Re: how to upgrade haproxy

Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: Hi, On Thu, Aug 24, 2023 at 03:23:59PM +0530, Atharva Shripad Dudwadkar wrote: Hi haproxy Team, Can you please help me with the upgrading process regarding haproxy from 2.0.7 to 2.5. in RHEL. Could you please share

Re: how to upgrade haproxy

Hi, On Thu, Aug 24, 2023 at 03:23:59PM +0530, Atharva Shripad Dudwadkar wrote: > Hi haproxy Team, > > Can you please help me with the upgrading process regarding haproxy from > 2.0.7 to 2.5. in RHEL. Could you please share with me upgrading process? Please note that 2.5 is no longer supported,

Re: [PR] Fix build error on ppc64le: invalid parameter combination for AltiVec...

On Mon, Aug 21, 2023 at 06:51:00PM +0200, Willy Tarreau wrote: > Hi Tim, Peter, > > On Mon, Aug 21, 2023 at 05:36:58PM +0200, Tim Düsterhus wrote: > > Peter, > > > > On 8/21/23 17:23, PR Bot wrote: > > > Patch title(s): > > > Fix build error on ppc64le: invalid parameter combination for

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hello, On Fri, Aug 18, 2023 at 11:32:17PM +, Hopkins, Andrew wrote: > Do you have a preference between 1 and 2? Where does that notification > go if something does break in the future? I prefer that we only do a weekly build for now, we already have too much things in the per push CI. The

Re: [PR] Fix build error on ppc64le: invalid parameter combination for AltiVec...

Hi Tim, Peter, On Mon, Aug 21, 2023 at 05:36:58PM +0200, Tim Düsterhus wrote: > Peter, > > On 8/21/23 17:23, PR Bot wrote: > > Patch title(s): > > Fix build error on ppc64le: invalid parameter combination for AltiVec > > intrinsic __builtin_vec_ld > > > > xxhash.h should not be modified,

Re: [PR] Fix build error on ppc64le: invalid parameter combination for AltiVec…

Peter, On 8/21/23 17:36, Tim Düsterhus wrote: Petter, Please apologize the typo here. It should read "Peter", of course. Best regards Tim Düsterhus

Re: [PR] Fix build error on ppc64le: invalid parameter combination for AltiVec…

Petter, On 8/21/23 17:23, PR Bot wrote: Patch title(s): Fix build error on ppc64le: invalid parameter combination for AltiVec intrinsic __builtin_vec_ld xxhash.h should not be modified, because it is an external library. However it appears that this might already be fixed upstream [1],

Re: [ANNOUNCE] haproxy-2.4.24

On Sat, Aug 19, 2023 at 12:07:03PM +0200, Willy Tarreau wrote: > - the "namespace" keyword in default-servers was parsed but ignored > > - the duplicate stick-table name check did not work for tables declared > inside peers sections. Sorry, these two ones are copy-paste mistakes in the

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hi Andrew, On Fri, Aug 18, 2023 at 11:32:17PM +, Hopkins, Andrew wrote: > Do you have a preference between 1 and 2? Where does that notification go if > something does break in the future? I have added a dedicated > USE_OPENSSL_AWSLC in the updated >

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

" Cc: William Lallemand , Willy Tarreau , Aleksandar Lazic , "haproxy@formilux.org" Subject: RE: [EXTERNAL] [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC CAUTION: This email originated from outside of the organization. Do not click links or open attach

Re: Fast and Professional Estimating Services

 Hi,I wanted to follow up with you regarding our construction estimating services. We specialize in providing detailed and accurate estimates to keep your projects running smoothly and on budget.If you have any upcoming projects that could benefit from our services, please send us the plans.

