Re: [PATCH 2/3] CI: build-ssl.sh: allow to choose certain QuicTLS commit hash

пт, 31 мая 2024 г. в 01:16, William Lallemand : > On Thu, May 30, 2024 at 10:31:14PM +0200, Ilia Shipitsin wrote: > > Subject: [PATCH 2/3] CI: build-ssl.sh: allow to choose certain QuicTLS > commit hash > > --- > > scripts/build-ssl.sh | 6 ++ > > 1 file changed, 6 insertions(+) > > > > diff

Re: [PATCH 1/1] CI: VTest: accelerate package install a bit

чт, 30 мая 2024 г. в 16:12, William Lallemand : > On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote: > > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit > > let's check and install only package is required > > --- > > .github/workflows/vtest.yml | 8 > > 1

Re: [PATCH 1/1] CI: VTest: accelerate package install a bit

чт, 30 мая 2024 г. в 16:14, Willy Tarreau : > Hi Ilya, > > On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote: > > + ${{ contains(matrix.FLAGS, 'USE_LUA=1') && > 'liblua5.4-dev' || '' }} \ > > + ${{ contains(matrix.FLAGS, 'USE_PCRE2=1') && > 'libpcre2-dev'

Re: [PATCH 1/1] CI: VTest: accelerate package install a bit

feel free to modify it when applying. or I can send v2 чт, 30 мая 2024 г. в 16:12, William Lallemand : > On Thu, May 30, 2024 at 03:40:31PM +0200, Ilia Shipitsin wrote: > > Subject: [PATCH 1/1] CI: VTest: accelerate package install a bit > > let's check and install only package is required > >

Re: [PATCH 1/2] CI: reduce ASAN log redirection umbrella size

пн, 13 мая 2024 г. в 11:29, William Lallemand : > On Thu, May 09, 2024 at 10:24:55PM +0200, Илья Шипицин wrote: > > sorry for th delay. > > > > indeed, it's better to drop asan redirection. I sent a patch to the list. > > > > for my defence I can say that

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

updated patches. I'll address reorg to "compat.h" a bit later, once it is settled in my head вс, 5 мая 2024 г. в 12:48, Илья Шипицин : > I will test and send simplified patch, i.e. I'll patch directly clock.c > > if we want to move that macro to compat.h, I'd pos

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

I will test and send simplified patch, i.e. I'll patch directly clock.c if we want to move that macro to compat.h, I'd postpone that for some investigation 1) we will need to include "pthread.h" from compat.h (currently it's not true) 2) we will need to make sure compat.h is included everywhere

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

вс, 5 мая 2024 г. в 10:42, Willy Tarreau : > On Sun, May 05, 2024 at 09:12:41AM +0200, Miroslav Zagorac wrote: > > On 05. 05. 2024. 08:32, Willy Tarreau wrote: > > > On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote: > > >> ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac : > > >>> I think

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

вс, 5 мая 2024 г. в 08:32, Willy Tarreau : > On Sun, May 05, 2024 at 07:49:55AM +0200, ??? wrote: > > ??, 5 ??? 2024 ?. ? 02:05, Miroslav Zagorac : > > > > > On 04. 05. 2024. 17:36, Ilya Shipitsin wrote: > > > > this function is considered optional for POSIX and not implemented > > > >

Re: [PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available

вс, 5 мая 2024 г. в 02:05, Miroslav Zagorac : > On 04. 05. 2024. 17:36, Ilya Shipitsin wrote: > > this function is considered optional for POSIX and not implemented > > on Illumos > > > > Reference: > https://www.gnu.org/software/gnulib/manual/html_node/pthread_005fgetcpuclockid.html > >

Re: How to configure DH groups for TLS 1.3

I'd try openssl.cnf чт, 2 мая 2024 г. в 17:17, Froehlich, Dominik : > Hello everyone, > > > > I’m hardening HAProxy for CVE-2002-20001 (DHEAT attack) at the moment. > > > > For TLS 1.2 I’m using the “tune.ssl.default-dh-param” option to limit the > key size to 2048 bit so that an attacker can’t

Re: Changes in HAProxy 3.0's Makefile and build options

I'll postpone for a while. I thought that value of "2" is the same as "1", I'll try to find better doc. seems that I didn''t specify "march" and that might be the cause. сб, 20 апр. 2024 г. в 15:21, Willy Tarreau : > On Sat, Apr 20, 2024 at 03:11:19PM +0200, ??? wrote: > > ??, 20 ???.

