PM Rainer Jung wrote: Hi Yann, Am 27.04.2020 um 16:40 schrieb Yann Ylavic: Hi Rainer, On Mon, Apr 27, 2020 at 3:17 PM Rainer Jung wrote: Thanks for this. Could you please create this as a PR on github as well

Re: Providing near-time averaged monitoring data for mod_systemd and mod_status

2020-04-27 Thread Rainer Jung
Hi Yann, Am 27.04.2020 um 16:40 schrieb Yann Ylavic: Hi Rainer, On Mon, Apr 27, 2020 at 3:17 PM Rainer Jung wrote: Thanks for this. Could you please create this as a PR on github as well? This ensures that all the Travis tests are run for your patch. Thanks Rüdiger. Done and indeed

Re: Providing near-time averaged monitoring data for mod_systemd and mod_status

2020-04-27 Thread Rainer Jung
Am 27.04.2020 um 08:57 schrieb Ruediger Pluem: On 4/25/20 8:10 PM, Rainer Jung wrote: Patch available at home.apache.org/~rjung/patches/httpd-trunk-mon-snaps-v1_2.patch Thanks for this. Could you please create this as a PR on github as well? This ensures that all the Travis tests are run

Providing near-time averaged monitoring data for mod_systemd and mod_status

2020-04-25 Thread Rainer Jung
ange not yet part of the patch. It compiles fine (maintainer mode) on RHEL 7 x86_64 and on Solaris 10 Sparc and I did some tests with mod_status and mod_systemd. Regards, Rainer Am 24.04.2020 um 18:32 schrieb Rainer Jung: Am 24.04.2020 um 16:21 schrieb Joe Orton: On Fri, Apr 24, 2020 at 12:17

Re: mod_systemd suggestion

2020-04-24 Thread Rainer Jung
Am 24.04.2020 um 16:21 schrieb Joe Orton: On Fri, Apr 24, 2020 at 12:17:19PM +0200, Rainer Jung wrote: Thinking further: I think it would make sense to have a module or core implement the monitor hook to generate that derived data (requests/sec, bytes/sec, durationMs/request, avgConcurrency

Re: mod_systemd suggestion

2020-04-24 Thread Rainer Jung
- mod_status - instead of the long term averages since start. It could probably be added to the code that already provides "sload". That way mod_status would also profit from the more precise average values (taken over the last monitor interval). Regards, Rainer Am 23.04.2020 um 21:29 schr

mod_systemd suggestion

2020-04-23 Thread Rainer Jung
Hi all, triggered by the new mod_systemd I drafted a patch to enhance the monitoring data it provides during the monitor hook run. Currently it publishes important data, like idle and busy slots and total request count, but also not so useful info like requests/second and bytes/second as a

Re: mod_http2 crashes libhttpd.dll in 2.4.43

2020-04-16 Thread Rainer Jung
If I get this right, there is an element in elts, that has a valid string key ("H2_STREAM_ID") bis a NULL value (2nd screenshot) and the condition check in line 527 of the first screen shot checks key against NULL and empty, but value only against empty but not against NULL. So the empty check

Re: mod_http2 crashes libhttpd.dll in 2.4.43

2020-04-14 Thread Rainer Jung
Hi Steffen, I didn't find a stack either, neither in the mail thread here nor in the one on you forum. Just the error log lines and the clear text for the windows error code. Regards, Rainer Am 14.04.2020 um 11:51 schrieb Steffen: Few posts above there is a GDB back trace. On Tuesday

Re: mod_http2 crashes libhttpd.dll in 2.4.43

2020-04-14 Thread Rainer Jung
sill contain that - now unused - struct member? Regards, Rainer Am 14.04.2020 um 11:05 schrieb Rainer Jung: Hi Stefen, I think Stefan refers to his "somehow was partially using the old header file". So during the build, there should be no other (from other versions) header files fro

Re: mod_http2 crashes libhttpd.dll in 2.4.43

2020-04-14 Thread Rainer Jung
Hi Stefen, I think Stefan refers to his "somehow was partially using the old header file". So during the build, there should be no other (from other versions) header files from APR, APR-UTIL oder HTTPD anywhere on the build system where the build process might find and use them. He was

