Re: apr "the latest available version"

2017-10-26 Thread Reindl Harald
Am 26.10.2017 um 12:38 schrieb Graham Leggett: On 26 Oct 2017, at 12:31 PM, Reindl Harald <h.rei...@thelounge.net> wrote: i am not going to subscribe to every single devel list out there for single issues and had already submitted a bug as 1.6.x was over months invisible when you

Re: apr "the latest available version"

2017-10-26 Thread Reindl Harald
Am 25.10.2017 um 18:26 schrieb Daniel Gruno: On 10/25/2017 06:23 PM, Reindl Harald wrote: it is *not* helpful when you already have deployed httpd 2.4.29 that you by random luck face a apr-1.6.3 build on the fedora buildserver I'd suggest you post this to d...@apr.apache.org if you want

apr "the latest available version"

2017-10-25 Thread Reindl Harald
it is *not* helpful when you already have deployed httpd 2.4.29 that you by random luck face a apr-1.6.3 build on the fedora buildserver (https://koji.fedoraproject.org/koji/buildinfo?buildID=989222) either this stuff on top should be removed completly or properly updated, if it's not there at

Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today

2017-10-13 Thread Reindl Harald
Am 13.10.2017 um 17:05 schrieb William A Rowe Jr: On Oct 13, 2017 08:41, "Stefan Eissing" > wrote: > Am 13.10.2017 um 15:19 schrieb William A Rowe Jr >: > >

Re: [CLOSED] [VOTE] Release Apache httpd 2.4.28 as GA

2017-10-08 Thread Reindl Harald
Am 08.10.2017 um 15:22 schrieb Jim Jagielski: Hrm... looks like it was already announced? At least the website sez it was, and it looks like an Email was sent to announce@a.o but I'm not seeing anything on the httpd lists Weitergeleitete Nachricht Betreff:

Re: [VOTE] Release Apache httpd 2.4.28 as GA

2017-09-29 Thread Reindl Harald
Am 29.09.2017 um 14:16 schrieb Eric Covener: On Fri, Sep 29, 2017 at 6:57 AM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 29.09.2017 um 12:35 schrieb Graham Leggett: On 29 Sep 2017, at 12:25 PM, Reindl Harald <h.rei...@thelounge.net> wrote: it's not about cheap

Re: [VOTE] Release Apache httpd 2.4.28 as GA

2017-09-29 Thread Reindl Harald
Am 29.09.2017 um 12:35 schrieb Graham Leggett: On 29 Sep 2017, at 12:25 PM, Reindl Harald <h.rei...@thelounge.net> wrote: it's not about cheap - it's just questionable that after 2.4.12 the next release is 2.4.16 because it looks not really sane Looks perfectly sensible to me i

Re: [VOTE] Release Apache httpd 2.4.28 as GA

2017-09-29 Thread Reindl Harald
s just questionable that after 2.4.12 the next release is 2.4.16 because it looks not really sane * Fr Jul 10 2015 Reindl Harald <h.rei...@thelounge.net> - update to 2.4.16 (2.4.13, 2.4.14 and 2.4.15 was skipped upstream)

Re: Listen 443 https

2017-09-18 Thread Reindl Harald
lines of code based on apache vhost includes the whole company is driven and implement includs support here would be at least dangerous and hard to test since that all runs over many machines and testing environments 2017-09-18 19:18 GMT+02:00 Reindl Harald <h.rei...@thelounge.net>: Am 1

Re: Listen 443 https

2017-09-18 Thread Reindl Harald
Am 18.09.2017 um 17:56 schrieb Daniel: I tried to read and understand the whole thread and what we are trying to solve here, but I can't help to think this is an attempt at a new ".htaccess" wildcard thing for SSL that will end in greater confusion. in Freenode #httpd we generally try to teach

Re: Listen 443 https (SSLEngine Optional - dual host)

2017-09-16 Thread Reindl Harald
ent lurker everywhere! On Sun, Sep 17, 2017 at 10:24 AM, Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote: that's even more worse - phpMyAdmin 4.4.15.10 seems to handle something wrong because $_SERVER['SERVER_PORT'] is wrong - and i had myself some b

Re: Listen 443 https (SSLEngine Optional - dual host)

2017-09-16 Thread Reindl Harald
fg['ForceSSL'] = true; } Am 14.09.2017 um 18:16 schrieb Reindl Harald: Am 14.09.2017 um 16:08 schrieb Stefan Eissing: Ok, as I read the code a bit more, there is a tangle of things that can influence port/scheme selection. But what I can see, the version in *trunk* should do the right t