Re: Changes in HAProxy 3.0's Makefile and build options

сб, 20 апр. 2024 г. в 15:07, Willy Tarreau : > On Sat, Apr 20, 2024 at 02:49:38PM +0200, ??? wrote: > > ??, 11 ???. 2024 ?. ? 21:05, Willy Tarreau : > > > > > Hi Ilya, > > > > > > On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > > > > do you know maybe how this was

Re: Changes in HAProxy 3.0's Makefile and build options

чт, 11 апр. 2024 г. в 21:05, Willy Tarreau : > Hi Ilya, > > On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > > do you know maybe how this was supposed to work ? > > haproxy/Makefile at master · haproxy/haproxy (github.com) > >

Re: [PATCH 1/2] CI: reduce ASAN log redirection umbrella size

on my experiments, asan log was grouped under "show vtest results". on provided branch indeed there are no grouping. I'll play a bit, maybe we'll end with dropping that log redirection ср, 17 апр. 2024 г. в 21:17, William Lallemand : > On Sun, Apr 14, 2024 at 09:23:51AM +0200, Ilya Shipitsin

Re: Changes in HAProxy 3.0's Makefile and build options

сб, 13 апр. 2024 г. в 15:26, Willy Tarreau : > Hi Tristan, > > On Fri, Apr 12, 2024 at 07:38:18AM +, Tristan wrote: > > Hi Willy, > > > > > On 11 Apr 2024, at 18:18, Willy Tarreau wrote: > > > > > > Some distros simply found that stuffing their regular CFLAGS into > > > DEBUG_CFLAGS or

Re: [PATCH 0/1] CI: revert entropy hack

It has been resolved on image generation side https://github.com/actions/runner-images/issues/9491 It is no harm to keep it on our side as well, but we can drop it On Fri, Apr 12, 2024, 18:55 Willy Tarreau wrote: > On Fri, Apr 12, 2024 at 12:42:51PM +0200, ??? wrote: > > ping :) > >

Re: [PATCH 0/1] CI: revert entropy hack

ping :) сб, 6 апр. 2024 г. в 15:38, Ilya Shipitsin : > hack introduced in 3a0fc8641b1549b00cd3125107545b6879677801 might be > reverted > > Ilya Shipitsin (1): > CI: revert kernel entropy introduced in > 3a0fc8641b1549b00cd3125107545b6879677801 > > .github/workflows/vtest.yml | 11

Re: Changes in HAProxy 3.0's Makefile and build options

чт, 11 апр. 2024 г. в 19:18, Willy Tarreau : > Hi all, > > after all the time where we've all been complaining about the difficulty > to adjust CFLAGS during the build, I could tackle the problem for a first > step in the right direction. > > First, let's start with a bit of history to explain

Re: haproxy backend server template service discovery questions

the requests made by haproxy to all > nameservers is the same even though the local one normally replies faster. > > And sorry, forgot to mention we are running haproxy version 2.8.7 > On 08/04/2024 10:31, Илья Шипицин wrote: > > and particularly your question is "does HAPro

Re: haproxy backend server template service discovery questions

aproxy maintains it. > On 06/04/2024 20:15, Илья Шипицин wrote: > > Consul template is something done by consul itself, after that > haproxy.conf is rendered > > Do you mean "how haproxy deals with rendered template"? > > On Fri, Apr 5, 2024, 15:02 Andrii Ustymenko &

Re: [ANNOUNCE] haproxy-3.0-dev7

сб, 6 апр. 2024 г. в 17:53, Willy Tarreau : > Hi, > > HAProxy 3.0-dev7 was released on 2024/04/06. It added 73 new commits > after version 3.0-dev6. > > Among the changes that stand out in this version, here's what I'm seeing: > > - improvements to the CLI internal API so that the various

Re: haproxy backend server template service discovery questions

Consul template is something done by consul itself, after that haproxy.conf is rendered Do you mean "how haproxy deals with rendered template"? On Fri, Apr 5, 2024, 15:02 Andrii Ustymenko wrote: > Dear list! > > My name is Andrii. I work for Adyen. We are using haproxy as our main > software

Re: [PATCH 0/1] CI: additional ASAN smoke tests

ping :) сб, 17 февр. 2024 г. в 20:43, Ilya Shipitsin : > > > Ilya Shipitsin (1): > CI: run more smoke tests on config syntax to check memory related > issues > > .github/workflows/vtest.yml | 4 > 1 file changed, 4 insertions(+) > > -- > 2.43.2 > >