Re: Building from svn on MacOS

2020-04-13 Thread Rainer Jung
Am 13.04.2020 um 23:27 schrieb William A Rowe Jr: On Mon, Apr 13, 2020 at 4:21 PM Christopher Schultz mailto:ch...@christopherschultz.net>> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 William, >> I'm having some trouble building 2.4.x directly from svn. >>

Re: Solaris, prefork, accept mutex and mod_ext_filter (Was: Prefork MPM and mod_watchdog)

2020-03-30 Thread Rainer Jung
Am 30.03.2020 um 11:28 schrieb Joe Orton: On Mon, Mar 30, 2020 at 12:31:05AM +0200, Rainer Jung wrote: I can now see the same problem on Linux (eg. RHEL 7, SLES 12 and SLES 15) when doing testing for 2.4.43. I think it is not a regression and for me it is not a showstopper, but something

Re: [VOTE] Release httpd-2.4.43

2020-03-29 Thread Rainer Jung
Am 26.03.2020 um 15:50 schrieb Daniel Ruggeri: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.43: [X] +1: It's not just good,

Re: Solaris, prefork, accept mutex and mod_ext_filter (Was: Prefork MPM and mod_watchdog)

2020-03-29 Thread Rainer Jung
description for Solaris also holds for Linux. Regards, Rainer Am 03.02.2019 um 13:30 schrieb Rainer Jung: I can now frequently reproduce running t/modules/ext_filter.t only. I stripped the reproducer down to the part of t/modules/ext_filter.t where it runs POST "/apache/extfilter/out-limit/module

Re: OpenSSL 1.1.1e New EOF detection breaks session resumption

2020-03-27 Thread Rainer Jung
Am 27.03.2020 um 19:24 schrieb Steffen: A discussion started on Apachelounge about an possible issue with OpenSSL 1.1.1e ( https://www.apachelounge.com/viewtopic.php?p=38941#38941 ) This is the introduced new EOF in 1.1.1e :

Re: Broken: apache/httpd#515 (2.4.x - e936ddc)

2020-03-25 Thread Rainer Jung
Thanks to you for the help and patience anfd for maintaing Travis! Regards, Rainer Am 25.03.2020 um 16:15 schrieb Joe Orton: On Wed, Mar 25, 2020 at 11:20:32AM +0100, Rainer Jung wrote: And now I notice that's of course not appropriate (everone needing to change the call to the Makefile. So

Re: Errored: apache/httpd#521 (2.4.x - 5a6c1d7)

2020-03-25 Thread Rainer Jung
fication_source=email> arrow to build time clock icon11 mins and 11 secs Rainer Jung avatarRainer Jung 5a6c1d7 CHANGESET → <https://github.com/apache/httpd/compare/a6c6191bea8a...5a6c1d7d53df> Trivial change to trigger Travis build. git-svn-id: https://svn.apache.org/repos/asf/ht

Re: Broken: apache/httpd#515 (2.4.x - e936ddc)

2020-03-25 Thread Rainer Jung
Am 25.03.2020 um 11:06 schrieb Joe Orton: On Tue, Mar 24, 2020 at 11:35:38PM +0100, Rainer Jung wrote: Excellent. That gave me the right idea where to look at. I found a way to pass additionals args inside Makefile.PL into Apache::TestMM::Argv which get automatically added to $vars in Apache

Re: Broken: apache/httpd#515 (2.4.x - e936ddc)

2020-03-24 Thread Rainer Jung
um 18:35 schrieb Joe Ortqon: On Tue, Mar 24, 2020 at 05:55:20PM +0100, Rainer Jung wrote: I've got the following problem: I want to use a new config var in Apache::Test as a patern to replace in extra.conf.in. I added the bvar to Apache::Test::Config, but it seems Travis uses only a released

Re: Broken: apache/httpd#515 (2.4.x - e936ddc)

2020-03-24 Thread Rainer Jung
I've got the following problem: I want to use a new config var in Apache::Test as a patern to replace in extra.conf.in. I added the bvar to Apache::Test::Config, but it seems Travis uses only a released version of Apache::Test. Is there a way of influencing Apache::Test early from our own