Re: Listen 443 https (SSLEngine Optional - dual host)

2017-09-16 Thread Reindl Harald
18:16 schrieb Reindl Harald: Am 14.09.2017 um 16:08 schrieb Stefan Eissing: Ok, as I read the code a bit more, there is a tangle of things that can influence port/scheme selection. But what I can see, the version in *trunk* should do the right thing *iff* a) you use "SSLEngine *:443&quo

Re: Listen 443 https

2017-09-14 Thread Reindl Harald
a form tag and no TLS [root@srv-rhsoft:~]$ apachectl -t AH00526: Syntax error on line 29 of /etc/httpd/conf/sites_enabled/contentlounge.conf: Argument must be On, Off, or Optional Am 14.09.2017 um 15:46 schrieb Reindl Harald <h.rei...@thelounge.net>: Am 14.09.2017 um 15:40 sc

Re: Listen 443 https

2017-09-14 Thread Reindl Harald
Harald <h.rei...@thelounge.net>: Am 10.08.2017 um 18:22 schrieb Reindl Harald: If you want to experiment... is already recognized but with "SSLEngine On" and "SSLCertificateFile" configured non-https no longer would work OK, figured it out * you need the *fi

Re: Listen 443 https

2017-09-14 Thread Reindl Harald
Am 10.08.2017 um 18:22 schrieb Reindl Harald: If you want to experiment... is already recognized but with "SSLEngine On" and "SSLCertificateFile" configured non-https no longer would work OK, figured it out * you need the *first* vhost with "SSLEngine On"

Re: Listen 443 https

2017-08-10 Thread Reindl Harald
Am 10.08.2017 um 17:57 schrieb William A Rowe Jr: On Thu, Aug 10, 2017 at 9:21 AM, Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote: > > > ServerName corecms.example.com <http://corecms.example.com>

Re: Listen 443 https

2017-08-10 Thread Reindl Harald
Am 10.08.2017 um 15:28 schrieb Stefan Eissing: Now that mod_md has landed in trunk, I am looking at more ways to simplify a SSL configuration. Looking at the Listen directive, it has an optional 2nd protocol parameter. Would it be unreasonable to assume that a Listen NNN https means

Re: Content-Type / AddOutputFilterByType DEFLATE text/html

2017-08-07 Thread Reindl Harald
topt($curl, CURLOPT_HEADER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HTTPHEADER, $curl_header); Am 07.08.2017 um 11:12 schrieb Reindl Harald: Hi AddOutputFilterByType DEFLATE text/html is this a bug or somehow expecte

Content-Type / AddOutputFilterByType DEFLATE text/html

2017-08-07 Thread Reindl Harald
Hi AddOutputFilterByType DEFLATE text/html is this a bug or somehow expected behavior that in case the "Content-Type" header also contains a charset mod_defalte don't work as expected which means in case of curl requests only static files are gzip compressed while PHP responses are missing

Re: 2.4.27

2017-07-11 Thread Reindl Harald
Am 11.07.2017 um 14:55 schrieb David Zuelke: On 10. Jul 2017, at 16:04, Reindl Harald <h.rei...@thelounge.net> wrote: Am 06.07.2017 um 19:28 schrieb Jacob Champion: Administrators using prefork who would like to switch to HTTP/2 in the future need to understand the limit

Re: 2.4.27

2017-07-10 Thread Reindl Harald
Am 06.07.2017 um 19:28 schrieb Jacob Champion: Administrators using prefork who would like to switch to HTTP/2 in the future need to understand the limitations of the prefork architecture they have selected. And sure, our users can request that we implement a solution that "just works" with

Re: 2.4.27

2017-07-06 Thread Reindl Harald
Am 06.07.2017 um 19:02 schrieb William A Rowe Jr: +1 to removing support of mom prefork. I'd prefer it still start and if configured, with an [error] level alert in the logs and simply be disabled. Server must start when module is loaded but not configured, e.g. in test framework, IMO with

Re: [VOTE] Release Apache httpd 2.4.26 as GA

2017-06-14 Thread Reindl Harald
Am 13.06.2017 um 19:33 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd version 2.4.26 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.26 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1:

Re: VUDDY: unpatched CVEs in apache httpd

2017-05-24 Thread Reindl Harald
Am 24.05.2017 um 19:12 schrieb Eric Covener: On Wed, May 24, 2017 at 1:05 PM, Reindl Harald <h.rei...@thelounge.net> wrote: than also the source should not be bundeled and instead a requirement to have it installed for build Already covered ITT: "apr-util 1.6.0 will ship without

