gt;
> let drop asan.log redirection
>
> Ilia Shipitsin (1):
> CI: drop asan.log umbrella completely
>
> .github/workflows/vtest.yml | 9 -
> 1 file changed, 9 deletions(-)
>
Merged, thanks!
--
William Lallemand
/github.com/chipitsine/haproxy/actions/runs/9022839976/job/24793325629>
>
> [image: image.png]
I never saw this at all, I doubt it worked in master for a long time :-)
https://github.com/haproxy/haproxy/actions/runs/9060411631/job/24890056499
That's better indeed, I'll merge the patch. Thanks!
--
William Lallemand
> There is also a rust implementation
> https://github.com/vkill/haproxy-spoa-example which could be added.
>
> If it's possible then would I add this by my self.
>
Thanks Aleks, I add them both on the page, and set criteo's one as
unmaintained.
--
William Lallemand
ns/8724600484/job/23936238899
But I had no problem when testing it from my computer, I'm just doing a
` make reg-tests reg-tests/ssl/crt_store.vtc -- --debug` and have the
ASAN output directly.
Do you think we could achieve the same thing with github actions? I
never saw an output from this asan.log file in the CI.
--
William Lallemand
On Thu, Apr 11, 2024 at 11:43:14PM +0200, Dinko Korunic wrote:
> Subject: Re: Changes in HAProxy 3.0's Makefile and build options
>
> > On 11.04.2024., at 21:32, William Lallemand wrote:
> >
> > If I remember correctly github actions VMs only had 2 vCPU in the past,
&
rn machines rarely have less than 8 cores is
> a bit of a waste of time, especially if every other package does the same
> in the distro! I'd just do "make -j$(nproc)" as usual there.
>
If I remember correctly github actions VMs only had 2 vCPU in the past,
I think they upgraded to 4 vCPU last year but I can't find anything in
their documentation.
--
William Lallemand
On Thu, Apr 04, 2024 at 04:00:16PM +0200, Tim Düsterhus wrote:
> Hi
>
> On 4/4/24 14:35, William Lallemand wrote:
> > I'm not against merging this, but I don't see any change comparing to the
> > current model?
> >
>
> I mainly stumbled upon this new mode i
ad= command would set a reloading error, it does
exactly the same as the current kill -USR2 method.
I think only implementing a synchronous `haproxyctl reload` command
which uses the master CLI could improve the situation, only that could
return a failure and emits the error output...
I'm not against merging this, but I don't see any change comparing to the
current model?
--
William Lallemand
r(host)
# Check whether the client is attempting domain fronting.
acl ssl_sni_http_host_match ssl_fc_sni,strcmp(txn.host) eq 0
https://docs.haproxy.org/2.9/configuration.html#strcmp
Regards,
--
William Lallemand
oes not do much for now but it could be enough to test the startup
with an HSM. I'll try to test this when I have some time.
Regards,
--
William Lallemand
nce we give you the rights.
Willy: Could you give the right to edit this page to the `space88man`
github user? Thanks!
--
William Lallemand
On Thu, Mar 21, 2024 at 10:39:58AM +0800, Richard Chan wrote:
> Subject: Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM
> files
> On Thu, 21 Mar 2024, 00:15 William Lallemand, wrote
>
> >
> > We made test in the past with the TPM2 provid
On Wed, Mar 20, 2024 at 05:15:47PM +0100, William Lallemand wrote:
> >TODO: This PR works
> >without forking (i.e., not in master-worker mode) as PKCS#11 drivers
> >are fragile after fork.
> >To use PKCS#11 keys in master-worker mode,
> >
nt code.
We made test in the past with the TPM2 provider which also uses a URI in
the privatekey:
https://github.com/haproxy/wiki/wiki/OpenSSL-Providers-in-HAProxy#tpm2-provider
Do you have any specific configuration for HAProxy?
Regards,
--
William Lallemand
u should try an issue there:
https://github.com/haproxytech/dataplaneapi/issues
--
William Lallemand
bugs: https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds: https://www.haproxy.org/l/dev-packages
---
Complete changelog :
William Lallemand (1):
BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp
---
Complete changelog :
Amaury Denoyelle (1):
BUG/MAJOR: promex: fix crash on deleted server
William Lallemand (1):
BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp
CLI
---
--
William Lallemand
we every
new user could discover them :-)
>
> Either way, for now I'm waiting on OCSP support first (hi William, Rémi);
> hopefully someone else figures out the best build flags by the time that's
> dealt with.
