Re: [PATCH] MEDIUM: dns: support for Additional section

Hi Baptiste, On Tue, Jan 21, 2020 at 10:38:37AM +0100, Baptiste wrote: > Hi there, > > For those using DNS service discovery through SRV record, you might be > aware that HAProxy is quite verbose with your DNS server: it does one SRV > query + 1 A/ per server found in the SRV response. >

Re: [PATCH] MINOR: http_act: enforce capture rule id checking in frontends only

Hi Baptiste, On Thu, Jan 16, 2020 at 02:50:30PM +0100, Baptiste wrote: > From c8192107c7055e36a6b6ab9b262b448a52346776 Mon Sep 17 00:00:00 2001 > From: Baptiste Assmann > Date: Thu, 16 Jan 2020 14:34:22 +0100 > Subject: [PATCH] MINOR: http_act: don't check capture id in backend (...) I retagged

Re: [PATCH] improving ssl defines

Hi Ilya, On Sat, Jan 18, 2020 at 06:47:48PM +0500, ??? wrote: > Hello, > > let us switch to constants check, not versions. > > cheers, > Ilya Shipitcin > From a8b68e746bb71c4fee65a05bea8287ad970c979c Mon Sep 17 00:00:00 2001 > From: Ilya Shipitsin > Date: Sat, 18 Jan 2020 18:42:45

Re: [PATCH] better anti replay check

On Sun, Jan 19, 2020 at 12:22:17PM +0500, ??? wrote: > Hello, > > let us check constants, not openssl versions. Makes sense, thanks. Now merged (and added a commit message). Willy

Re: [PATCH] improving ssl defines

On Wed, Jan 22, 2020 at 11:32:43AM +0500, ??? wrote: > I've taken openssl branches (master, openssl_1_1_1 and openssl_1_1_0) and > built haproxy against various commits (not tagged as releases). > sometimes build fail, I ended with changing "ifdef" from > version-dependendent (which is

Re: [PATCH] introduce ARM64 travis-ci builds

On Sun, Jan 19, 2020 at 12:18:00PM +0500, ??? wrote: > hello, > > sometimes arm64 builds fails, I think it is good chance to introduce > regular builds > and fix them. > > also, few small improvements. Merged, thanks Ilya. Next time, please be stricter and split your additions and your

Re: SameSite attribute for persistent session cookie

Hi guys, On Tue, Jan 21, 2020 at 11:49:43AM +0100, Christopher Faulet wrote: > Le 21/01/2020 à 09:14, mickael.br...@orange.com a écrit : > > Hello, > > > > With Chrome 80 release in february, HAProxy persistent session cookie > > will not be working anymore for sites embedded into iframe on

Re: [PATCH] improving ssl defines

ср, 22 янв. 2020 г. в 11:24, Willy Tarreau : > Hi Ilya, > > On Sat, Jan 18, 2020 at 06:47:48PM +0500, ??? wrote: > > Hello, > > > > let us switch to constants check, not versions. > > > > cheers, > > Ilya Shipitcin > > > From a8b68e746bb71c4fee65a05bea8287ad970c979c Mon Sep 17 00:00:00

Re: Enhancement plugin feature for haproxy

On Mon, Jan 20, 2020 at 10:06:20PM +0100, Christopher Faulet wrote: > Nuster evolves in parallel of > HAProxy. It is a fork of it, it is not a patchset on top of it. The nuster > developer never tried to make its project compatible with HAProxy. Or at > least, he never asked anything on the

Re: [PATCH] CLEANUP: Consistently `unsigned int` for bitfields

On Sat, Jan 18, 2020 at 11:41:58AM +0100, Tim Düsterhus wrote: > Fair enough. In the specific implementation of gcc it might be okay. But > that doesn't say anything about clang (but I guess it's okay as well). Clang tries hard to support whatever gcc does and when I mean gcc I implicitly also

SameSite attribute for persistent session cookie

Hello, With Chrome 80 release in february, HAProxy persistent session cookie will not be working anymore for sites embedded into iframe on multiple domains. See issue https://github.com/haproxy/haproxy/issues/361 Have you planned something to manage that point soon ? Thank you, Mickaël

Re: [PATCH] MINOR: ssl: accept 'verify' bind option with 'set ssl cert'

On Mon, Jan 20, 2020 at 05:33:53PM +0100, Emmanuel Hocdet wrote: > Hi, > > A last patch for today. > > ++ > Manu Good point, merged. Thanks! -- William Lallemand

[PATCH] MEDIUM: dns: support for Additional section

Hi there, For those using DNS service discovery through SRV record, you might be aware that HAProxy is quite verbose with your DNS server: it does one SRV query + 1 A/ per server found in the SRV response. This patch aims at improving this behavior par using first Additional records if

Re: [PATCH] BUG/MINOR: ssl: fix 3 memory leaks with set ssl cert

On Mon, Jan 20, 2020 at 05:09:59PM +0100, Emmanuel Hocdet wrote: > > Hi, > > Fix memory leaks with « set ssl cert ». > > ++ > Manu > > Thanks, merged! -- William Lallemand

Re: SameSite attribute for persistent session cookie

Le 21/01/2020 à 09:14, mickael.br...@orange.com a écrit : Hello, With Chrome 80 release in february, HAProxy persistent session cookie will not be working anymore for sites embedded into iframe on multiple domains. See issue https://github.com/haproxy/haproxy/issues/361 Have you planned

Re: [PATCH] ssl certificates load speedup and dedup (pem/ctx)

Hi,Patches updated, depend on "[PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent"++ManuLe 10 avr. 2019 à 13:23, Emmanuel Hocdet a écrit :Hi,Updated patch serie:Fix OpenSSL < 1.0.2 compatibilty.More generic key for issuers ebtree.++Manu

Re: SameSite attribute for persistent session cookie

Christopher, Am 21.01.20 um 11:49 schrieb Christopher Faulet: > Any comments ? > I don't need it myself, but I want to mention that it should be backported, because the current situation can be "considered a bug" (a feature now longer works due to changes in the ecosystem). I guess the patch is

Re: SameSite attribute for persistent session cookie

Hello, On Tue, 21 Jan 2020 at 13:09, Tim Düsterhus wrote: > I don't need it myself, but I want to mention that it should be > backported, because the current situation can be "considered a bug" (a > feature now longer works due to changes in the ecosystem). I guess the > patch is fairly low

RE: SameSite attribute for persistent session cookie

Hello, I have tested the patch provided by Christopher. It seems to work well. Do you know if it will be available in an official release soon? Agree with the backport on 1.X branch, with the same question for the planning. Thank you, Mickaël -Message d'origine- De : Lukas Tribus