Re: VUDDY: unpatched CVEs in apache httpd

2017-05-24 Thread Reindl Harald
Am 24.05.2017 um 17:46 schrieb Eric Covener: On Wed, May 24, 2017 at 11:44 AM, Reindl Harald <h.rei...@thelounge.net> wrote: and why does it need to be an embedded copy? It's not required to be embedded than also the source should not be bundeled and instead a requirement to

Re: VUDDY: unpatched CVEs in apache httpd

2017-05-24 Thread Reindl Harald
Am 24.05.2017 um 17:02 schrieb William A Rowe Jr: apr-util 1.6.0 will ship without an embedded copy of the expat software. Obtaining expat and keeping it refreshed and up to date with respect to security patches will become an exercise for the user/admin/vendor. This is scheduled for "RSN" -

RedirectMatch: unexpected behavior within

2017-05-17 Thread Reindl Harald
RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/" that above don't work and don't warn as it is normally the case where a "apachectl -t" clearly says "syntax error, xxx not allowed here" don't work means RedirectMatch also applies to GET-requests which makes it really hard to restrict

Re: Apache leaves shared memory segments

2017-04-17 Thread Reindl Harald
0 Am 17.04.2017 um 13:28 schrieb Reindl Harald: https://bz.apache.org/bugzilla/show_bug.cgi?id=7838 that still happens with 2.4.25 "killall httpd 2> /dev/null" in a script starting a temporary httpd for php-pgo-profiling since it's a SIGTERM should not leave them and f

Apache leaves shared memory segments

2017-04-17 Thread Reindl Harald
https://bz.apache.org/bugzilla/show_bug.cgi?id=7838 that still happens with 2.4.25 "killall httpd 2> /dev/null" in a script starting a temporary httpd for php-pgo-profiling since it's a SIGTERM should not leave them and finally fail after enough runs to allocate shm segment for auth_digest

Re: APr Utils and PostgreSQL

2017-04-09 Thread Reindl Harald
Am 09.04.2017 um 13:16 schrieb Tom Browder: On Sat, Apr 8, 2017 at 18:34 Nick Kew > wrote: On Sat, 2017-04-08 at 16:43 -0500, Tom Browder wrote: > config.log > > https://gist.github.com/tbrowder/2878124ad5fc35cb71a65a38e2950583

Re: APr Utils and PostgreSQL

2017-04-07 Thread Reindl Harald
Am 07.04.2017 um 18:14 schrieb Yann Ylavic: On Fri, Apr 7, 2017 at 6:06 PM, Reindl Harald <h.rei...@thelounge.net> wrote: main question: why in the world are you building from source? https://packages.debian.org/jessie/libaprutil1-dbd-pgsql It happens sometimes on a dev@ list ;)

Re: APr Utils and PostgreSQL

2017-04-07 Thread Reindl Harald
Am 07.04.2017 um 18:10 schrieb Tom Browder: On Fri, Apr 7, 2017 at 11:06 AM, Reindl Harald <h.rei...@thelounge.net> wrote: main question: why in the world are you building from source? https://packages.debian.org/jessie/libaprutil1-dbd-pgsql Because I want to be running the latest

Re: APr Utils and PostgreSQL

2017-04-07 Thread Reindl Harald
Am 07.04.2017 um 17:53 schrieb Tom Browder: On Fri, Apr 7, 2017 at 10:11 AM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 07.04.2017 um 17:06 schrieb Tom Browder: On Fri, Apr 7, 2017 at 09:53 Jordan Gigov <colad...@gmail.com <mailto:colad...@gmail.com>> wrote:

Re: APr Utils and PostgreSQL

2017-04-07 Thread Reindl Harald
Am 07.04.2017 um 17:06 schrieb Tom Browder: On Fri, Apr 7, 2017 at 09:53 Jordan Gigov > wrote: The =DIR parameter is optional. If you have the libpq-dev package installed, it should find it automatically. I do have the dev package

Re: APr Utils and PostgreSQL

2017-04-07 Thread Reindl Harald
Am 07.04.2017 um 15:28 schrieb Tom Browder: I am trying to get the pqsql lib built and cannot get the config option correct. The help says: with-pgsql=DIR What DIR, please? Each package seems to have a different definition of DIR. I have these on my Deb 8 system none when you are

Re: [RFC] ?

2017-02-21 Thread Reindl Harald
Am 21.02.2017 um 23:24 schrieb Eric Covener: On Tue, Feb 21, 2017 at 5:20 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 21.02.2017 um 22:58 schrieb Joe Orton: For cases like HttpProtocolOptions where a new directive is introduced to multiple active branches simultaneously, i

Re: [RFC] ?