Re: WolfSSL builds for use with HAProxy

сб, 10 февр. 2024 г. в 00:00, Tristan : > Hi Ilya, > > On 09/02/2024 20:31, Илья Шипицин wrote: > > I run QUIC Interop from time to time, WolfSSL shows the best > > compatibility compared to LibreSSL and aws-lc. > > it really looks like a winner today > > And

Re: WolfSSL builds for use with HAProxy

чт, 8 февр. 2024 г. в 15:49, Tristan : > Hi all, > > With the ever-increasing threat of one day needing to give up on OpenSSL > 1.1.1 (whenever the next bad CVE is found on QuicTLS 1.1.1w, > essentially) I was looking at alternatives a bit closer. > > Based on the wiki, >

Re: [PATCH 0/3] fix speling remnants, enable spel chek on push

пт, 26 янв. 2024 г. в 20:01, Willy Tarreau : > On Fri, Jan 26, 2024 at 05:30:31PM +0100, Willy Tarreau wrote: > > On Wed, Jan 24, 2024 at 02:26:13PM +0100, Ilya Shipitsin wrote: > > > it is very fast check, should not affect developer velocity much > > > > OK now pushed, thank you Ilya! > > Ilya,

Re: HAProxy Technologies NERC CIP 13 Vendor Questionnaire

how can HAProxy be related, for example, to "NERC requires CORE to revoke access within 24 hours when remote or onsite access is no longer needed by your personnel to CORE systems or facilities." ? вт, 23 янв. 2024 г. в 00:58, Robert Dillabough : > Hi Support, > > For NERC compliance, CORE

Re: Exchange services

rror there is in the connection. > > Maybe that could be usable information for debugging > > > > Regards > > Henning > > > > *Fra:* Илья Шипицин > *Sendt:* 13. december 2023 22:37 > *Til:* Dario Girella > *Cc:* HAProxy > *Emne:* Re: exchange services

Re: exchange services

It would be interesting to bisect on 2.9 On Wed, Dec 13, 2023, 20:24 Dario Girella wrote: > Hello, > > i just upgrade my haproxy version from 2.8.5 to 2.9, all seems fine but i > receive error from outlook trying to configure mailbox by autodiscover. > > Also problem to open owa. > > Something

Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

чт, 23 нояб. 2023 г. в 22:18, William Lallemand : > Hi Ilya, > > On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote: > > for development branches let's use "latest" and fixed for stable > > > > LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us > > switch back to the

Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

чт, 23 нояб. 2023 г. в 22:18, William Lallemand : > Hi Ilya, > > On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote: > > for development branches let's use "latest" and fixed for stable > > > > LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us > > switch back to the

Re: CVE-2023-44487 and haproxy-1.8

Does 1.8 support http/2? On Mon, Oct 16, 2023, 18:58 Ryan O'Hara wrote: > Hi all. > > I read the most recently HAProxy Newsletter, specifically the article "HAProxy > is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A > This article states that HAProxy versions 1.9 and

Re: [PATCH 1/1] CI: cirrus-ci: display gdb bt if any

ping :) пт, 8 сент. 2023 г. в 22:57, Ilya Shipitsin : > previously, if test process crashes (either BUG_ON or segfault), no > coredump were collected and analysed > --- > .cirrus.yml | 7 ++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/.cirrus.yml b/.cirrus.yml > index

Re: mux-h2: Backend stream is not fully closed if frontend keeps stream open

Yes, that e2e is probably not going to do nasty things. But it worth a try On Sun, Sep 17, 2023, 03:26 Valters Jansons wrote: > On Sat, Sep 16, 2023 at 10:02 PM Илья Шипицин > wrote: > > I wonder if there're gRPC test tests similar to h2spec (I couldn't findI > am them) >

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

the most work > 2. HAProxy adopts AWS-LC’s (and BoringSSL’s) AEAD API > > 3. HAProxy turns off ChaCha Poly and AES CCM support in quic when built > with AWS-LC > I recall there was similar usage for BoringSSL, maybe just modifying "ifdef" should work > > >

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

based on USE_OPENSSL_AWSLC quic may be enabled ? ср, 6 сент. 2023 г. в 14:26, William Lallemand : > On Tue, Sep 05, 2023 at 11:56:26PM +, Hopkins, Andrew wrote: > > I split up the remaining CI changes into 4 new attached patches. The > > latest changes are still passing on my fork > >

