Re: Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Willy Tarreau
Hi guys, On Thu, Nov 22, 2018 at 09:10:43PM +0100, Lukas Tribus wrote: > > one bind for multiple IPs would reduce the flexibility of the config, you > > could not longer set different Backends on different IPs that share one > > certificate (directory) for example. There are clealy ways to reduce

Re: reg-test failures on FreeBSD, how to best adapt/skip some tests?

2018-11-22 Thread PiBa-NL
Hi Frederic, I still have a ' ' newline, with the IFS= but the \n and \012 didnt seem to work there.. Strangely on my PC with both bash and dash I do not have to change IFS value to parse HAPROXY_VERSION, TARGET and OPTIONS with "read" internal command. Reading version,target and options works

Re: Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Lukas Tribus
Hello Julian, On Thu, 22 Nov 2018 at 20:09, Julian Wiesener wrote: > > Hi Lukas, > > On Thu, 22 Nov 2018 19:39:11 +0100 > Lukas Tribus wrote: > > Trying to understand the use-case better here, binding to any IP is > > not acceptable? Your client *needs* to bind to specific IPs? > > one bind for

Re: Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Julian Wiesener
Hi Lukas, On Thu, 22 Nov 2018 19:39:11 +0100 Lukas Tribus wrote: > Trying to understand the use-case better here, binding to any IP is > not acceptable? Your client *needs* to bind to specific IPs? one bind for multiple IPs would reduce the flexibility of the config, you could not longer set

Re: Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Lukas Tribus
Hello Julian, On Thu, 22 Nov 2018 at 18:11, Julian Wiesener wrote: > > Hello, > > one of our clients runs a haproxy setup with a 2000+ SSL-Certificates on > multiple IPs. > > As an OpenSSL CTX needs to be created for each certificate for each sockets, > restarting or reloading the config takes

Re: Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Julian Wiesener
Hi again, of course i forgot to attach the patch... Kind regards, Julian diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h index 2e02631c..76073f37 100644 --- a/include/types/ssl_sock.h +++ b/include/types/ssl_sock.h @@ -71,4 +71,14 @@ struct sh_ssl_sess_hdr { unsigned char

Sharing OpenSSL CTX between multiple sockets

2018-11-22 Thread Julian Wiesener
Hello, one of our clients runs a haproxy setup with a 2000+ SSL-Certificates on multiple IPs. As an OpenSSL CTX needs to be created for each certificate for each sockets, restarting or reloading the config takes several minutes. Therfore i like to propose to share the CTX for on multiple

Re: [ANNOUNCE] haproxy-1.9-dev4

2018-11-22 Thread Willy Tarreau
Hi Dirkjan, On Thu, Nov 22, 2018 at 11:41:11AM +0100, Dirkjan Bussink wrote: > Hi Willy, > > > On 20 Nov 2018, at 16:19, Willy Tarreau wrote: > > > > Indeed it's already been two months, it would be the right time to emit > > a new one. But at the moment all the people able to work on this are

Re: [ANNOUNCE] haproxy-1.9-dev4

2018-11-22 Thread Dirkjan Bussink
Hi Willy, > On 20 Nov 2018, at 16:19, Willy Tarreau wrote: > > Indeed it's already been two months, it would be the right time to emit > a new one. But at the moment all the people able to work on this are > fully loaded finishing their respective parts for 1.9 (or fixing it). > Are you missing

Re: reg-test failures on FreeBSD, how to best adapt/skip some tests?

2018-11-22 Thread Frederic Lecaille
On 11/19/18 10:08 PM, PiBa-NL wrote: Hi Frederic, Willy, Hi Pieter, Thank you a lot again for this work Pieter. Hello Pieter, Do you intend to finalize this script? We would like to use it in haproxy sources. Note that varnishtest already uses TMPDIR variable in place of /tmp if it is