2017-02-21 Thread Reindl Harald
Am 21.02.2017 um 22:58 schrieb Joe Orton: For cases like HttpProtocolOptions where a new directive is introduced to multiple active branches simultaneously, it gets awkward to use to write conf files which use the new directive but are compatible across multiple versions. Triggered by a

Re: mood_remoteip ProxyProtocol addition

2017-02-07 Thread Reindl Harald
Am 08.02.2017 um 00:44 schrieb Yann Ylavic: On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic <ylavic@gmail.com> wrote: On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald <h.rei...@thelounge.net> wrote: how can you trust as a php application developer that "X-Forwarded-Pr

Re: mood_remoteip ProxyProtocol addition

2017-02-07 Thread Reindl Harald
Am 07.02.2017 um 23:50 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 07.02.2017 um 22:53 schrieb Yann Ylavic: I mean the application can know about "X-Forwarded-Proto or whatever" header, it could act with it like it

Re: mood_remoteip ProxyProtocol addition

2017-02-07 Thread Reindl Harald
Am 07.02.2017 um 22:53 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: On 7 February 2017 at 22:33, Yann Ylavic wrote: I'm a bit reluctant with these patches, and probably need to be convinced this isn't an application

Re: mood_remoteip ProxyProtocol addition

2017-02-07 Thread Reindl Harald
Am 07.02.2017 um 21:33 schrieb Yann Ylavic: My point is that we are not changing/masquarading something which is remote here (like the client IP address), we are making so that the applications and httpd itself think they are locally talking SSL/TLS. Thus they will send things like "; Secure"

Re: Underscores in hostnames

2017-02-02 Thread Reindl Harald
Am 02.02.2017 um 14:22 schrieb Reindl Harald: Am 02.02.2017 um 13:53 schrieb Joe Orton: Another 2.4.25 regression reported from a Fedora user is that underscores in hostnames are rejected by default now. I couldn't see a specific discussion of this, was it deliberate? underscores

Re: Underscores in hostnames

2017-02-02 Thread Reindl Harald
Am 02.02.2017 um 13:53 schrieb Joe Orton: Another 2.4.25 regression reported from a Fedora user is that underscores in hostnames are rejected by default now. I couldn't see a specific discussion of this, was it deliberate? underscores are not allowed in host names by RFC and many things

Re: Reset out x.minor.z definition of 'minor' at httpd?

2017-01-25 Thread Reindl Harald
Am 26.01.2017 um 00:20 schrieb David Zuelke: On 20.01.2017, at 21:37, Graham Leggett wrote: On 20 Jan 2017, at 7:47 PM, David Zuelke wrote: I'd actually like to question the whole practice of porting features back to older branches. I think that's the

Re: [proposed] 2.4 Maintenance SIG

2017-01-24 Thread Reindl Harald
Am 23.01.2017 um 02:52 schrieb Noel Butler: Perhaps the only person who wont bend over and take it up the arse like some people here expect, if I have an opinion, i'll voice it no, you are just a hypocrite trying to forbid others voice their opinion in their weay but not follow your own

Re: Reset out x.minor.z definition of 'minor' at httpd?

2017-01-19 Thread Reindl Harald
Am 19.01.2017 um 22:43 schrieb William A Rowe Jr: I think one of our disconnects with 2.4 -> 2.6 is that in any other framework, there would be no ABI breakage in 2.6. That breakage would be deferred to and shipped as 3.0 every PHP version in the past decade (5.3, 5.4, 5.6, 7.0, 7.1, 7.2) is

Re: [proposed] 2.4 Maintenance SIG

2017-01-19 Thread Reindl Harald
Am 19.01.2017 um 08:22 schrieb Stefan Eissing: Distros seem to have realized the problem long ago and make their own httpd versions. First time I realized my "httpd 2.4.7" is not the 2.4.7 release was a WTF moment. no, that applies to LTS distros and in that case of nearly any piece of

Re: how make backend applications aware about tls-offloading

2017-01-08 Thread Reindl Harald
different proxy c) change this in your application when there is something you can detect in the application code when proxy / backend play in a more or less defined way together other proxies and backend servers could follow Am 07.01.2017 um 09:30 schrieb Reindl Harald <h.rei...@thelounge.ne

Re: how make backend applications aware about tls-offloading

2017-01-07 Thread Reindl Harald
Am 08.01.2017 um 00:31 schrieb Yann Ylavic: On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald <h.rei...@thelounge.net> wrote: ok, so we need to continue the code below and set the option in every tls-offloaded application - intention of this thread was maybe get this transparent which