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

cirrus-ci backtrace freebsd (cirrus-ci) crash · Issue #2275 · haproxy/haproxy (github.com) <https://github.com/haproxy/haproxy/issues/2275> as usual, I'll send CI improvements once polished чт, 31 авг. 2023 г. в 18:22, Илья Шипицин : > while trying to enable "gdb bt" on c

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

while trying to enable "gdb bt" on cirrus-ci, I noticed that we have similar crashes on musl (where gdb implemented already) https://github.com/haproxy/haproxy/issues/2274 ср, 30 авг. 2023 г. в 05:29, Willy Tarreau : > On Tue, Aug 29, 2023 at 11:16:32PM +0200, ??? wrote: > > ??, 29

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

вт, 29 авг. 2023 г. в 16:45, Willy Tarreau : > On Tue, Aug 29, 2023 at 04:31:31PM +0200, Willy Tarreau wrote: > > On Tue, Aug 29, 2023 at 02:16:55PM +, Stephan, Alexander wrote: > > > However, I noticed there is a problem now with the FreeBSD test. Have > you > > > already looked into it? > >

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

p/haproxy/pull/1 > > [2] https://github.com/aws/aws-lc/pull/767 > > [3] https://github.com/aws/aws-lc/pull/1032 > > [4] https://github.com/aws/aws-lc/pull/1055 > > [5] https://github.com/aws/aws-lc/pull/1070 > > > > *From: *Илья Шипицин > *Date: *Wednesday, August 9, 2

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

shall we unfreeze this activity? вт, 18 июл. 2023 г. в 10:46, William Lallemand : > On Tue, Jul 18, 2023 at 09:11:33AM +0200, Willy Tarreau wrote: > > I'll let the SSL maintainers check all this, but my sentiment is that in > > general if there are differences between the libs, it would be

Re: [PATCH 2/2] CI: get rid of travis-ci wrapper for Coverity scan

I made a typo + https://scan.coverity.com/builds?project=Hsproxy can it be fixed on the fly ? or I can send v2. вс, 6 авг. 2023 г. в 00:10, Ilya Shipitsin : > historically coverity scan was performed by travis-ci script, let us > rewrite it in bash > --- >

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

вт, 18 июл. 2023 г. в 09:14, Willy Tarreau : > Hi Andrew, > > On Tue, Jul 18, 2023 at 06:26:45AM +, Hopkins, Andrew wrote: > > Willy you're correct. AWS-LC does have support for the QUIC primitives > > HAProxy needs, we just need to fix some of the names [1] in either > HAProxy's > > code or

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

сб, 15 июл. 2023 г. в 10:44, Willy Tarreau : > Hi Alex, Andrew, > > On Thu, Jul 13, 2023 at 11:54:44AM +0200, Aleksandar Lazic wrote: > > On 2023-07-13 (Do.) 08:22, Hopkins, Andrew wrote: > > > * Do you plan to add quic (Server part) faster then OpenSSL? > > > > > > I have not looked into quic

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

пн, 17 июл. 2023 г. в 11:58, William Lallemand : > On Wed, Jul 12, 2023 at 12:26:06AM +, Hopkins, Andrew wrote: > > Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) > > project [1]. Our goal is to improve the cryptography we use internally > > at AWS and help our customers

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Andrew, I could not find how to enable "DHE-RSA-AES256-GCM-SHA384" on aws-lc (required by haproxy vtest) *** h3 debug|[ALERT] (7370) : config : Proxy 'ssl-dhfile-lst': unable to set SSL cipher list to 'DHE-RSA-AES256-GCM-SHA384' for bind

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

another significant thing is developer velocity, 4 min for supplementary lib build is too high. [image: image.png] can we implement something like current openssl (i.e. taking the last available tag, which is even easier because aws-lc uses semantic versioning) @functools.lru_cache(5) def

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

eve this works with OpenSSL >= 1.1.1. > because their SSL_CTX_ctrl performs the cast while AWS-LC has a dedicated > function SSL_CTX_get_tlsext_status_cb with the right type. > > [1] https://github.com/aws/aws-lc/pull/1091 > [1] > https://github.com/andrewhop/haproxy/actions/runs/5