Re: svn commit: r1875569 - in /httpd/test/framework/trunk/t: apache/limits.t conf/extra.conf.in

2020-03-24 Thread Rainer Jung
Hi Yann, Am 24.03.2020 um 14:04 schrieb Yann Ylavic: On Tue, Mar 24, 2020 at 11:13 AM wrote: Author: rjung Date: Tue Mar 24 10:13:36 2020 New Revision: 1875569 [] +my $limitrequestlinex2 = Apache::Test::config()->{vars}->{limitrequestlinex2}; s/linex2};/line} * 2;/ ? The x2 variant is

Re: Use of [skip ci] in commit messages to avoid Travis builds

2020-03-23 Thread Rainer Jung
Am 23.03.2020 um 20:12 schrieb Ruediger Pluem: On 3/23/20 6:22 PM, Rainer Jung wrote: Am 23.03.2020 um 16:56 schrieb Joe Orton: On Sat, Feb 08, 2020 at 12:01:29PM +0100, Luca Toscano wrote: Hi everybody, Travis is able to read commit messages and skip the CI workflow if the "[sk

Re: Use of [skip ci] in commit messages to avoid Travis builds

2020-03-23 Thread Rainer Jung
Am 23.03.2020 um 16:56 schrieb Joe Orton: On Sat, Feb 08, 2020 at 12:01:29PM +0100, Luca Toscano wrote: Hi everybody, Travis is able to read commit messages and skip the CI workflow if the "[skip ci]" magic sequence is added somewhere. I keep forgetting about it too, but it would be nice if we

Re: [VOTE] Release httpd-2.4.42

2020-03-23 Thread Rainer Jung
Am 23.03.2020 um 16:18 schrieb Daniel Ruggeri: Hi, all;    Per the issues surfaced/fixed, I'll go ahead and declare this release as dead-on-the vine. I'll target another T later this week, hopefully after the discussion around OpenSSL versioning plays out.    How about Thursday? Works for

Re: svn commit: r1875544 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

2020-03-23 Thread Rainer Jung
Thanks for the feedback. Proposed for 2.4.x a minute ago. Am 23.03.2020 um 14:48 schrieb Ruediger Pluem: On 3/23/20 2:44 PM, Rainer Jung wrote: The dependency on SSL_CTX_get_min_proto_version() and SSL_CTX_get_max_proto_version() was introduced in October by Yann's "r1868645 mo

Re: svn commit: r1875544 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

2020-03-23 Thread Rainer Jung
/* -- kippdata informationstechnologie GmbH Tel: 0228 98549 -0 Bornheimer Str. 33aFax: 0228 98549 -50 53111 Bonn www.kippdata.de HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417 Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann

mod_proxy_ajp backport for "secret" attribute to 2.4.x

2020-02-23 Thread Rainer Jung
Just a heads up: the support for the "secret" atribute in mod_proxy_ajp has not been backported: https://bz.apache.org/bugzilla/show_bug.cgi?id=53098 Tomcat hardened its AJP connector in the latest patch releases and by default now requires the proxy to send such a "secret". This can be

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
O while (((bytes_read < MAX_MEM_SPOOL - 80) && (APR_BRIGADE_EMPTY(input_brigade) || !APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade { ... } That's intended? Regards, Rainer Am 29.10.2019 um 16:23 schrieb Rainer Jung: Am 29.10.2019 um 16:19 schrieb Yann Ylavic

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
Hi Yann, Am 29.10.2019 um 16:58 schrieb Yann Ylavic: On Tue, Oct 29, 2019 at 4:24 PM Rainer Jung wrote: Thank you Yann. Let me know when I should test something. It's OK, if it is not yet the final fix ;) The attached patch seems to work for me.. LGTM. I applied/ported to 2.4.x, it fixes

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
Am 29.10.2019 um 16:19 schrieb Yann Ylavic: Hi Rainer, thanks for looking at this. Aha, and this is due to the fact, that r1656259 "mod_proxy_http: don't connect or reuse backend before prefetching request body." or parts of it was backported from trunk to 2.4 as part of r1860166. Yes,