I'll add that to my list but that's not the biggest priority for now :)
--
William Lallemand
dlock which will last 2 years. Regarding
Redhat I don't think they are even packaging it.
But yes, wolfssl cycles are not really compatible with LTS distro, so it
would need a PPA which provides the updated lib with the right flags.
--
William Lallemand
ed, and
the clients are getting SIGPIPEs. So, I believe some initialization are
failing in HAProxy and we are not checking it correctly. It might be
interesting to dig that a little bit.
--
William Lallemand
r OpenSSL download fallback
>
> .github/matrix.py| 15 +--
> scripts/build-ssl.sh | 4 +++-
> 2 files changed, 8 insertions(+), 11 deletions(-)
>
> --
> 2.43.0
>
>
Thanks, merged!
--
William Lallemand
are "ready to roll" in
production.
I'll fix this, I thought I put the same command line that I'm using in my
script, but it lacks ADDLIB=-Wl,-rpath=/opt/wolfssl/lib/.
--
William Lallemand
On 2024-02-01 15:52, Lukas Tribus wrote:
On Thu, 1 Feb 2024 at 12:08, William Lallemand wrote:
>
> That's interesting, however I'm surprised the init does not work before the
chroot,
> we are doing a RAND_bytes() with OpenSSL before the chroot to achieve this.
This approach can actu
the
chroot, we are doing a RAND_bytes() with OpenSSL before the chroot to achieve
this.
I'll check if we can do something like this instead of needing a explicit
option, but if that's not possible we will require GETRANDOM in the
--enable-haproxy build option.
--
William Lallemand
ot;, "peers", "mailers", "programs" etc. instead of keywords
from the global section, which is confusing. Maybe we should try to
clean this up.
Regards,
--
William Lallemand
backported in 2.8.
I missed the alignment and indentation in your first contribution, in HAProxy we
are using tabs for indentation and spaces for alignment, so I made a cleanup
patch
to switch to tabs.
Regards,
--
William Lallemand
prises when upgrading
their OpenSSL.
Regards,
--
William Lallemand
continue with this SSL_CTX, and the parameters between square brackets
were applied to this SSL_CTX so openssl is doing his magic itself here.
I don't know if this is enough details, don't hesitate if you want to
known more.
--
William Lallemand
roblem, maybe we should put the "latest" builds in a daily
build so it can evolve on its own without impacting the dev.
Having a library which change its version between 2 pushes can be quite
confusing, even more if the library broke something, usually you want to
test your code when you push in master, not the libraries!
For example we could have had build breakage when switching
automatically to 3.2-alpha them 3.2-beta etc.
But since we didn't had any problem for now, maybe we could just try it,
it can be reverted easily anyway...
--
William Lallemand
On Wed, Nov 22, 2023 at 11:02:23PM +0100, Vincent Bernat wrote:
> On 2023-11-22 09:13, William Lallemand wrote:
> > Hello Vincent,
> >
> > [HAProxy list in cc]
> >
> > We backported the USE_QUIC_OPENSSL_COMPAT build option in HAProxy 2.8.4,
> > so we can bu
openssl libraries (quictls,
libressl and boringssl don't use a specific build option). And using
only a Makefile we can't really autodetect the libraries to activate an
option.
Do you think that's possible to activate these 2 options for the next
2.8 debian/ubuntu packages?
Regards,
--
William
et of the leaving process, so if
you are not attached anymore to the socket you can't do much. If you
keep a connection to the socket you won't have the problem, but you need
to configure the right timeout so the connection won't be closed.
A cleaner solution is to use the master CLI instead of the stats
socket, this is a socket which is attached to the master process, and
which is able to connect to leaving processes.
http://docs.haproxy.org/2.8/management.html#9.4
Regards,
--
William Lallemand
https://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh#acmesh-installation
--
William Lallemand
st a reload.