Re: how make backend applications aware about tls-offloading

2017-01-07 Thread Reindl Harald
Am 07.01.2017 um 23:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 07.01.2017 um 22:53 schrieb Yann Ylavic: Wouldn't something like this work? RewriteRule on RewriteCond %{ENV:remoteip-proxy-ip-list} . RewriteCond %{HTTP

Re: how make backend applications aware about tls-offloading

2017-01-07 Thread Reindl Harald
Am 07.01.2017 um 22:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald <h.rei...@thelounge.net> wrote: something like below where "X-TLS-Offloading" is only evaluated from "RemoteIPInternalProxy" pyhsical addressess RemoteIPHeader X-For

Re: how make backend applications aware about tls-offloading

2017-01-07 Thread Reindl Harald
clue - On Jan 7, 2017, at 3:30 AM, Reindl Harald h.rei...@thelounge.net wrote: * Apache Trafficserver in front * ATS configured for TLS-offloading * connection to backend-httpd on the LAN unencrypted * mod_remoteip correctly configured on backend httpd is there any way to make the bac

how make backend applications aware about tls-offloading

2017-01-07 Thread Reindl Harald
* Apache Trafficserver in front * ATS configured for TLS-offloading * connection to backend-httpd on the LAN unencrypted * mod_remoteip correctly configured on backend httpd is there any way to make the backend php application aware that in fact $_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME']

Re: --enable-mods-shared don't work

2016-12-30 Thread Reindl Harald
Am 30.12.2016 um 15:06 schrieb Yann Ylavic: On Fri, Dec 30, 2016 at 3:00 PM, Reindl Harald <h.rei...@thelounge.net> wrote: and --enable-modules= don't work too Doesn't setting --enable-modules=none first help? see my last post - only partially normally when i list explicit "t

Re: --enable-mods-shared don't work

2016-12-30 Thread Reindl Harald
/lib64/httpd/modules/mod_proxy_fdpass.so /usr/lib64/httpd/modules/mod_proxy_ftp.so /usr/lib64/httpd/modules/mod_proxy_scgi.so /usr/lib64/httpd/modules/mod_proxy_wstunnel.so Am 30.12.2016 um 15:00 schrieb Reindl Harald: and --enable-modules= don't work too none of the 3 options mentions "dbm&qu

Re: --enable-mods-shared don't work

2016-12-30 Thread Reindl Harald
ache_shmcb unique_id unixd version" \ Am 30.12.2016 um 14:51 schrieb Reindl Harald: what is the purpose of -enable-mods-shared=MODULE-LIST Space-separated list of shared modules to enable when --enable-mods-shared="cgi dav dav_fs dav_lock ext_filter http2 info mime_magic negot

--enable-mods-shared don't work

2016-12-30 Thread Reindl Harald
what is the purpose of -enable-mods-shared=MODULE-LIST Space-separated list of shared modules to enable when --enable-mods-shared="cgi dav dav_fs dav_lock ext_filter http2 info mime_magic negotiation proxy proxy_fcgi proxy_http ssl status substitute" \ --enable-mods-static="alias allowmethods

Re: Post 2.4.25

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 07:08 schrieb William A Rowe Jr: (Again, it's gmail, /shrug. I can attempt to undecorate but doubt I'm moving to a local client/mail store again. If anyone has good gmail formatting tips for their default settings, I'd love a pointer.) yes, setup thunderbird and gmail with

Re: [VOTE] Release Apache httpd 2.4.25 as GA

2016-12-17 Thread Reindl Harald
Am 16.12.2016 um 19:29 schrieb Jim Jagielski: At long, long last, the pre-release test tarballs for Apache httpd version 2.4.25 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.25 GA. [x] +1: Good to go [ ]

Re: PCRE 10 and puzzling edge cases

2016-12-12 Thread Reindl Harald
Am 12.12.2016 um 10:52 schrieb Petr Pisar: I made sure I have installed all Perl modules I found relevant, but I was unable to run the tests against SVN httpd sources. I played with LD_LIBRARY_PATH, apxs etc. but without any good result. At the end I reconfigured httpd sources and installed the

Re: how to build httpd with profile-guided-optimization?

2016-10-11 Thread Reindl Harald
Before you can use this option, you must first generate profiling information. See Optimize Options, for information about the -fprofile-generate option. Am 11.10.2016 um 13:32 schrieb Reindl Harald: https://en.wikipedia.org/wiki/Profile-guided_optimization for PHP it's easy because the makefiles

how tu build httpd with profile-guided-optimization?