RE: Cyber Security Software Users

Hi, I was hoping to hear back from you! Did you get a chance to review my previous email? Kindly let me know your current email list requirements, so that I can get back to you accordingly. Look forward to hearing from you soon. Best regards, Janet Talley|Lead Generation Specialist From:

Re: WebTransport support/roadmap

Le 17/08/2023 à 11:46, Aleksandar Lazic a écrit : On 2023-08-17 (Do.) 10:14, Artur wrote: Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 Thank you. I have added a simple picture based on your E-Mails, hope I have understood your request properly. Sorry, I was not

Re: WebTransport support/roadmap

Hi. On 2023-08-17 (Do.) 10:14, Artur wrote: Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 Thank you. I have added a simple picture based on your E-Mails, hope I have understood your request properly. Regards Alex

Re: WebTransport support/roadmap

Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 -- Best regards, Artur

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

023 at 11:26 PM > *To: *William Lallemand > *Cc: *Willy Tarreau , "Hopkins, Andrew" , > Aleksandar Lazic , "haproxy@formilux.org" < > haproxy@formilux.org> > *Subject: *RE: [EXTERNAL] [PATCH] BUILD: ssl: Build with new > cryptographic library AWS-L

Re: WebTransport support/roadmap

Hello, Thank you for your answers. Le 16/08/2023 à 20:01, Aleksandar Lazic a écrit : Please can you open a Feature request on https://github.com/haproxy/haproxy/issues so that anybody, maybe you :-), can pick it and implement it. I'll do it. Unfortunately, my dev skills are limited so I'm

Re: Quick Response

Hi, Just wanted to follow up on my previous email to see if you've had a chance to look into it yet. I'm really looking forward to hearing back from you soon! Thanks, Jessica Subject: AWS Users Business Leads. Hi there, I just wanted to check if you' d be interested in obtaining the contact

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

://github.com/aws/aws-lc/pull/1055 [5] https://github.com/aws/aws-lc/pull/1070 From: Илья Шипицин Date: Wednesday, August 9, 2023 at 11:26 PM To: William Lallemand Cc: Willy Tarreau , "Hopkins, Andrew" , Aleksandar Lazic , "haproxy@formilux.org" Subject: RE: [EXTERNAL] [PATC

Re: WebTransport support/roadmap

Looks like that's Websocket for udp/QUIC just because the Websocket Protocol does not work with QUIC, imho. From a cursory read of https://github.com/w3c/webtransport/blob/main/explainer.md, it seems to have slightly different goals from traditional Websocket though. Notably to sacrifice

Re: WebTransport support/roadmap

Hi. On 2023-08-16 (Mi.) 17:29, Artur wrote: Hello ! I wonder if there is a roadmap to support WebTransport protocol in haproxy. There are some explanations/references (if needed) from socket.io dev team that started to support it : https://socket.io/get-started/webtransport Looks like

RE: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

. If there should be a nit that you quickly want to change, feel free to. I am not upset about it at all. Best, Alexander -Original Message- From: Willy Tarreau Sent: Sunday, August 13, 2023 10:01 AM To: Stephan, Alexander Cc: haproxy@formilux.org Subject: Re: [PATCH] MEDIUM: sample: Implement

Re: problem with automatic OCSP update -- getting ipv6 address for ocsp endpoint

On 8/15/23 19:17, Tristan wrote: > A common error that can happen with let's encrypt certificates is if the DNS resolution provides an IPv6 address and your system does not have a valid outgoing IPv6 route. In such a case, you can either create the appropriate route or set the

Re: problem with automatic OCSP update -- getting ipv6 address for ocsp endpoint

Hi Shawn, See the note at the end of http://docs.haproxy.org/2.8/configuration.html#5.1-ocsp-update Specifically: > A common error that can happen with let's encrypt certificates is if the DNS resolution provides an IPv6 address and your system does not have a valid outgoing IPv6 route. In

Re: [PATCH] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)

On Mon, Aug 14, 2023 at 03:25:40PM +0200, Willy Tarreau wrote: > > I don't think this is applied yet, so Cc-ing Willy. > > I'll take it once I'm done with the other backports. Now applied, thank you! Willy