Using -q for this was a problem, so I'd better not do it. I'm not
talking about suppressing the message, just hiding the "valid" message
by default, without -V. All other warnings and alerts are still
outputed, so it's easy to see if you broke something.
--
William Lallemand
On Mon, Nov 13, 2023 at 10:46:08AM +0100, Christoph Kukulies wrote:
> > Am 13.11.2023 um 10:09 schrieb William Lallemand :
> >>
> >> acme@mail:~$ echo "show ssl cert /etc/haproxy/certs/mydomain.org.pem" |
> >> socat /var/run/haproxy/admin.sock -
&g
em. Start by doing "show ssl cert" without any argument to
see the list of certificates whcih were loaded by haproxy.
--
William Lallemand
On Mon, Nov 13, 2023 at 09:52:57AM +0100, Baptiste wrote:
> On Thu, Nov 9, 2023 at 5:00 PM William Lallemand
> wrote:
>
> > Hello,
> >
> > haproxy -c seems to be too verbose in the systemd logs by
> > showing "Configuration file is valid" for eve
valid" message will only be displayed in
combination with -V.
People tend to use the return code of the command and not the output,
but I prefer to ask.
Change will only be applied starting from 2.9. Patch attached.
--
William Lallemand
>From d189f5473f0ed0594c693646d424d0a9e03eabaf Mon Se
On Wed, Nov 08, 2023 at 04:42:00PM +0100, Christoph Kukulies wrote:
>
> I posted the output of haproxy -vv (on demand of William Lallemand). Maybe
> you overlooked it:
>
That's weird, it shouldn't behave like this and I couldn't reproduce at
all.
> root@mail:~/haproxy-scrip
On Mon, Oct 16, 2023 at 02:40:37PM +0200, William Lallemand wrote:
> On Fri, Oct 13, 2023 at 04:30:37PM +0200, William Lallemand wrote:
> > > and TLSv1.3 is a must-have,
> >
> > I don't get this point, mbedtls supports TLS 1.3 so I don't really
> > understand what
ts and there the line:
>
> bind quic4@0.0.0.0:443 name quic443 ssl crt crt
> /etc/haproxy/fullchain.pemproto quic alpn h3 npn h3 allow-0rtt curves
> secp521r1:secp384r1
>
> --
> Christoph
>
>
Did you compile haproxy with USE_QUIC=1? look at haproxy -vv to check if
you have quic support.
--
William Lallemand
rk with ECDSA keys, so I have a
> second cert with a subset of names that I build using 4096 bit RSA.
>
There is a lot of possibility to configure this, we are trying to move
forward to a configuration where we can specifiy files separately so
there would be nothing to do in the future, but unfortunately there is
still development to do.
--
William Lallemand
ion I got an
> additional line in the log:
>
> Nov 1 12:13:40 mail haproxy[103552]:
> '/etc/letsencrypt/live/www.mydomain.org/fullchain.pem.key' is present but
> cannot be read or parsed'.
>
> I'm a bit clueless now. Help appreciated.
>
> --
> Christoph
>
--
William Lallemand
e
latest commit of the master branch, the build is trigered for each push.
You can install them from here:
https://software.opensuse.org/download/package?package=haproxy=home%3Awlallemand
The package is based on the debian one, here the build options:
https://github.com/wlallemand/haproxy-nightly-
re by accident!
Regards,
--
William Lallemand
On Fri, Oct 13, 2023 at 04:30:37PM +0200, William Lallemand wrote:
> > and TLSv1.3 is a must-have,
>
> I don't get this point, mbedtls supports TLS 1.3 so I don't really
> understand what they are talking about. Maybe they disable TLS 1.3 on
> the 2.28 version for some rease b
contract.
Regarding the ABI, it seems to me that are a lot of changes, but it
makes sense since there is no LTS>
We are using the openssl compatibility API for HAProxy, the API is not
supposed to change a lot, but the ABI change fromt time to time.
--
William Lallemand
, maybe we could
spend some time on this, I'll check if this is complicated to integrate
in our current code.
> > 3. HAProxy turns off ChaCha Poly and AES CCM support in quic when built
> > with AWS-LC
That's the current status for now.
--
William Lallemand
s doing it? The systemd support within HAProxy
is only meant to provide a status to systemd, it does not send it
actions.