2016-10-11 Thread Reindl Harald
https://en.wikipedia.org/wiki/Profile-guided_optimization for PHP it's easy because the makefiles support it directly make %{?_smp_mflags} prof-gen /usr/bin/bash /rpmbuild/PHP-PGO/profile.sh --php_build $PWD make prof-clean make %{?_smp_mflags} prof-use

Re: [PATCH] Introducing mod_brotli

2016-09-19 Thread Reindl Harald
Am 19.09.2016 um 19:56 schrieb Jacob Champion: On 09/19/2016 10:12 AM, Eric Covener wrote: I would prefer to keep them separate even if we have to teach something to coordinate them (a module, some new support in mod_filter, some kind of hook?) +1. (If it proves difficult to make separate

Re: [PATCH] Introducing mod_brotli

2016-09-19 Thread Reindl Harald
Am 19.09.2016 um 16:14 schrieb Evgeny Kotkov: Eric Covener writes: Wow! This is great stuff. Brotli support has been in my TODO queue for awhile. Thanks! +1, cool stuff and thanks! Glad to hear that, thanks everyone. I would be happy to continue the work on this

Re: [PATCH] Introducing mod_brotli

2016-09-16 Thread Reindl Harald
Am 16.09.2016 um 14:59 schrieb Stefan Eissing: Sweet! Am 16.09.2016 um 14:32 schrieb Evgeny Kotkov : Hi all, This patch adds a module for dynamic Brotli (RFC 7932) compression in httpd. The new compression format is supported by Mozilla Firefox since 44.0 and

Re: [users@httpd] rpmbuild for httpd-2.4.23 failed missing mod_proxy_fdpass.so

2016-07-17 Thread Reindl Harald
Am 17.07.2016 um 12:49 schrieb William A Rowe Jr: This is a dev@ level regression, sharing with that list. Please confirm you are using httpd's own rpm. If not, the specific --enable-modules provided for your rpm.spec file may be at issue. confirmed also here with the latest release, i just

Re: Apache Benchmark SNI SSL

2016-07-01 Thread Reindl Harald
Am 01.07.2016 um 15:23 schrieb Yann Ylavic: On Fri, Jul 1, 2016 at 3:17 PM, Yann Ylavic <ylavic@gmail.com> wrote: On Fri, Jul 1, 2016 at 3:02 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 01.07.2016 um 14:41 schrieb Yann Ylavic: The -I does not take any argument,

Re: Apache Benchmark SNI SSL

2016-07-01 Thread Reindl Harald
Am 01.07.2016 um 14:41 schrieb Yann Ylavic: On Fri, Jul 1, 2016 at 1:44 PM, Pietro Paolini wrote: On 1 July 2016 at 11:18, Pietro Paolini wrote: Is it correct ? It does not look good to me. -while ((status = apr_getopt(opt,

Re: Apache Benchmark SNI SSL

2016-06-30 Thread Reindl Harald
Am 30.06.2016 um 20:55 schrieb Yann Ylavic: On Thu, Jun 30, 2016 at 7:21 PM, Pietro Paolini wrote: I have built the httpd-2-.4.20 tarball but the problem is still there, has it been fixed in newer version ? is there a workaround for that ? SNI handling just added

Re: [VOTE] Release Apache httpd 2.4.22 as GA

2016-06-20 Thread Reindl Harald
Am 20.06.2016 um 15:20 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.22 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.22 GA. [x] +1: Good to go [ ] +0: meh [ ] -1: Danger Will

Re: [VOTE] Release Apache httpd 2.4.20 as GA

2016-04-06 Thread Reindl Harald
Am 04.04.2016 um 18:20 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.20 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.20 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will

Re: Status for 2.4.20

2016-03-29 Thread Reindl Harald
Am 29.03.2016 um 09:37 schrieb Noel Butler: On 29/03/2016 01:06, William A Rowe Jr wrote: @Everyone on this thread - keep it civil. On Fri, Mar 25, 2016 at 10:13 PM, Noel Butler > wrote: On 25/03/2016 19:52, Graham Leggett wrote:

Re: Status for 2.4.20

2016-03-26 Thread Reindl Harald
Am 26.03.2016 um 04:44 schrieb Noel Butler: On 26/03/2016 13:32, Reindl Harald wrote: Am 26.03.2016 um 04:13 schrieb Noel Butler: On 25/03/2016 19:52, Graham Leggett wrote: On 23 Mar 2016, at 1:58 PM, Noel Butler <noel.but...@ausics.net> wrote: as stated previously, this shit will