Re: Fast and Professional Estimating Services

 Hi,Sorry to bother you again,Have you received my emails? We are a cost estimating and architectural service provider.We estimate all types of construction projects including residential, commercial, new build and federal government projects.If you could send me the set of plans, I would love

Re: [PATCH] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)

Hi Tim, On Mon, Aug 14, 2023 at 02:07:04PM +0200, Tim Düsterhus wrote: > Hi > > On 8/7/23 16:34, Aurelien DARRAGON wrote: > > Oops indeed, wasn't aware of it, thank you Tim! > > > > I don't think this is applied yet, so Cc-ing Willy. I'll take it once I'm done with the other backports. Thank

Re: [PATCH] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)

Hi On 8/7/23 16:34, Aurelien DARRAGON wrote: Oops indeed, wasn't aware of it, thank you Tim! I don't think this is applied yet, so Cc-ing Willy. Best regards Tim Düsterhus

Re: haproxy.org Errors

Hi haproxy.org, Hope you are doing great! This is Joan, Business Analyst with 99webmarketing Technology(An age old Digital Marketing Agency operating over 10 years in the global market having its main office at AZ, USA. We exist for such a long only because we follow ethical business practices)

Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!

On Thu, Aug 10, 2023 at 01:59:34PM +0200, Johannes Naab wrote: > On 8/9/23 17:53, Aurelien DARRAGON wrote: > >> "http-request sc-set-gpt" does work, so does "tcp-request session". I.e. > >> the bug seems to depend on "tcp-request connection". > >> > > > > Indeed, according to both doc and code,

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

Hi Alexander, On Fri, Aug 11, 2023 at 02:08:37PM +, Stephan, Alexander wrote: > Hi Willy, > > Thanks for the nice, detailed feedback. > Overall, I agree with all of your listed points, so no need for further > discussions. ? > I will hopefully send the separated patches at the beginning of

RE: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

r -Original Message- From: Willy Tarreau Sent: Thursday, August 10, 2023 9:18 AM To: Stephan, Alexander Cc: haproxy@formilux.org Subject: Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values [You don't often get email from w...@1wt.eu

Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!

On 8/9/23 17:53, Aurelien DARRAGON wrote: >> "http-request sc-set-gpt" does work, so does "tcp-request session". I.e. >> the bug seems to depend on "tcp-request connection". >> > > Indeed, according to both doc and code, sc-set-gpt and sc-set-gpt0 are > available from: > > - tcp-request session

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

Hi Alexander, On Mon, Jul 31, 2023 at 01:11:35PM +, Stephan, Alexander wrote: > Dear HAProxy-maintainers, > > As proposed by my colleague Christian Menges in [1], I've implemented support > for fetching arbitrary TLV values for PROXY protocol V2 via a sample fetch. I'm afraid I don't

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

shall we unfreeze this activity? вт, 18 июл. 2023 г. в 10:46, William Lallemand : > On Tue, Jul 18, 2023 at 09:11:33AM +0200, Willy Tarreau wrote: > > I'll let the SSL maintainers check all this, but my sentiment is that in > > general if there are differences between the libs, it would be

Re: [PATCH 0/2] CI changes

On Sun, Aug 06, 2023 at 12:07:37AM +0200, Ilya Shipitsin wrote: > fixed 'Unknown argument "groupinstall" for command "dnf5"' > coverity scan CI rewritten without travis-ci wrapper Both patches mergde with the typo fixed. Thanks Ilya! Willy

Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!

>> I have no idea what causes it at the moment. A few things you could try, >> in any order, to help locate the bug: >> >> - check if it accepts it using "http-request sc-set-gpt" instead of >> "tcp-request connection" so that we know if it's related to the ruleset >> or something else ;

Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!

Hi Willy, On 8/9/23 13:48, Willy Tarreau wrote: > Hi Johannes, > > On Wed, Aug 09, 2023 at 01:02:29PM +0200, Johannes Naab wrote: >> Hi, >> >> I'm trying to use a stick table with general purpose tags (gpt) to do longer >> term (beyond the window itself) maximum connection rate tracking: >> -

Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!