HAProxy only sends a "READY=1" status to systemd, so if you are seeing a
"Reloaded" message from systemd, it was sent by something external to
HAProxy. And it would be a `systemctl reload` action, not a manual kill
-USR2 signal.
Regards,
--
William Lallemand
ers section [1] and the resolvers keyword on server lines.
[1]:
https://docs.haproxy.org/2.8/configuration.html#resolvers%20(The%20resolvers%20section)
--
William Lallemand
Reset and free h1 haproxy -1
dT0.172
** s1Waiting for server (4/-1)
*top TEST reg-tests/mcli/mcli_start_progs.vtc completed
*diag 0.0 /usr/bin/sleep
#top TEST reg-tests/mcli/mcli_start_progs.vtc passed (0.173)
0 tests failed, 0 tests skipped, 1 tests passed
--
William Lallemand
? Thanks
> You can see an example of the run here [1]. Also, I discovered you can
> add `workflow_dispatch` to scheduled tasks so you can manually trigger
> them without having to tweak the cron schedule.
>
> [1] https://github.com/andrewhop/haproxy/actions/runs/6044112377
>
That's great, that will be useful this way!
Thanks
--
William Lallemand
On Sat, Sep 02, 2023 at 10:05:11AM +0200, Miroslav Zagorac wrote:
> Hello all,
>
> this is a patch related to correctly marking the end of the CLI command in the
> error message in several places in the file src/ssl_ckch.c .
>
Thanks, merged.
--
William Lallemand
pcre-devel zlib-devel pcre2-devel 'perl(FindBin)'
> perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat
> findutils systemd-devel clang
> - name: Install VTest
> run: scripts/build-vtest.sh
> - name: Install QuicTLS
Thanks, merged.
--
William Lallemand
he portage of the reg-tests
- the Makefile and the .c files
> I am going to be out of the office for a week so my response will be
> delayed.
>
Ok, no worries.
--
William Lallemand
On Thu, Jul 20, 2023 at 08:27:08PM +0200, Sander Klein wrote:
> On 2023-07-20 11:14, William Lallemand wrote:
> > On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote:
> >> On 2023-07-19 11:00, William Lallemand wrote:
> >> "show ssl ocsp-resons
On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote:
> On 2023-07-19 11:00, William Lallemand wrote:
> > On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
> >> On 2023-07-17 15:17, William Lallemand wrote:
> >> > On Thu, Jul 13, 2023 at 05:01:
On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
> On 2023-07-17 15:17, William Lallemand wrote:
> > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
> >> Hi,
> >>
> >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade
comes
> possible once the lib stabilizes enough to avoid invasive backports in
> stable branches. I don't know what the current status is for aws-lc's
> stable branches at the moment.
>
Agreed, cross-libs ABI is not useful, but the ABI should remain stable
between minor releases so the library package could be updated without
rebuilding every software that depends on it.
Regards,
--
William Lallemand
a Weekly CI is good enough indeed, enough to monitor breakage and it
won't disturb us during development.
--
William Lallemand
tions(+), 5 deletions(-)
>
> --
> 2.40.1
>
>
Merged, thank you!
--
William Lallemand
644 reg-tests/ssl/ssl_curve_name.vtc
>
Great, thank you!
I just pushed your patch in the master branch.
--
William Lallemand
y name
> from the shell prompt, so I assumed everything was good.
>
> Thanks,
> Shawn
Indeed, haproxy creates a 'default' resolvers section this way if you
don't create one yourself:
resolvers default
parse-resolv-conf
--
William Lallemand
or from that, and it makes no sense to me.
>
>
> elyograg@bilbo:~$ echo "expert-mode on; httpclient GET
> http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOq9K0xVAXkgj8X4cNGeMutQw%3D%3D;
>
> | sudo socat /etc/haproxy/stats.socket -
ing errors during the
OCSP file loading?
--
William Lallemand
6.3 and HAProxy 2.8.1 are compatible with each other, however
you need to compile wolfssl and haproxy the right way.