Re: Status for 2.4.20

2016-03-25 Thread Reindl Harald
Am 26.03.2016 um 04:13 schrieb Noel Butler: On 25/03/2016 19:52, Graham Leggett wrote: On 23 Mar 2016, at 1:58 PM, Noel Butler wrote: as stated previously, this shit will happen when certain people push with a release often mentality AFAIK there is *ZERO* critical

Re: [VOTE] Release Apache httpd 2.4.19 as GA

2016-03-22 Thread Reindl Harald
Am 22.03.2016 um 20:59 schrieb William A Rowe Jr: On Tue, Mar 22, 2016 at 2:58 PM, Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote: Am 22.03.2016 um 20:55 schrieb William A Rowe Jr: Can anyone get mod_lbmethod_rr.c to build? my F

Re: [VOTE] Release Apache httpd 2.4.19 as GA

2016-03-22 Thread Reindl Harald
Am 22.03.2016 um 20:55 schrieb William A Rowe Jr: Can anyone get mod_lbmethod_rr.c to build? my Fedora 23 rpm-spec builds without any issue or change - most modules external sub-apckages and typically used ones static [root@srv-rhsoft:~]$ /bin/ls -1 /fileserver/yum-repo/fc23/x86_64/ |

Re: access control for dynamic hosts

2016-02-29 Thread Reindl Harald
Am 29.02.2016 um 07:16 schrieb fab...@apache.org: Maybe the reverse dns is working on your test address? I checked it and yes it does work that way. I never knew it did. Indeed. This feature makes sense because it allows to allow a full domain, say "apache.org", any host of which the

Re: httpd + systemd

2016-02-26 Thread Reindl Harald
Am 26.02.2016 um 17:11 schrieb Tim Bannister: On 26 February 2016, Reindl Harald wrote: in case of a SIGTERM the daemon is supposed to do a clean shutdown anyways [Service] Type=simple EnvironmentFile=-/etc/sysconfig/httpd ExecStart=/usr/sbin/httpd $OPTIONS -D FOREGROUND ExecReload=/usr

Re: BufferedLogs and docs

2016-02-26 Thread Reindl Harald
Am 26.02.2016 um 15:01 schrieb Reindl Harald: http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#bufferedlogs Context: server config is that a documentation error or a error in the module that "BufferedLogs Off" inside a vhost is accepted the config below at least give

BufferedLogs and docs

2016-02-26 Thread Reindl Harald
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#bufferedlogs Context: server config is that a documentation error or a error in the module that "BufferedLogs Off" inside a vhost is accepted the config below at least gives no error and it's unclear if it disables the BufferedLogs

Re: httpd + systemd

2016-02-26 Thread Reindl Harald
Am 26.02.2016 um 10:57 schrieb Graham Leggett: Hi all, I am trying to come up with a vanilla systemd unit file so that our RPM packaging contains a sensible startup on systemd environments, but I’m struggling. With the unit file below the “systemctl restart httpd” command hangs. Usually

Re: 256-bits cipher for HTTP/2 with Chrome

2016-01-15 Thread Reindl Harald
Am 15.01.2016 um 12:00 schrieb Jan Ehrhardt: No question or issue, just a quick note. On Apachelounge Mario Brandt (aka James Bond) once asked the question: "Is there any chance to have a 256 cipher instead of ECDHE-RSA-AES128-GCM-SHA256?" It turns out, that there is a 256-bits cipher which

Re: [VOTE] Release Apache httpd 2.4.18 as GA

2015-12-09 Thread Reindl Harald
Am 08.12.2015 um 21:38 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.18 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.18 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will

Re: Broken 2.4 ./configure

2015-12-02 Thread Reindl Harald
Am 02.12.2015 um 21:53 schrieb William A Rowe Jr: It seems nghttp2 1.2.1 is no longer supported? If we are missing an #include, let's fix, and if we want to drop support, that's fine too, but ./configure needs to reject the invalid version of nghttp2. This is the version shipping on FC22...

Re: 2.4.18?

2015-11-18 Thread Reindl Harald
Am 18.11.2015 um 08:11 schrieb Noel Butler: On 17/11/2015 22:31, Graham Leggett wrote: We’ve just released HTTP/2 support for the very first time. People want to use it, people want to see problems in it fixed. I don’t see the number of releases as excessive at all. You obviously dont manage

Re: 2.4.18?

2015-11-18 Thread Reindl Harald
Am 18.11.2015 um 08:16 schrieb Noel Butler: On 17/11/2015 22:33, Reindl Harald wrote: 5 or 6 bloody weeks is a month - so what's the problem? any other software but httpd is allowed to have monthly updates? "I can accept" - seriously - you can just ignore a release when you

Re: 2.4.18?