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

eve this works with OpenSSL >= 1.1.1. > because their SSL_CTX_ctrl performs the cast while AWS-LC has a dedicated > function SSL_CTX_get_tlsext_status_cb with the right type. > > [1] https://github.com/aws/aws-lc/pull/1091 > [1] > https://github.com/andrewhop/haproxy/actions/runs/5

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hello, Andrew! you already tried to launch CI in fork [PATCH] Minor: ssl: Build with new cryptographic library AWS-LC by andrewhop · Pull Request #1 · andrewhop/haproxy (github.com) please make sure you've enabled GHA for fork (here: Actions ·

Re: QUIC (mostly) working on top of unpatched OpenSSL

currently, it is client support for QUIC openssl/CHANGES.md at master · openssl/openssl · GitHub пт, 7 июл. 2023 г. в 10:58, Aleksandar Lazic : > Hi. > > Just a addendum below to my last mail. > > On 2023-07-07 (Fr.) 00:33, Aleksandar

regression caught in HAProxy + LibreSSL

Hello, since there's a day of interesting QUIC things, I tried to run Interop against ASAN enabled LibreSSL and HAProxy. it "mostly" works, however some bugs are caught (not found on QuicTLS) QUIC regression on haproxy · Issue #862 · libressl/portable (github.com)

Re: QUIC (mostly) working on top of unpatched OpenSSL

interesting. I think, I can try run QUIC Interop locally to compare against QuicTLS чт, 6 июл. 2023 г. в 22:08, Willy Tarreau : > Hi all, > > as the subject says it, Fred managed to make QUIC mostly work on top of > a regular OpenSSL. Credit goes to the NGINX team who found a clever and >

Re: Debian + QUIC / HTTP/3

I think that people use README as landing page. maybe it worth adding docker hub link there ? it is hard for first time user to identify whether docker image(s) exists or not. пн, 5 июн. 2023 г. в 11:57, Artur : > Thank you Илья and Dinko. > > What I can see is that haproxy doc suggest using

Re: Debian + QUIC / HTTP/3

There're at least "build from source" haproxy/INSTALL at master · haproxy/haproxy (github.com) "use docker images" haproxytech's Profile | Docker Hub maybe other ways ? пн, 5 июн. 2023 г. в

Re: Slower responses from me starting now

nice, nothing will stop us from rewriting HAProxy in rust пт, 2 июн. 2023 г. в 20:44, Willy Tarreau : > Hi all, > > with 2.8 released and a nice weather here, I decided to take a few weeks > of holidays (I think last time was in september 2016 so I don't remember > how it feels). No travel plans

Re: Followup on openssl 3.0 note seen in another thread

чт, 25 мая 2023 г. в 17:11, Willy Tarreau : > On Thu, May 25, 2023 at 07:33:11AM -0600, Shawn Heisey wrote: > > On 3/11/23 22:52, Willy Tarreau wrote: > > > According to the OpenSSL devs, 3.1 should be "4 times better than 3.0", > > > so it could still remain 5-40 times worse than 1.1.1. I intend

Re: [PATCH 1/1] BUILD: SSL: enable TLS key material logging if built with LibreSSL>=3.5.0

please ignore this patch. LibreSSL implementation of key logging is intended only to shut build warnings. functions themselves do nothing. вт, 23 мая 2023 г. в 22:57, Ilya Shipitsin : > LibreSSL implements TLS key material since 3.5.0, let's enable it > --- > include/haproxy/openssl-compat.h |

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

also, there'll be a patch for unlocking haproxy/openssl-compat.h at master · haproxy/haproxy · GitHub <https://github.com/haproxy/haproxy/blob/master/include/haproxy/openssl-compat.h#L92> for LibreSSL soon (it was too boring to run QUIC Interop without keylog) вт, 23 мая 2023 г. в 17:06

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

oops. btw, not enabling chacha20_poly1305 leads to LibreSSL api usage incostistance QUIC regression on LibreSSL-3.7.2 (HAProxy) · Issue #860 · libressl/portable (github.com) it is claimed that OpenSSL does not check for null deref as well, so

couple of questions on QUIC Interop

Hello, I played with QUIC Interop suite (for HAProxy + LibreSSL) on weekend... couple of questions 1) particular patch haproxy-qns/0001-Add-timestamps-to-stderr-sink.patch at master · haproxytech/haproxy-qns (github.com)

[PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

Hello, that exclude was only needed for pre-3.6.0 LibreSSL, while support was added in 3.6.0, so every released LibreSSL supports that, no need to keep "ifdef" Cheers, Ilya