You should probably try building haproxy without reseting "LDFLAGS" and
"CFLAGS" first, and then add "SSL_LIB" and "SSL_INC" with the right
ttps://github.com/haproxy/haproxy/blob/master/.github/workflows/openssl-nodeprecated.yml
for example.
This way we don't increase the CI build for each push, and using the
master branch don't become a problem.
Regards,
--
William Lallemand
ps://github.com/haproxy/haproxy/actions/runs/5573879545/jobs/10181759082
Regards,
--
William Lallemand
) :
> +smp->strm ? sc_conn(smp->strm->scb) : NULL;
> +
> +ssl = ssl_sock_get_ssl_object(conn);
> +if (!ssl)
> +return 0;
> +
> +nid = SSL_get_negotiated_group(ssl);
> +if (!nid)
> +return 0;
> +smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
> +if (!smp->data.u.str.area)
> +return 0;
> +
> +smp->data.type = SMP_T_STR;
> +smp->flags |= SMP_F_VOL_SESS | SMP_F_CONST;
> +smp->data.u.str.data = strlen(smp->data.u.str.area);
> +
> +return 1;
> +}
> +#endif
The code looks good to me, only the reg-tests part should be reworked IMO.
Regards,
--
William Lallemand
were
made as an cleaner alternative to directories so you could specify each
file you need manually and set options to them.
As I explained in my previous mail, the option was not set on the bind
lines because of architectural problems, but you could expect to have a
way to do it globally in future versions.
--
William Lallemand
now, but that
will evolve!
> > It could also be a global option *as well*, but imho it does need to
> > be a bind line configuration option, just like strict-sni, alpn and
> > ciphers, so we can enable it specifically (per frontend, per bind
> > line) without requiring crt-list.
Sure, that what considered for the evolution of the feature !
--
William Lallemand
what would be
> useful would be to just change the default, because if you have 100k
> certs, it's likely that 99.9k work one way and the other ones the other
> way, and what you want is to indicate the default and only mention the
> exception for those concerned.
Indeed that could be a way to do it.
--
William Lallemand
t
documentation, and it's specified in the documentation that it's only
for crt-list.
--
William Lallemand
le for HAProxy since we are using the
OpenSSL compatiblity layer.
If you want to discuss this, please continue on the haproxy github
ticket or we will again split the discussion between multiple support..
--
William Lallemand
On Sat, Apr 08, 2023 at 01:36:48PM +0200, Илья Шипицин wrote:
> Hello,
>
> couple of patches:
>
> 1) Fedora Rawhide (known to include the most recent compilers) monthly
> builds
> 2) small cleanup, "actions/checkout" bumped to v3
>
> Cheers,
> Ilya
Thanks, merged.
--
William Lallemand
esh-official/acme.sh/wiki/Stateless-Mode#haproxy
--
William Lallemand
t; >
> > Best regards
> > Tim Düsterhus
>
> Hi Tim,
>
> Sorry about that delay. The patch looks good to me. I'll let William
> merge it when he has the time.
>
> Rémi
>
Thanks to both of you, merged.
--
William Lallemand
ons than me. But
> generally speaking I agree that it looks more readable after the change.
>
> thanks,
> Willy
>
LGTM.
--
William Lallemand
estroyed at the end, so I just add it in the environment as
recommended in the documentation.
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
So we can remove any token that was generated for this problem, it is
not useful.
Regards,
--
William Lallemand
and that
> would be fine, but until this, I don't know what such guarantees we
> have. This is my concern regarding the use of this token like this.
>
> Thanks,
> Willy
You need to be logged to see the logs of the CI, I don't know if it is
only accessible to the people in the
On Thu, Dec 22, 2022 at 05:37:59PM +0100, William Lallemand wrote:
> On Thu, Dec 22, 2022 at 10:32:22PM +0600, Илья Шипицин wrote:
> > I attached a patch. It keeps current behaviour and is safe to apply.
> >
> > in order to make a difference, github token must be issued and
On Thu, Dec 22, 2022 at 10:32:22PM +0600, Илья Шипицин wrote:
> I attached a patch. It keeps current behaviour and is safe to apply.
>
> in order to make a difference, github token must be issued and set via
> github ci settings.
>
> Ilya
>
I just pushed it, thank you.