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
e r1656259 in February 2015 :( Regards, Rainer Am 29.10.2019 um 14:21 schrieb Rainer Jung: The reason why this fails now is that we prefetch in 2.4.41 the request body before doing the connection check to the backend. In 2.4.39 we did that after doing the check, so the body was still there when doing

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
to the old order. Regards, Rainer Am 29.10.2019 um 12:46 schrieb Rainer Jung: This happens in the case of a small body. We read the body into req->input_brigade in ap_proxy_http_prefetch() before trying the first node, but then loose it on the second node, because we use another req and t

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
ggered by favicon.ico and you'll not notice the problem in the POST request: ProxyPass /favicon.ico ! Regards, Rainer Am 29.10.2019 um 11:15 schrieb Rainer Jung: A first heads-up: it seems this commit broke failover for POST requests. Most (or all?) of the times a balancer failover happens for a POST r

Re: svn commit: r1860166 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http2/ modules/proxy/ server/

2019-10-29 Thread Rainer Jung
A first heads-up: it seems this commit broke failover for POST requests. Most (or all?) of the times a balancer failover happens for a POST request, the request send to the failover node has a Content-Length of "0" instead of the real content length. I use a trivial setup like this:

Re: Time for httpd 2.6.x?

2019-10-23 Thread Rainer Jung
I guess you would want to take trunk as a starting point? We would probably start with releasing (more) 2.5 alphas/betas. Maybe we can defer branching to the point, where we aim at the first 2.6.0 GA. At least I am not aware of a pressing need to do more breaking changes in trunk right now

Re: Problem w/ Revision 1864435

2019-09-19 Thread Rainer Jung
Hi Bill, Am 19.09.2019 um 19:39 schrieb William A Rowe Jr: This commit somehow missed my inbox (and wasn't quoted in your observations) http://svn.apache.org/viewvc?view=revision=1864435 Rainer, you observed in the commit notes; The GCC flag "-Wno-error=comment" introduced byr1855446

Re: [VOTE] Release httpd-2.4.41

2019-08-12 Thread Rainer Jung
Am 09.08.2019 um 15:40 schrieb Daniel Ruggeri: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.41: [X] +1: It's not just good, it's

Re: svn commit: r1864464 - in /httpd/httpd/trunk/modules/filters: mod_proxy_html.c mod_xml2enc.c

2019-08-06 Thread Rainer Jung
Thank you. It's funny, that the warning happens directly before the new pragma use to influence -Wcomment ... Regards, Rainer Am 06.08.2019 um 09:54 schrieb jor...@apache.org: Author: jorton Date: Tue Aug 6 07:54:24 2019 New Revision: 1864464 URL:

Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t

2019-08-06 Thread Rainer Jung
Am 04.08.2019 um 23:14 schrieb Daniel Ruggeri: On 8/4/2019 3:30 AM, Rainer Jung wrote: Hi there, this one fails for me when the server uses OpenSSL 1.1.1 (no other variant tested yet) but the client uses something before 1.1.1. In this case I get Status 500 instead of the expected 403

Re: apr_json.h not found!

2019-08-05 Thread Rainer Jung
As far as I can see it is only part of APR-UTIL 1.7.x, which did not yet see any release. You would need to check it out from svn, run buildconf in the checkout and then do the usual configure, make, ... But note it is not released software. Good enough for testing and probably a first

Re: svn commit: r1864425 - in /httpd/httpd/trunk/modules/md:md_acme_acct.c md_acme_order.c md_crypt.c md_time.c md_version.h mod_md.cmod_md_config.c mod_md_drive.c

2019-08-05 Thread Rainer Jung
in: mod_proxy mod_http2 mod_ssl On Monday 05/08/2019 at 12:32, Rainer Jung  wrote: Hi Stefan, Am 05.08.2019 um 12:27 schrieb ic...@apache.org: Author: icing Date: Mon Aug  5 10:27:34 2019 New Revision: 1864425 URL: http://svn.apache.org/viewvc?rev=1864425=rev Log: * mod_md: fix compiler