[PATCH] CI: drop dedicated Fedora m32 pipeline

Hello, no need to keep it, cross build matrix covers this. Ilya From 2d03749317d8963551cfef90b6a8b164e12ba643 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 14 May 2023 21:40:20 +0200 Subject: [PATCH] CI: drop Fedora m32 pipeline in favour of cross matrix Fedora m32 monthly was

[PATCH] CI: re-enable Fedora Rawhide clang builds

Hello, this enables monthly clang builds (previously only gcc was run). Ilya From 9eaae2062b2800e166263855c096dfd44cc03a39 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 12 May 2023 19:26:49 +0200 Subject: [PATCH] CI: enable monthly Fedora Rawhide clang builds that was temporarily

[PATCH] cleanup: remove redundant check

Hello, small clean patch. mutes coverity finding. Ilya From 4fdccb44933c2a91c7d6711bf821cc8b1d4c6d30 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 26 Apr 2023 21:05:12 +0200 Subject: [PATCH 1/2] CLEANUP: src/listener.c: remove redundant NULL check fixes #2031 quoting Willy Tarreau:

Re: [PATCH] CI: more granular failure on build matrix generating

np. It addresses quite rare conditions, when either github api or openbsd website are down. yet we seen that once in 2 years. пн, 8 мая 2023 г. в 14:07, Willy Tarreau : > On Mon, May 08, 2023 at 01:59:15PM +0200, ??? wrote: > > seems, it was accidentally lost ... > > Indeed, I don't

Re: [PATCH] CI: more granular failure on build matrix generating

seems, it was accidentally lost ... ср, 26 апр. 2023 г. в 20:45, Илья Шипицин : > Hello, > > recent openbsd ftp unavailability has shown that we should more carefully > generate build matrix > > Ilya >

[PATCH] CI: more granular failure on build matrix generating

Hello, recent openbsd ftp unavailability has shown that we should more carefully generate build matrix Ilya From 62069d1e7edefdd313bdc7567e3817069632bfda Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 26 Apr 2023 20:39:39 +0200 Subject: [PATCH] CI: more granular failure on generating

[PATCH] temporarily switch to libressl mirror

Hello, it is probably good idea to learn not to fail when libressl site is down (I'll work on that). as a fast fix, let us switch to mirror. Ilya From 283f9b790071f5333f00792f883f470f12b7933c Mon Sep 17 00:00:00 2001 From: Ilia Shipitsin Date: Wed, 26 Apr 2023 12:15:11 +0200 Subject: [PATCH

[PATCH] spell fixes, spelling whitelist addition

Hello, yet another spell fixes Ilya From d1884cb1de7292ab657d27676c08cb7aaf3f1cba Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 22 Apr 2023 20:20:39 +0200 Subject: [PATCH 4/4] CLEANUP: assorted typo fixes in the code and comments This is 36th iteration of typo fixes ---

[PATCH] regtests: remove unsupported "stats" keyword

Hello, small cleanup. Ilya From a92f679ba384d38a749fae909763c0e0598baec7 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 22 Apr 2023 20:09:05 +0200 Subject: [PATCH 2/4] reg-tests/connection/proxy_protocol_random_fail.vtc: remove unsupported "stats" keyword *** h1debug|[ALERT]

[PATCH] CI: bump cirrus-ci freebsd to 13-2

Hello minor freebsd cirrus-ci image update Ilya From 11ecce42b32fd533a262e5e2adc0487d347aacf0 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 22 Apr 2023 19:13:03 +0200 Subject: [PATCH 1/4] CI: cirrus-ci: bump FreeBSD image to 13-1 FreeBSD-13.2 released on April 11, 2023 ---

[PATCH] CLEANUP: use "offsetof" macro where appropriate

Hello, small cleanup patch attached. Ilya From 77babd04c417709bb41c951701d62dec0574eb35 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 15 Apr 2023 23:39:43 +0200 Subject: [PATCH] CLEANUP: use "offsetof" where appropriate let's use the C library macro "offsetof" --- src/cache.c|

[PATCH] CI: monthly Fedora Rawhide, bump "actions/checkout" to v3

Hello, couple of patches: 1) Fedora Rawhide (known to include the most recent compilers) monthly builds 2) small cleanup, "actions/checkout" bumped to v3 Cheers, Ilya From 2ffed99562df8be55ba6e120f9952f53904b2269 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 8 Apr 2023 13:32:31

