Hi, Willy,
Thank you for your quick reply!
> But I mean, that's probably OK and I won't argue on this. I'd be
> interested in others' opinions and/or suggestions on this, but
> it's not critical.
Thank you for your comment.
If these keywords are inappropriate for users,
please feel free to tell
From: Shimi Gersner
Hi Team, Ilya,
Following the conversation yesterday I have added a fix and manually
tested the following openssl variants
- openssl-{1.0.1e,1.0.2u,1.1.1g}
- libressl-{2.9.2,3.1.1}
Additionally I have re-ran travis/cirrus
- https://travis-ci.com/github/gersner/haproxy/b
From: Shimi Gersner
haproxy supports generating SSL certificates based on SNI using a provided
CA signing certificate. Because CA certificates may be signed by multiple
CAs, in some scenarios, it is neccesary for the server to attach the trust chain
in addition to the generated certificate.
The
From: Shimi Gersner
The use of Common Name is fading out in favor of the RFC recommended
way of using SAN extensions. For example, Chrome from version 58
will only match server name against SAN.
The following patch adds an optional flag to attach SAN extension
of type DNS to the generated certif
That's my fault. I was aware of the versioning but forgot to wrap in ifdef
there.
Configuration prevents from setting those settings on unsupported versions.
On Sun, Jul 5, 2020 at 2:57 PM Илья Шипицин wrote:
> https://cirrus-ci.com/task/6191727960653824
>
> seems, openssl-1.0.0 (used in CentOS
https://cirrus-ci.com/task/6191727960653824
seems, openssl-1.0.0 (used in CentOS6/RHEL6) does not support those methods.
haproxy claims to support openssl starting 0.9.8, I guess openssl-0.9.8 is
rarely tested
вс, 5 июл. 2020 г. в 16:48, Gersner :
> Awesome. I will run the manual tests on the v
Awesome. I will run the manual tests on the variants later today.
Thanks.
On Sun, Jul 5, 2020 at 2:45 PM Илья Шипицин wrote:
> if you have tested your code (I'm sure you did), maybe manual testing will
> be simple enough
> you just need to rebuild haproxy against LibreSSL, BoringSSL, older opens
if you have tested your code (I'm sure you did), maybe manual testing will
be simple enough
you just need to rebuild haproxy against LibreSSL, BoringSSL, older openssl
examples how to build ssl lib and build haproxy against it might be taken
from .travis.yml (I was about to write an article, but I
Hello,
I attached yet another typo fixing patch.
Cheers,
Ilya Shipitcin
From e75ba045512aafc62177d48011d74b9026ca36af Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sun, 5 Jul 2020 16:36:08 +0500
Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 11th iteration
there are regression tests written using vtest from varnish
https://github.com/haproxy/haproxy/tree/master/reg-tests
all important part of haproxy are supposed to be covered with reg-tests
(test coverage is getting better and better, but not yet complete)
вс, 5 июл. 2020 г. в 16:16, Gersner :
>
Oh, wasn't aware of that.
Is there some automation to test this or should I manually verify this?
On Sun, Jul 5, 2020 at 2:13 PM Илья Шипицин wrote:
> I recall some issues with LibreSSL and chaining trust. Like it was
> declared but never worked.
> we'll see that in runtime if there are such is
I recall some issues with LibreSSL and chaining trust. Like it was declared
but never worked.
we'll see that in runtime if there are such issues
вс, 5 июл. 2020 г. в 16:06, Илья Шипицин :
> nice, all ssl variants build well
> https://travis-ci.com/github/chipitsine/haproxy/builds/174323866
>
> вс
nice, all ssl variants build well
https://travis-ci.com/github/chipitsine/haproxy/builds/174323866
вс, 5 июл. 2020 г. в 15:48, Gersner :
>
>
> On Sun, Jul 5, 2020 at 1:42 PM Илья Шипицин wrote:
>
>> do you have your patches on github fork ?
>> (I could not find your fork)
>>
> Yes. See branch
>
On Sun, Jul 5, 2020 at 1:42 PM Илья Шипицин wrote:
> do you have your patches on github fork ?
> (I could not find your fork)
>
Yes. See branch
https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>
> вс, 5 июл. 2020 г. в 15:13, Gersner :
>
>>
>>
>> On Sun, Jul 5, 2020 at 12:28 PM Ил
do you have your patches on github fork ?
(I could not find your fork)
вс, 5 июл. 2020 г. в 15:13, Gersner :
>
>
> On Sun, Jul 5, 2020 at 12:28 PM Илья Шипицин wrote:
>
>> does it clearly applies to current master ? either gmail scrambled patch
>> or it is not.
>> can you try please ?
>>
> Expor
On Sun, Jul 5, 2020 at 12:28 PM Илья Шипицин wrote:
> does it clearly applies to current master ? either gmail scrambled patch
> or it is not.
> can you try please ?
>
Exporting the eml and running 'git am' it works cleanly.
I've reproduced the exact same output when copy-pasting from gmail. It
сб, 4 июл. 2020 г. в 11:13, Willy Tarreau :
> Hi,
>
> HAProxy 2.2-dev12 was released on 2020/07/04. It added 72 new commits
> after version 2.2-dev11.
>
> Yes, a 12th development release. But the good news is that it's just
> here to help with testing because we've finally managed to address the
>
сб, 4 июл. 2020 г. в 11:13, Willy Tarreau :
> Hi,
>
> HAProxy 2.2-dev12 was released on 2020/07/04. It added 72 new commits
> after version 2.2-dev11.
>
> Yes, a 12th development release. But the good news is that it's just
> here to help with testing because we've finally managed to address the
>
does it clearly applies to current master ? either gmail scrambled patch or
it is not.
can you try please ?
$ patch -p1 < 1.patch
patching file doc/configuration.txt
patching file include/haproxy/listener-t.h
Hunk #1 FAILED at 163.
1 out of 1 hunk FAILED -- saving rejects to file
include/haproxy/l
19 matches
Mail list logo