Hi Johannes, On Wed, Aug 09, 2023 at 01:02:29PM +0200, Johannes Naab wrote: > Hi, > > I'm trying to use a stick table with general purpose tags (gpt) to do longer > term (beyond the window itself) maximum connection rate tracking: > - stick table with conn_rate and one gpt > - update/set gpt0 if

Re: Fast and Professional Estimating Services

 Hi,This is just a follow up email.If you are holding a project, please send over the plans in PDF format for getting a firm quote on your project.Please let me know if you would like to review our sample estimate or have any questions regarding our services.Looking forward to having a good

Re: Problems using custom error files with HTTP/2

Hi Alex, On 2.6, with H2 enabled, there are certain error pages that HAProxy can't serve over HTTP/2. For example, if all the back ends are unavailable it should return an error page, but it just returns an invalid H2 response. To reproduce, just set up a minimal config with an H2

Re: Problems using custom error files with HTTP/2

Hi. On 2023-08-07 (Mo.) 18:35, Nick Wood wrote: Hello all, I'm not sure if anything further happened with this, but after upgrading from 2.6 to 2.8.1, custom pages are now broken by default over HTTP/2. Please can you specific more deeper what you mean with "broken by default". What does

Re: Problems using custom error files with HTTP/2

Hello all, I'm not sure if anything further happened with this, but after upgrading from 2.6 to 2.8.1, custom pages are now broken by default over HTTP/2. Has HTTP/2 support been enabled by default? If so how would one turn it off so we don't have to downgrade back to v2.6? Thanks,

Re: [PATCH] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)

On 07/08/2023 15:46, Tim Duesterhus wrote: > Introduced in: > > 424981cde REGTEST: add ifnone-forwardfor test > b015b3eb1 REGTEST: add RFC7239 forwarded header tests > > see also: > > fbbbc33df REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ > --- >

RE: Global Gaming Expo 2023

Hi-good week, To get started with potential buyers contact list, respond "How much is the cost?" Interested in receiving a sample list, let me know if you're interested in receiving one. Thanks, Lana From: Lana Marie Sent: Friday, August 4, 2023 3:39 PM To: haproxy@formilux.org Subject:

Re: [PATCH 2/2] CI: get rid of travis-ci wrapper for Coverity scan

On Mon, Aug 07, 2023 at 12:35:33PM +0200, ??? wrote: > I made a typo > > + https://scan.coverity.com/builds?project=Hsproxy > > can it be fixed on the fly ? or I can send v2. I'll fix it, no worries. Thanks Ilya! Willy

Re: [PATCH 2/2] CI: get rid of travis-ci wrapper for Coverity scan

I made a typo + https://scan.coverity.com/builds?project=Hsproxy can it be fixed on the fly ? or I can send v2. вс, 6 авг. 2023 г. в 00:10, Ilya Shipitsin : > historically coverity scan was performed by travis-ci script, let us > rewrite it in bash > --- >

Re: libcrypt may be removed completely in future Glibc releases

Hi Aleks, On Wed, Aug 02, 2023 at 11:14:35AM +0200, Aleksandar Lazic wrote: > Hi. > > I have seen this lines in the current glibc release notes > > https://sourceware.org/glibc/wiki/Release/2.38 > ``` > 2.1. Building libcrypt is disabled by default > > If you still need Glibc libcrypt, pass

Re: [PATCH] MEDIUM: sample: Implement sample fetch for arbitrary PROXY protocol v2 TLV values

Hi Alexander, On Mon, Jul 31, 2023 at 01:11:35PM +, Stephan, Alexander wrote: > Dear HAProxy-maintainers, > > As proposed by my colleague Christian Menges in [1], I've implemented support > for fetching arbitrary TLV values for PROXY protocol V2 via a sample fetch. > It can be used by