Re: svn commit: r1864425 - in /httpd/httpd/trunk/modules/md: md_acme_acct.c md_acme_order.c md_crypt.c md_time.c md_version.h mod_md.c mod_md_config.c mod_md_drive.c

2019-08-05 Thread Rainer Jung
Hi Stefan, Am 05.08.2019 um 12:27 schrieb ic...@apache.org: Author: icing Date: Mon Aug 5 10:27:34 2019 New Revision: 1864425 URL: http://svn.apache.org/viewvc?rev=1864425=rev Log: * mod_md: fix compiler warnings thanks for that. Some trailing spaces have now slipped in though (judged on

Compilation warnings in 2.4.40 mod_md

2019-08-05 Thread Rainer Jung
Nothing critcal, just as an info that we should silence them before the next release: /path/to/modules/md/md_time.c:222: warning: ‘percent’ may be used uninitialized in this function /path/to/modules/md/md_time.c:238:65: warning: 'percent' may be used uninitialized in this function

Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t

2019-08-04 Thread Rainer Jung
Hi there, this one fails for me when the server uses OpenSSL 1.1.1 (no other variant tested yet) but the client uses something before 1.1.1. In this case I get Status 500 instead of the expected 403 in the client. Another older test t/security/CVE-2005-2700.t uses ok !t_cmp($r->code, 200,

Vote thread for 2.4.40 not started yet?

2019-08-03 Thread Rainer Jung
Hi Daniel, did you forget to start the vote thread or are the uploads not ready yet? Thanks and regards, Rainer Am 02.08.2019 um 22:18 schrieb drugg...@apache.org: Author: druggeri Date: Fri Aug 2 20:18:19 2019 New Revision: 35120 Log: Add 2.4.40 files Added: dev/httpd/CHANGES_2.4

Re: changelog mod_md ssl patch

2019-08-03 Thread Rainer Jung
Hi Steffen, Am 03.08.2019 um 12:36 schrieb Steffen: Changelog says mod_ssl needs patch. That is a typo or where is the patch.  *) mod_md: new features     - supports the ACMEv2 protocol     - new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available I

Re: release?

2019-07-20 Thread Rainer Jung
m 20.07.2019 um 10:38 schrieb Marion & Christophe JAILLET: Hi, PR60757 and corresponding r1853560 could be a good candidate for backport. I don't have a configuration for testing so I won't propose it myself for backport, but the patch looks simple. I have added this one (mod_proxy_hcheck

Re: crash during httpd cleanup when using APR debug library (APR_POOL_DEBUG)

2019-07-17 Thread Rainer Jung
Thanks Rüdiger. I hadn't expected it to be fixed in trunk long ago. I see now, that there are more useful pool debug backports sitting in trunk. Will look at it soon. Regards, Rainer Am 17.07.2019 um 12:09 schrieb Ruediger Pluem: On 07/17/2019 11:43 AM, Rainer Jung wrote: Am 17.07.2019

Re: crash during httpd cleanup when using APR debug library (APR_POOL_DEBUG)

2019-07-17 Thread Rainer Jung
Am 17.07.2019 um 10:03 schrieb Ruediger Pluem: On 07/16/2019 11:28 PM, Rainer Jung wrote: cross-posted to APR+HTTPD Crahs happens in #2 0x7faf4c154945 in raise () from /lib64/libc.so.6 #3 0x7faf4c155f21 in abort () from /lib64/libc.so.6 #4 0x7faf4c14d810 in __assert_fail

crash during httpd cleanup when using APR debug library (APR_POOL_DEBUG)

2019-07-16 Thread Rainer Jung
cross-posted to APR+HTTPD Crahs happens in #2 0x7faf4c154945 in raise () from /lib64/libc.so.6 #3 0x7faf4c155f21 in abort () from /lib64/libc.so.6 #4 0x7faf4c14d810 in __assert_fail () from /lib64/libc.so.6 #5 0x7faf4c694219 in __pthread_tpp_change_priority () from

Re: svn commit: r1859376 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/filters/mod_reqtimeout.c

2019-05-16 Thread Rainer Jung
] + *) mod_info: Fix output of server settings for PIPE_BUF in mod_info in the rare case that PIPE_BUF is defined. [Rainer Jung] Modified: httpd/httpd/branches/2.4.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1859376=1859375=1859376=diff