--
William Lallemand
e 563, in error
return self._call_chain(*args)
File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
result = func(*args)
File "/usr/lib/python3.10/urllib/request.py", line 643, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: rate limit exceeded
Thanks!
--
William Lallemand
CI: github: remove redundant ASAN loop
CI: github: split matrix for development and stable branches
Remi Tricot-Le Breton (1):
BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
William Lallemand (16):
BUG/MINOR: ssl: initialize SSL error before parsing
.
We just need to be careful every 2 years when the ubuntu version change
and an HAProxy release is done, not to be stuck in 22.04 :-)
--
William Lallemand
y-2.5.git;a=blob;f=.github/matrix.py;hb=HEAD#l132
Ideally it would be better to still build libreSSL in stable.
In my opinion there should be at least one version + the latest for this
method to work, but if the latest is equal to an already built version
that doesn't make sens to build it again.
--
William Lallemand
On Mon, Dec 12, 2022 at 08:48:06AM +0100, William Lallemand wrote:
> Hi Ilya !
>
> On Mon, Dec 12, 2022 at 10:56:11AM +0500, Илья Шипицин wrote:
> > hello,
> >
> > I made some prototype of I meant:
> >
> > https://github.com/chipitsine/haproxy/commit/c
On Tue, Dec 06, 2022 at 11:35:03PM +0100, Tim Duesterhus wrote:
> William,
>
> On 12/6/22 19:40, William Lallemand wrote:
> > I disagree, porting to a new API is not something you would do just
> > before a release, you need to do it progressively if possible, because
> &g
est" to "ubuntu-20.04" for those branches so it
works as earlier. I'm going to reintroduce "1.1.1" for master to 2.6 so
it is correctly tested again.
In my opinion we need a similar mecanism for the distribution than for
the ssl libs. Maybe using "latest" only in dev branches and a fixed
version for stable branches will be enough.
Regards,
--
William Lallemand
you need to do it progressively if possible, because
it could introduce heavy development and sometimes discussions with the
library developers and unfortunately that could take time.
That would be too bad to postpone support for a new version because
nobody looked at this during the development cycle, and the changes are
too heavy to be integrated.
--
William Lallemand
so it could be
conditionned by a check on the version, for example only started if
there is '-dev' in the version.
So we should probably:
- Revert "latest" to "3.0.7" in the master, and backport the patch in the
previous supported branches. (as far as 2.4 I think)
- Introduce "3.1.0-alpha1" to master
- Introduce "latest" to weekly master
--
William Lallemand
t the libraries.
What do you guys think?
--
William Lallemand
documentation. But I'm pretty sure I've
> seen it in there before...
>
Regards,
--
William Lallemand
0x%08x",
> > tp->choosen);
> > + chunk_appendf(b, "\n\tversion_information:(chosen=0x%08x", tp->coosen);
I don't think it will even compile this way.
>
--
William Lallemand
ven the patch's author. Please keep the author and
>list CCed in replies. Please note that in absence of any response this
>pull request will be lost.
>
--
William Lallemand
o make it fail, my alpine version wasn't the right one in my container,
even if I used :latest it wasn't the same, and the number of threads
wasn't right either.
Once I had the coredump I identified what was missing but I spend some
time trying to change multiple parameters.
--
William Lallemand
.
I think this will help to debug a lot, I know there is also the ability
to get an artefact with the coredump, which could also be interesting,
but having the traceback on the CI page is easy.
If no one complain, I'll push the patch.
Cheers,
--
William Lallemand
>From 4465fe8c77aa2ce664ebfc46b41
our commit because we changed the lib version it's difficult to know
where the issue is.
Maybe we could have a separated CI job with the "latest" version, so we ensure
that this is running correctly before integrating the version to the
"per-commit" CI jobs. What do you think about that? It seems like a good
compromise to me.
--
William Lallemand
released we would still need the 3.0 branch.
I think we need something to test the latest release of a branch, and
not the latest version of all branches. Maybe we could specify "3.0.x"
to get the latest 3.0?
Regards,
--
William Lallemand
ranches automatically?
> we can modify github pipeline to use quic for libressl builds
>
I think that's a good idea, indeed.
--
William Lallemand
1 - 100 of 681 matches
Mail list logo