Re: [PR] some typos for sock.c and proxy.c

Hi! On Sat, Aug 05, 2023 at 05:23:03AM +, PR Bot wrote: > Author: haojue > Number of patches: 1 > > This is an automated relay of the Github pull request: >some typos for sock.c and proxy.c > > Patch title(s): >some typos for sock.c and proxy.c (...) Thanks for these. Please have

Re: haproxy 2.4 and Kafka sink/source connector issues

We've tested 2.3.21 and 2.2.30 successfully, so it appears to be a 2.4 addition. We've tested 2.4.23 and the latest 2.7 and 2.8 versions. *David GreenwaldSenior Site Reliability engineerdavid.greenw...@discogsinc.com * On Tue, Aug 1, 2023 at 9:16 PM Willy Tarreau wrote: > On Tue, Aug 01,

Re: haproxy 2.4 and Kafka sink/source connector issues

On Tue, Aug 01, 2023 at 08:38:24PM -0700, David Greenwald wrote: > Thanks for the response! That seems unlikely, we're doing an httpchk > to the clustercheck > utility > > following the pxc reference architecture, so

Re: haproxy 2.4 and Kafka sink/source connector issues

Thanks for the response! That seems unlikely, we're doing an httpchk to the clustercheck utility following the pxc reference architecture, so not actually making a direct database request from haproxy. We're also

Re: haproxy 2.4 and Kafka sink/source connector issues

Hi David, On Tue, Aug 01, 2023 at 05:11:48PM -0700, David Greenwald wrote: > Hi all, > > Looking for some help with a networking issue we've been debugging for > several days. We use haproxy to TCP load-balance between Kafka Connectors > and a Percona MySQL cluster. In this set-up, the

Re: haproxy 2.4 and Kafka sink/source connector issues

hey, first, use "option mysql-check", for better service checking. you'll have to add a user and access to the database, and the howto is in the configuration.txt file (https://www.haproxy.org/download/2.1/doc/configuration.txt).  the "option httpchk" is doing you nothing because the backend

Re: SV: Strange problem

On Sat, Jul 29, 2023 at 10:48:28PM +, Henning Svane wrote: > Hi Willy > > You were right, replacing "url_beg" with "path_beg" solves the problem. > > Strang that it has not been a problem for 2.5, 2.6 and 2.7, could it be there > has been fixed something in 2.8 for "url_beg" / "path_beg"

Re: ACL with multi or

http-request tarpit deny_status 403 unless XMail_Autodiscover || XMail_EAS || XMail_ECP || XMail_EWS || XMail_MAPI || XMail_OAB || XMail_OWA || XMail_RPC || XMail_PowerShell Get Outlook for Android Public From: Henning Svane Sent:

Re: Strange problem

Hi Henning, On Sat, Jul 29, 2023 at 07:21:58PM +, Henning Svane wrote: > Hi > Today I started to get this problem. > Linie 29140: Jul 29 18:47:09 haproxyxmail01 haproxy[1010]: 192.168.y.65:26570 > [29/Jul/2023:18:47:09.605] FrontEnd_Xmail_L7_IPv4~ > FrontEnd_Xmail_L7_IPv4/ -1/-1/-1/-1/0 503

Re: QUIC with a fcgi backend

On 25/07/2023 12:04, Christopher Faulet wrote: With more intensive tests, I'm able to reproduce it time to time. It is timing dependent. It happens when the last 2 DATA frames are decodes in same time. The end of the request is detected to early, on the first DATA frame instead of the last

Re: QUIC with a fcgi backend

Le 7/24/23 à 19:21, Yaacov Akiba Slama a écrit : On 24/07/2023 19:02, Aleksandar Lazic wrote: Are the HAProxy and the FCGI Server on the same host/network or is there any firewall or anything in between? Both run in the same host. In order to reproduce the problem I had with php-fpm, I am

