Le 20/12/2019 à 15:53, Aleksandar Lazic a écrit :
Hi.
Luckly that haproxy 2.1 have now the feature of fcgi proto it's now time to move
from nginx to haproxy for the loadbalancing part for me.
There are several features from nginx conf which I would like to port to haproxy
conf therefore I need
On Sat, Dec 21, 2019 at 01:19:30AM +0100, Lukas Tribus wrote:
> You can merge the patch I posted today, as there is consensus for this
> particular fix:
> https://www.mail-archive.com/haproxy@formilux.org/msg35760.html
>
> It should be backported to 2.0 (or even 1.9 - I forgot to mention that
>
Hello,
> Guys, I must confess I'm completely lost in your discussions. I intend
> to produce another round of 2.1 and 2.0 tomorrow as time permits, so if
> you want me to get anything merged into it, please let me know. Lukas,
> I'll count on you to summarize and suggest what's expected from me
Guys, I must confess I'm completely lost in your discussions. I intend
to produce another round of 2.1 and 2.0 tomorrow as time permits, so if
you want me to get anything merged into it, please let me know. Lukas,
I'll count on you to summarize and suggest what's expected from me to
do at this
сб, 21 дек. 2019 г. в 01:44, Rosen Penev :
> On Fri, Dec 20, 2019 at 10:54 AM Илья Шипицин
> wrote:
> >
> >
> >
> > пт, 20 дек. 2019 г. в 22:39, Lukas Tribus :
> >>
> >> Hello Ilya,
> >>
> >>
> >>
> >> sorry about the delay ...
> >>
> >>
> >> On Wed, 27 Nov 2019 at 07:11, Илья Шипицин
> wrote:
On Fri, Dec 20, 2019 at 10:54 AM Илья Шипицин wrote:
>
>
>
> пт, 20 дек. 2019 г. в 22:39, Lukas Tribus :
>>
>> Hello Ilya,
>>
>>
>>
>> sorry about the delay ...
>>
>>
>> On Wed, 27 Nov 2019 at 07:11, Илья Шипицин wrote:
>> >
>> > -#if (HA_OPENSSL_VERSION_NUMBER >= 0x101fL)
>> > +#if
Hi Julien - I'm not entirely sure I understand your comment.
I think that you may be saying that the connection should never be flagged
as private for SNI. That makes sense to me, and would be an easy
alternative diff, but seems to run counter to Willy's intent in
commit 387ebf84dd, as well as
hello,
initially modyfing LD_LIBRARY_PATH seemed to be good, but it turned out
that other dynamically linked utilities also use ssl lib which is not
wanted.
using rpath in turn is more intelligent way of dynamic linking.
Cheers,
Ilya Shipitcin
From e9f95cc6fd8b61ee1a4aef05adade30fa72e5cd7 Mon
пт, 20 дек. 2019 г. в 22:39, Lukas Tribus :
> Hello Ilya,
>
>
>
> sorry about the delay ...
>
>
> On Wed, 27 Nov 2019 at 07:11, Илья Шипицин wrote:
> >
> > -#if (HA_OPENSSL_VERSION_NUMBER >= 0x101fL)
> > +#if (HA_OPENSSL_VERSION_NUMBER >= 0x101fL) ||
> defined(OPENSSL_NO_DEPRECATED)
> >
пт, 20 дек. 2019 г. в 22:47, Lukas Tribus :
> SSL_CTX_set_ecdh_auto() is not defined when OpenSSL 1.1.1 is compiled
> with the no-deprecated option. Remove existing, incomplete guards and
> add a compatibility macro in openssl-compat.h, just as OpenSSL does:
>
>
>
Hello,
This is an update on the offchance that some diligent team member is
spinning their wheels on this.
Some team members of mine are modifying the haproxy ssl.c file to make the
format of the ssl_c_s_dn variable configurable, and editing for simplicity
to use standard openssl function
SSL_CTX_set_ecdh_auto() is not defined when OpenSSL 1.1.1 is compiled
with the no-deprecated option. Remove existing, incomplete guards and
add a compatibility macro in openssl-compat.h, just as OpenSSL does:
Hello Ilya,
sorry about the delay ...
On Wed, 27 Nov 2019 at 07:11, Илья Шипицин wrote:
>
> -#if (HA_OPENSSL_VERSION_NUMBER >= 0x101fL)
> +#if (HA_OPENSSL_VERSION_NUMBER >= 0x101fL) ||
> defined(OPENSSL_NO_DEPRECATED)
> [...]
> -#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER
patch update,Le 19 déc. 2019 à 17:08, Emmanuel Hocdet a écrit :With this proposition, ca-root-file should be rename to something like ca-end-file.Refer to https://github.com/haproxy/haproxy/issues/404 discussion.Le 19 déc. 2019 à 13:10, Emmanuel Hocdet a écrit
On Fri, Dec 20, 2019 at 04:17:44PM +0100, Lukas Tribus wrote:
> On Fri, 20 Dec 2019 at 16:00, Willy Tarreau wrote:
> > taking it now.
>
> Note that 1.9 needs to access OPENSSL_VERSION_NUMBER instead of
> HA_OPENSSL_VERSION_NUMBER.
Argh good catch, I'll fix it then. I didn't notice any issue
On Fri, 20 Dec 2019 at 16:00, Willy Tarreau wrote:
> taking it now.
Note that 1.9 needs to access OPENSSL_VERSION_NUMBER instead of
HA_OPENSSL_VERSION_NUMBER.
lukas
On Fri, Dec 20, 2019 at 02:50:46PM +0100, Lukas Tribus wrote:
> Should be backported to 1.9.
Thank you guys, I've been following remotely, cowardly waiting for this
to settle :)
taking it now.
Thanks!
Willy
Hi.
Luckly that haproxy 2.1 have now the feature of fcgi proto it's now time to move
from nginx to haproxy for the loadbalancing part for me.
There are several features from nginx conf which I would like to port to haproxy
conf therefore I need some help ;-)
nginx offers a quite good
Hi Björn.
On 20.12.19 14:53, Björn Jacke wrote:
Hi,
currently if you use stick-tables and you follow most of the examples and
tutorials out there, you use it with "stick-table type ip ...". I guess that
many people (like me in the beginning) don't realize that ip is IPv4 only and
you have
Hi,
currently if you use stick-tables and you follow most of the examples
and tutorials out there, you use it with "stick-table type ip ...". I
guess that many people (like me in the beginning) don't realize that ip
is IPv4 only and you have to use type ipv6 to have support for IPv4
*and*
On Thu, 19 Dec 2019 at 21:54, Rosen Penev wrote:
>
> LIBRESSL_VERSION_NUMBER evaluates to 0 under OpenSSL, making the condition
> always true. Check for the define before checking it.
>
> Signed-off-by: Rosen Penev
> ---
> v3: Added BoringSSL support
> v2: Switched to HA_OPENSSL_VERSION_NUMBER
21 matches
Mail list logo