Re: Interest in HA Proxy from Sonicwall

ср, 5 апр. 2023 г. в 20:18, Aleksandar Lazic : > Hi Kenny. > > On 05.04.23 20:04, Kenny Lederman wrote: > > Hi team, > > > > Do you have an account rep assigned to Sonicwall that could help me with > > getting a POC set up? > > This is the Open Source Mailing list, if you want to get in touch

[PATCH] CI: add memory related code flow smoke test

Hello, after https://github.com/haproxy/haproxy/issues/2082 is resolved, let's add ci test Ilya From 43f66093c25b182b22b26bd9037a9e2105e02521 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 1 Apr 2023 13:29:46 +0200 Subject: [PATCH] CI: run smoke tests on config syntax to check memory

[PATCH] spelling fixes, CI filter

Hello, please find some spelling fixes. also folders ./doc/design-thoughts,./doc/internals are excluded from further checks. cheers, Ilya From 15f8a4031bb53a77155ffd923d17d12478848bb9 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 1 Apr 2023 12:27:31 +0200 Subject: [PATCH 2/2] CI:

Re: PostgreSQL: How can use slave for some read operations?

there are several L7 balancing tool like pgPool. as for haproxy, currently it does not provide such advanced postgresql routing ср, 15 мар. 2023 г. в 06:09, Muhammed Fahid : > Hi, > > I have A master and a slave PostgreSQL databases. I would like to know > that major read operations can be

Re: wolfSSL: how to treat expired certs ?

btw, "build only tests" already pass in case of wolfSSL. should we start with "build only wolfSSL CI job" ? few "vtc" fail for various reasons. вс, 12 мар. 2023 г. в 18:35, Илья Шипицин : > Hello, > > during enabling wolfSSL CI I met the fol

wolfSSL: how to treat expired certs ?

Hello, during enabling wolfSSL CI I met the following #top TEST reg-tests/ssl/ssl_default_server.vtc FAILED (5.123) exit=2 *** h1debug|<134>Mar 12 12:04:49 haproxy[115196]: unix:1 [12/Mar/2023:12:04:49.922] ssl-lst/1: SSL client CA chain cannot be verified *** h1debug|fd[0x12]

Re: RFQ - Royal Court - HAProxy

you have reached open source mailing list. sales not processed here. please reach Haproxy Tech: https://www.haproxy.com/contact-us/ вс, 12 мар. 2023 г. в 07:46, Jumanh Khalid : > Dear Team, > We are waiting for your kind reply. > > Regards, > > *Jumanh Khalid* > > *Operations Manager.* > >

Re: HAProxy performance on OpenBSD

gmail decided to put original message to spam. I replied to first reply. indeed it was mentioned. sorry пн, 23 янв. 2023 г. в 14:22, Willy Tarreau : > Hi Ilya, > > On Mon, Jan 23, 2023 at 02:11:56PM +0600, ??? wrote: > > I would start with big picture view > > > > 1) are CPUs utilized

Re: HAProxy performance on OpenBSD

also, I wonder what is LibreSSL <--> OpenSSL perf. I'll try "openssl speed" (I recall LibreSSL has the same feature), but I'm not sure I can get OpenBSD machine. can you try haproxy + openssl-1.1.1 (it is considered the most performant these days) ? пн, 23 янв. 2023 г. в 14:

Re: HAProxy performance on OpenBSD

erf" tool. something like 25% of general impact later, I used "openssl speed", I compared Linux <--> FreeBSD (on required cipher suites) How can I interpret openssl speed output? - Stack Overflow <https://stackoverflow.com/questions/17410270/how-can-i-interpret-openssl

Re: HAProxy performance on OpenBSD

I would start with big picture view 1) are CPUs utilized at 100% ? 2) what is CPU usage in details - fraction of system, user, idle ... ? it will allow us to narrow things and find what is the bottleneck, either kernel space or user space. пн, 23 янв. 2023 г. в 14:01, Willy Tarreau : > Hi

Re: Information Required For PostgreSQL HA

there might be professional paid services how to migrate to F5. but I'm afraid it is wrong place to ask for such kind of services. чт, 19 янв. 2023 г. в 13:07, Willy Tarreau : > On Thu, Jan 19, 2023 at 06:40:30AM +, Zahid Haseeb wrote: > > ENVIRONMENT DETAIL > > We have setup high

Re: is there releases.json ?