Re: QUIC with a fcgi backend

On 24/07/2023 19:02, Aleksandar Lazic wrote: Are the HAProxy and the FCGI Server on the same host/network or is there any firewall or anything in between? Both run in the same host. In order to reproduce the problem I had with php-fpm, I am using a simple go fcgi server: package main

Re: QUIC with a fcgi backend

Yaacov. On 2023-07-24 (Mo.) 15:08, Christopher Faulet wrote: Le 7/24/23 à 12:24, Yaacov Akiba Slama a écrit : Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to

Re: QUIC with a fcgi backend

Le 7/24/23 à 12:24, Yaacov Akiba Slama a écrit : Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to specify a content-length was found. I pushed a flag, it should

Re: QUIC with a fcgi backend

Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to specify a content-length was found. I pushed a flag, it should be fixed: commit

Re: QUIC with a fcgi backend

Le 7/22/23 à 21:48, Yaacov Akiba Slama a écrit : Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in the logs. The problem occurs with both haproxy 2.8.1 and

Re: Old style OCSP not working anymore?

On Mon, Jul 24, 2023 at 07:21:16AM +, Jarno Huuskonen wrote: > Hello, > > On Fri, 2023-07-21 at 17:31 +0200, Remi Tricot-Le Breton wrote: > > I found the faulty commit for Jarno's issue ("cc346678d MEDIUM: ssl: Add > > ocsp_certid in ckch structure and discard ocsp buffer early"). > > Here's

Re: Old style OCSP not working anymore?

Hello, On Fri, 2023-07-21 at 17:31 +0200, Remi Tricot-Le Breton wrote: > I found the faulty commit for Jarno's issue ("cc346678d MEDIUM: ssl: Add > ocsp_certid in ckch structure and discard ocsp buffer early"). > Here's a patch that should fix it. If you want to try it with your > setups be my

Re: QUIC with a fcgi backend

Sending the config file as an attachment. -yas On 23/07/2023 07:20, Yaacov Akiba Slama wrote: On 22/07/2023 23:07, Aleksandar Lazic wrote: Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of

Re: QUIC with a fcgi backend

On 22/07/2023 23:07, Aleksandar Lazic wrote: Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in

Re: QUIC with a fcgi backend

Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in the logs. The problem occurs with both haproxy

Re: Old style OCSP not working anymore?

Hello, On 21/07/2023 14:40, Remi Tricot-Le Breton wrote: Hello, On 21/07/2023 11:51, Jarno Huuskonen wrote: Hi, On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote: The best thing to do is to test with `openssl s_client -showcerts -connect some.hostname.nl:443` with both your versions to

Re: [PATCH 1/2] BUG/MINOR: server-state: Avoid warning on 'file not found'

Le 7/20/23 à 22:21, Marcos de Oliveira a écrit : From: Marcos de Oliveira On a clean installation, users might want to use server-state-file and the recommended zero-warning option. This caused a problem if server-state-file was not found, as a warning was emited, causing startup to fail.

Re: Old style OCSP not working anymore?

Hello, On 21/07/2023 11:51, Jarno Huuskonen wrote: Hi, On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote: The best thing to do is to test with `openssl s_client -showcerts -connect some.hostname.nl:443` with both your versions to identify what changed. I've tested with 'openssl s_client

Re: Old style OCSP not working anymore?

On 2023-07-21 11:51, Jarno Huuskonen wrote: If I change the order of ipv4 / ipv6 binds (so bind ipv6@:::443 name v6ssl... is first) then haproxy(2.8.1) sends ocsp with ipv6 connection and not with ipv4. Hmmm, I cannot reproduce this, but this might be because I have multiple frontends with

Re: Old style OCSP not working anymore?

Hi, On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote: > > The best thing to do is to test with `openssl s_client -showcerts > > -connect some.hostname.nl:443` with both your versions to identify what > > changed. > > I've tested with 'openssl s_client -showcerts -connect mydomain.com:443 >

Re: Old style OCSP not working anymore?