Re: [Bug 60757] mod_proxy_hcheck Doesn't perform checks

2019-03-30 Thread Rainer Jung
Hi Jean-Frederic, Am 14.02.2019 um 09:15 schrieb root: https://bz.apache.org/bugzilla/show_bug.cgi?id=60757 jfclere changed: What|Removed |Added Status|NEEDINFO

Re: [VOTE] Release httpd-2.4.39

2019-03-30 Thread Rainer Jung
Am 27.03.2019 um 16:09 schrieb Daniel Ruggeri: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.39: [X] +1: It's not just good,

Re: t/ssl/ocsp.t

2019-02-05 Thread Rainer Jung
Am 05.02.2019 um 11:33 schrieb Joe Orton: On Thu, Jan 17, 2019 at 09:02:02PM +0100, Christophe JAILLET wrote: Hi, I see test errors in #1 and #3 in t/ssl/ocsp.t. Does anyone else see it? I see it too. I changed it as you suggested in r1852984, maybe Rainer will comment if it breaks things

Solaris, prefork, accept mutex and mod_ext_filter (Was: Prefork MPM and mod_watchdog)

2019-02-03 Thread Rainer Jung
Am 31.01.2019 um 10:31 schrieb Stefan Eissing: Am 27.01.2019 um 14:40 schrieb Rainer Jung : - as soon as I enable mod_watchdog only (but not the above modules that would use it), the hangs start to happen every now and then. Hmm, that sounds strange. As I understood the code, none

Re: Prefork MPM and mod_watchdog

2019-01-27 Thread Rainer Jung
al problem, pthread mutex failures on Solaris with prefork and mod_watchdog is still open. Regards, Rainer Am 27.01.2019 um 14:40 schrieb Rainer Jung: Hi all, since around 2.4.26 I notice occasional hangs during release testing only on Solaris 10 Sparc when using MPM prefork. Those hangs w

Prefork MPM and mod_watchdog

2019-01-27 Thread Rainer Jung
Hi all, since around 2.4.26 I notice occasional hangs during release testing only on Solaris 10 Sparc when using MPM prefork. Those hangs were always observed during proxy testing. The situation was in most cases (all?), that only one running httpd process was left, so it would accept the

Re: svn commit: r1851794 [1/37] - in /httpd/httpd/trunk/docs/manual: ./ developer/ howto/ misc/ mod/ platform/ programs/ rewrite/ ssl/ vhosts/

2019-01-22 Thread Rainer Jung
Am 22.01.2019 um 15:27 schrieb Eric Covener: Modified: httpd/httpd/trunk/docs/manual/bind.html.de URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/bind.html.de?rev=1851794=1851793=1851794=diff == ---

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Rainer Jung
Am 22.01.2019 um 10:33 schrieb Daniel Gruno: On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote: Hi, in twitter and other social media channels they're talking about a current apache 0 day: https://twitter.com/i/web/status/1087593706444730369 which wasn't handled / isn't currently fixed.

Re: [VOTE] Release httpd-2.4.38

2019-01-20 Thread Rainer Jung
Hi Dennis, Am 21.01.2019 um 00:34 schrieb Dennis Clarke: On 1/20/19 2:19 PM, Rainer Jung wrote: Am 17.01.2019 um 19:49 schrieb Daniel Ruggeri: Hi, all;     Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE

Re: [VOTE] Release httpd-2.4.38

2019-01-20 Thread Rainer Jung
Am 17.01.2019 um 19:49 schrieb Daniel Ruggeri: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.38: [X] +1: It's not just good,

Re: AH02268: Proxy client certificate callback: downstream server wanted client certificate but none are configured

2019-01-05 Thread Rainer Jung
Am 05.01.2019 um 15:10 schrieb Graham Leggett: Hi all, I am trying to connect an httpd reverse proxy to a backend tomcat, and have this particular hop protected by a client certificate. The error I get is: [Sat Jan 05 14:02:54.252552 2019] [ssl:warn] [pid 16448:tid 139929388369664] AH02268:

Re: Test framework regressions - spelling and usertrack

2018-10-22 Thread Rainer Jung
Am 22.10.2018 um 15:45 schrieb Yann Ylavic: On Mon, Oct 22, 2018 at 3:28 PM Yann Ylavic wrote: On Mon, Oct 22, 2018 at 3:09 PM Jim Jagielski wrote: These are new from a coupla day ago: Both tests were added a few days ago, so probably not a regression (test issues likely). FWIW, both

Re: t/modules/http2.t: Run only if OpenSSL >= 1.0.0 is available

2018-10-22 Thread Rainer Jung
This seems to work nicely, committed in r1844546. Tests with old OpenSSL either in client or server result in TLSv1 and disable h2 tests. TLS test requests that result in TLSv1_2 or TLSv1_3 enable h2 tests. Regards, Rainer Am 22.10.2018 um 12:37 schrieb Rainer Jung: I wonder whether it would

Re: t/modules/http2.t: Run only if OpenSSL >= 1.0.0 is available

2018-10-22 Thread Rainer Jung
6:46 AM, Rainer Jung wrote: Am 18.10.2018 um 14:23 schrieb Stefan Eissing: Am 18.10.2018 um 14:12 schrieb Rainer Jung : - t/modules/http2.t fails when the server is build using OpenSSL 0.9.8zh with the "Bad plan.  You planned 52 tests..." message indicating, that h2 using TLS doe

Re: t/security/CVE-2009-3555.t fails in 2.4.37 with TLS 1.3 - also false positive?

2018-10-22 Thread Rainer Jung
Can anyone comment on the below, especially whether this test should be disabled when used with TLS 1.3 (modern access) and whether it is OK (a wrong test definition) for 1.3 to actually handle the prefix attack request? Regards, Rainer Am 20.10.2018 um 08:16 schrieb Rainer Jung: Test t

Re: [VOTE] Release httpd-2.4.37

2018-10-21 Thread Rainer Jung
Hi Dennis, Am 22.10.2018 um 02:15 schrieb Dennis Clarke: On 10/21/2018 08:03 PM, Rainer Jung wrote: Am 18.10.2018 um 16:36 schrieb Daniel Ruggeri: Hi, all;     Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call

Re: [VOTE] Release httpd-2.4.37

2018-10-21 Thread Rainer Jung
Am 18.10.2018 um 16:36 schrieb Daniel Ruggeri: Hi, all;    Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.37: [X] +1: It's not just good,

Re: error: ‘DEFAULT_REL_STATEDIR’ undeclared

2018-10-21 Thread Rainer Jung
Am 21.10.2018 um 12:58 schrieb Danesh Daroui: Hi all, I cannot compile the code on trunk. I get the following error when I try to compile the code: error: ‘DEFAULT_REL_STATEDIR’ undeclared I bisected the mainstream using git and the erroneous commit seems to be: --- commit

t/modules/http2.t: Run only if OpenSSL >= 1.0.0 is available

2018-10-21 Thread Rainer Jung
Am 18.10.2018 um 14:23 schrieb Stefan Eissing: Am 18.10.2018 um 14:12 schrieb Rainer Jung : - t/modules/http2.t fails when the server is build using OpenSSL 0.9.8zh with the "Bad plan. You planned 52 tests..." message indicating, that h2 using TLS does not work. It happens on all

Re: Test suite and OpenSSL 1.1.1

2018-10-20 Thread Rainer Jung
Plus r1844425 which simplifies TestRequest.pm since IO::Socket::SSL has a working getline(). Am 20.10.2018 um 09:59 schrieb Rainer Jung: I now also added r1844396 to allow setting the CA for peer cert verification and used it in echo.t and nttp-like.t to unbreak their ssl testing (r1844397

Re: Test suite and OpenSSL 1.1.1

2018-10-20 Thread Rainer Jung
Am 20.10.2018 um 13:26 schrieb Christophe JAILLET: Le 20/10/2018 à 11:00, Rainer Jung a écrit : Am 20.10.2018 um 10:27 schrieb Christophe JAILLET: Le 20/10/2018 à 09:56, Rainer Jung a écrit : Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am

  1   2   3   4   5   6   7   8   9   10   >