ср, 11 янв. 2023 г. в 20:52, Willy Tarreau : > Hi Ilya, > > On Wed, Jan 11, 2023 at 08:39:43PM +0600, ??? wrote: > > Hello, > > > > is "releases.json" generated by haproxy/make-releases-json at master · > > haproxy/haproxy (github.com) > > < >

is there releases.json ?

Hello, is "releases.json" generated by haproxy/make-releases-json at master · haproxy/haproxy (github.com) published somewhere ? Ilya

Re: [PATCH 0/5] Changes to matrix.py

I'm fine with reformatting/caching/whatever. btw, Tim, while on this, can you please add LibreSSL-3.7.0 (fixed) to stable branches ? I've forgotten, now we do not run libressl for stable branches at all чт, 29 дек. 2022 г. в 22:40, Tim Duesterhus : > Willy, > > please find some opinionated

Re: testing haproxy against older/newer gcc compilers

чт, 29 дек. 2022 г. в 22:06, Willy Tarreau : > Hi Ilya, > > On Thu, Dec 29, 2022 at 09:24:43PM +0600, ??? wrote: > > Hello, > > > > I noticed some patches/commits related to "fix compilation on gcc-4/5..." > > > > I came to an idea to use official gcc images: > >

testing haproxy against older/newer gcc compilers

Hello, I noticed some patches/commits related to "fix compilation on gcc-4/5..." I came to an idea to use official gcc images: https://hub.docker.com/_/gcc/tags?page=1 that mostly works in Github actions except gcc-4.8 :( so... are we interested in (monthly ?) run of something like this

Re: Failures on "Generate Build Matrix"

haproxy/vtest.yml at master · chipitsine/haproxy (github.com) secret name can be arbitrary, for example "TOKEN". env variable is GITHUB_API_TOKEN пт, 23 дек. 2022 г. в 00:12, Willy Tarreau : > On Fri, Dec

Re: Failures on "Generate Build Matrix"

not perfect, but it works [image: image.png] from github point of view, if token is bad, you'll get 401. as long as I'm getting 200, I assume it works for "openssl" org as well :) пт, 23 дек. 2022 г. в 00:04, Willy Tarreau : > On Thu, Dec 22, 2022 at 11:56:24PM +0600, ??? wrote: > >

Re: Failures on "Generate Build Matrix"

you can limit token scope to read repo information. [image: image.png] чт, 22 дек. 2022 г. в 23:49, Willy Tarreau : > On Thu, Dec 22, 2022 at 11:35:35PM +0600, ??? wrote: > > here's how it works > > > > (unfortunately, github does not allow secret named GITHUB_ , so I created > >

Re: Failures on "Generate Build Matrix"

here's how it works (unfortunately, github does not allow secret named GITHUB_ , so I created secret "TOKEN" and assigned it to variable GITHUB_API_TOKEN) I also added "env" to print all variables, you can value of GITHUB_API_TOKEN is masked. is it set to wrong value, so api call failed:

Re: Failures on "Generate Build Matrix"

I'm not sure if it possible to issue organization based token (not a personal one). As for visibility, secrets are not visible for pull requests. чт, 22 дек. 2022 г. в 22:57, Илья Шипицин : > there are couple of steps left (no hurry, because "matrix.py" is backward > compatib

Re: Failures on "Generate Build Matrix"

there are couple of steps left (no hurry, because "matrix.py" is backward compatible) 1. issue "some kind of token". either Personal Access Tokens (Classic) (github.com) (no time limit) or Fine-grained Personal Access Tokens (github.com)

Re: Failures on "Generate Build Matrix"

I attached a patch. It keeps current behaviour and is safe to apply. in order to make a difference, github token must be issued and set via github ci settings. Ilya чт, 22 дек. 2022 г. в 16:57, Willy Tarreau : > On Thu, Dec 22, 2022 at 04:47:09PM +0600, ??? wrote: > > what if I make

Re: Failures on "Generate Build Matrix"

what if I make it conditional, i.e. if github token is defined via env, make non anonymous api call, чт, 22 дек. 2022 г. в 16:27, Willy Tarreau : > On Thu, Dec 22, 2022 at 03:49:34PM +0600, ??? wrote: > > it is something I was afraid of "HTTP Error 403: rate limit exceeded". > > ok,

  1   2   3   4   5   6   7   8   9   10   >