On Thu, Jul 20, 2023 at 08:27:08PM +0200, Sander Klein wrote: > On 2023-07-20 11:14, William Lallemand wrote: > > On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote: > >> On 2023-07-19 11:00, William Lallemand wrote: > >> "show ssl ocsp-resonse" gives me a lot of output like: > >> > >>

Re: Old style OCSP not working anymore?

On 2023-07-20 11:14, William Lallemand wrote: On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote: On 2023-07-19 11:00, William Lallemand wrote: "show ssl ocsp-resonse" gives me a lot of output like: Certificate ID key : *LONGID* Certificate path : /parth/to/cert.pem Certificate ID:

Re: Old style OCSP not working anymore?

On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote: > On 2023-07-19 11:00, William Lallemand wrote: > > On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote: > >> On 2023-07-17 15:17, William Lallemand wrote: > >> > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: >

Re: Old style OCSP not working anymore?

On 2023-07-19 11:00, William Lallemand wrote: On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote: On 2023-07-17 15:17, William Lallemand wrote: > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: >> Hi, >> >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I

Re: Old style OCSP not working anymore?

On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote: > On 2023-07-17 15:17, William Lallemand wrote: > > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: > >> Hi, > >> > >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I > >> couldn't > >> connect to any of

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

On Tue, Jul 18, 2023 at 10:43:57AM +0200, William Lallemand wrote: > On Tue, Jul 18, 2023 at 09:11:33AM +0200, Willy Tarreau wrote: > > I'll let the SSL maintainers check all this, but my sentiment is that in > > general if there are differences between the libs, it would be better if > > we have

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

On Tue, Jul 18, 2023 at 09:11:33AM +0200, Willy Tarreau wrote: > I'll let the SSL maintainers check all this, but my sentiment is that in > general if there are differences between the libs, it would be better if > we have a special define for this one as well. It's easier to write and > maintain

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

вт, 18 июл. 2023 г. в 09:14, Willy Tarreau : > Hi Andrew, > > On Tue, Jul 18, 2023 at 06:26:45AM +, Hopkins, Andrew wrote: > > Willy you're correct. AWS-LC does have support for the QUIC primitives > > HAProxy needs, we just need to fix some of the names [1] in either > HAProxy's > > code or

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hi Andrew, On Tue, Jul 18, 2023 at 06:26:45AM +, Hopkins, Andrew wrote: > Willy you're correct. AWS-LC does have support for the QUIC primitives > HAProxy needs, we just need to fix some of the names [1] in either HAProxy's > code or AWS-LC in a follow up change. OK, thanks for confirming

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Willy you're correct. AWS-LC does have support for the QUIC primitives HAProxy needs, we just need to fix some of the names [1] in either HAProxy's code or AWS-LC in a follow up change. To Alex's concern on API compatibility: yes AWS-LC is aiming to provide a more stable API. We already run

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

: Aleksandar Lazic , "Hopkins, Andrew" , "haproxy@formilux.org" Subject: RE: [EXTERNAL][PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

сб, 15 июл. 2023 г. в 10:44, Willy Tarreau : > Hi Alex, Andrew, > > On Thu, Jul 13, 2023 at 11:54:44AM +0200, Aleksandar Lazic wrote: > > On 2023-07-13 (Do.) 08:22, Hopkins, Andrew wrote: > > > * Do you plan to add quic (Server part) faster then OpenSSL? > > > > > > I have not looked into quic

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

-0b21de6f7e1d44cc39f76a8d90c65fc0edbe75fd5327a20cfc9f45c79925e66b From: Илья Шипицин Date: Saturday, July 15, 2023 at 1:30 PM To: "Hopkins, Andrew" Cc: "haproxy@formilux.org" Subject: RE: [EXTERNAL][PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC CAUTION: This email ori

Re: Old style OCSP not working anymore?