2015-11-17 Thread Reindl Harald
Am 17.11.2015 um 13:27 schrieb Noel Butler: On 17/11/2015 18:02, Stefan Eissing wrote: Am 17.11.2015 um 08:13 schrieb Noel Butler : On 17/11/2015 03:05, Jim Jagielski wrote: My plan is to T 2.4.18 sometime next week in hopes of a formal release the beginning of Dec.

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-11-11 Thread Reindl Harald
Am 11.10.2015 um 22:06 schrieb Rainer Jung: Am 11.10.2015 um 21:14 schrieb Reindl Harald: Am 11.10.2015 um 21:07 schrieb Yann Ylavic: On Sun, Oct 11, 2015 at 8:59 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Google only showed discussions, Bugzilla and so on and finding t

Re: H2 compatible ciphers

2015-10-17 Thread Reindl Harald
Am 17.10.2015 um 11:18 schrieb Kaspar Brand: Another - quite radical - approach would consist of using a whitelist, which consists of a single cipher suite only: given that section 9.2 of RFC 7540 states "Implementations of HTTP/2 MUST use TLS version 1.2" and section 9.2.2 further says

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-10-11 Thread Reindl Harald
Am 09.10.2015 um 19:40 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.17 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.17 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-10-11 Thread Reindl Harald
Am 11.10.2015 um 21:07 schrieb Yann Ylavic: On Sun, Oct 11, 2015 at 8:59 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Google only showed discussions, Bugzilla and so on and finding the new directive is hard - maybe the hint should made it into the changelog for GA release Yes

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-10-11 Thread Reindl Harald
Am 11.10.2015 um 20:51 schrieb Yann Ylavic: On Sun, Oct 11, 2015 at 8:45 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 09.10.2015 um 19:40 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.17 can be found at the usual place: http://httpd.apac

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-10-11 Thread Reindl Harald
Am 11.10.2015 um 21:25 schrieb Yann Ylavic: On Sun, Oct 11, 2015 at 9:14 PM, Reindl Harald <h.rei...@thelounge.net> wrote: "ab -c 100 -n 5 http://small-image.gif; did not make me that happy after a short test on a quadcore machine, after some time httpd stopped to respond

Re: SSLUseStapling: ssl handshake fails until httpd restart

2015-10-03 Thread Reindl Harald
Am 03.10.2015 um 11:16 schrieb Kaspar Brand: On 01.10.2015 16:32, Reindl Harald wrote: Am 01.10.2015 um 16:29 schrieb Plüm, Rüdiger, Vodafone Group: The question is: What happens on Firefox side. Of course it still tries to get to the OCSP server, but it should not cause an error on Firefox

Re: SSLUseStapling: ssl handshake fails until httpd restart

2015-10-01 Thread Reindl Harald
Am 01.10.2015 um 15:08 schrieb Reindl Harald: Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group: not really, i had the error message just now again in FF, the difference was that now a "try again" loaded the page but with "SSLStaplingReturnResponderErrors&

Re: SSLUseStapling: ssl handshake fails until httpd restart

2015-10-01 Thread Reindl Harald
Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group: -Ursprüngliche Nachricht- Von: Reindl Harald [mailto:h.rei...@thelounge.net] The default for SSLStaplingReturnResponderErrors is relatively odd. Not sure why it has always defaulted to "on" (r829619), but setting

Re: SSLUseStapling: ssl handshake fails until httpd restart

2015-10-01 Thread Reindl Harald
Am 30.09.2015 um 08:42 schrieb Kaspar Brand: On 29.09.2015 18:24, Reindl Harald wrote: i just restarted the servers and disabled stapling since all our servcies where unreachable (before i write the second mail 5 different hosts with several sites where affected) in fact the error caching

Re: SSLUseStapling: ssl handshake fails until httpd restart

2015-10-01 Thread Reindl Harald
Am 01.10.2015 um 16:29 schrieb Plüm, Rüdiger, Vodafone Group: -Ursprüngliche Nachricht- Von: Reindl Harald [mailto:h.rei...@thelounge.net] Gesendet: Donnerstag, 1. Oktober 2015 15:18 An: dev@httpd.apache.org Betreff: Re: SSLUseStapling: ssl handshake fails until httpd restart Am

SSLUseStapling: ssl handshake fails until httpd restart

2015-09-29 Thread Reindl Harald
is that by intention? firefox refused to open our adminpanel with the error below until i restarted httpd - i suggest the server should retry SSLUseStapling when a new client connects and it has failed for whatever reason SSLUseStapling On An error occurred during a connection to

  1   2   3   >