On 2023-07-17 15:17, William Lallemand wrote: On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: Hi, I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't connect to any of the sites behind it. While looking at the error it seems like OCSP is not working

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

On Mon, Jul 17, 2023 at 05:56:15PM +0200, Илья Шипицин wrote: > also, if "aws-lc" is somewhat very similar to openssl-1.1.1, we do not > expect we'll catch a lot of build errors daily because we already run > builds against openssl-1.1.1, maybe weekly CI would be enough. a Weekly CI is good

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

пн, 17 июл. 2023 г. в 11:58, William Lallemand : > On Wed, Jul 12, 2023 at 12:26:06AM +, Hopkins, Andrew wrote: > > Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) > > project [1]. Our goal is to improve the cryptography we use internally > > at AWS and help our customers

Re: [PATCH 0/2] improve CI friendliness

On Sat, Jul 15, 2023 at 12:00:47AM +0200, Ilya Shipitsin wrote: > thanks to Andrew Hopkins from Amazon, we've learned that CI is already easy > to learn, > however few things can be improved. > > let us add naming convention inline comment, also if VTest fails, let is > highlight that. > >

Re: [PATCH 0/1] Implement new sample fetch method to get the curve name used in key agreement

On Mon, Jul 17, 2023 at 08:22:58AM -0500, Mariam John wrote: > This is an implementation of feature request > [#2165](https://github.com/haproxy/haproxy/issues/2165), > to get the EC curve name used during the key agreement in OpenSSL. This patch > includes the following > changes: > - new

Re: Wierd issue with OCSP updating

On Thu, Jul 13, 2023 at 07:10:29PM -0600, Shawn Heisey wrote: > On 7/13/23 15:00, Cyril Bonté wrote: > > Hi Shawn, > > > > Le 13/07/2023 à 18:48, Shawn Heisey a écrit : > >> Looks like on my last edit I deleted it and didn't add it to > >> defaults, so I was wrong in what I said.  It throws a

Re: Wierd issue with OCSP updating

On Thu, Jul 13, 2023 at 10:48:41AM -0600, Shawn Heisey wrote: > On 7/12/23 04:13, Remi Tricot-Le Breton wrote: > > On 11/07/2023 22:22, Shawn Heisey wrote: > >> On 7/11/23 01:30, Remi Tricot-Le Breton wrote: > >> That directive didn't work in "global" but it was accepted when I > >> moved it to

RE: [PATCH 0/1] Implement new sample fetch method to get the curve name used in key agreement

...@haproxy.com Subject: [EXTERNAL] Re: [PATCH 0/1] Implement new sample fetch method to get the curve name used in key agreement On Fri, Jul 14, 2023 at 02:59:52AM -0500, Mariam John wrote: > This is an implementation of feature request > [#2165](https://github.com/haproxy/haproxy/issues/2165 ), &g

Re: Old style OCSP not working anymore?

On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: > Hi, > > I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't > connect to any of the sites behind it. > > While looking at the error it seems like OCSP is not working anymore. > Right now I have a setup in

Re: Compiling HAProxy 2.8.1 with WolfSSL 5.6.3 yields errors about OCSP

On Fri, Jul 14, 2023 at 11:01:16PM +0200, Marcel Menzel wrote: > Hello List, > > Trying to compile HAProxy version 2.8.1 with WolfSSL 5.6.3 results in > the following error: > > src/ssl_sock.c: In function ‘ssl_sock_load_ocsp’: > src/ssl_sock.c:1117:9: error: unknown type name ‘tlsextStatusCb’

RE: School Districts Contacts 2023

Hi there, We are excited to offer you a comprehensive email list of school districts that includes key contact information such as phone numbers, email addresses, mailing addresses, company revenue, size, and web addresses. Our databases also cover related industries such as: * K-12

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

On Wed, Jul 12, 2023 at 12:26:06AM +, Hopkins, Andrew wrote: > Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) > project [1]. Our goal is to improve the cryptography we use internally > at AWS and help our customers externally. In the spirit of helping > people use good crypto

<    3   4   5   6   7   8   9   10   11   12   >