Corrected build instructions attached. openssl-2.2.2.2 should be haproxy-2.2.3.
Regards,
Bruno
apt-debuild
Description: Binary data
Hi,
> I take it that means theres no internal debug logging for the tls errors that
> we can just expose via logfile?
Proof of concept patches are attached with build instructions. You may wish to
edit the haproxy-2.2.3/rules/debian folder to increase the -j setting to your
current number of
On Wed, Sep 09, 2020 at 10:03:29PM +0200, Vincent Bernat wrote:
> ? 9 septembre 2020 19:31 +02, Willy Tarreau:
>
> >> Feel free to pick this patch if that helps for your builds, I'm going
> >> to backport it to 2.2 once all platforms are happy.
> >
> > All builds are OK now, the commit was
Thank you Willy!
A
On Wed, Sep 9, 2020 at 1:31 PM Willy Tarreau wrote:
> On Wed, Sep 09, 2020 at 07:20:17PM +0200, Willy Tarreau wrote:
> > Feel free to pick this patch if that helps for your builds, I'm going
> > to backport it to 2.2 once all platforms are happy.
>
> All builds are OK now,
❦ 9 septembre 2020 19:31 +02, Willy Tarreau:
>> Feel free to pick this patch if that helps for your builds, I'm going
>> to backport it to 2.2 once all platforms are happy.
>
> All builds are OK now, the commit was backported to 2.2 and the patch
> can be retrieved here:
>
>
> > That seems strange indeed but looking at the code that's what I'm
> > seeing. Was your access to ssl_fc_has_early placed before or after the
> > rule above ? If it's after it must indeed report false.
fetcher is placed before the rule
> > I seem to remember there was one but can't find it,
On Wed, Sep 09, 2020 at 07:20:17PM +0200, Willy Tarreau wrote:
> Feel free to pick this patch if that helps for your builds, I'm going
> to backport it to 2.2 once all platforms are happy.
All builds are OK now, the commit was backported to 2.2 and the patch
can be retrieved here:
On Wed, Sep 09, 2020 at 05:49:50PM +0200, Willy Tarreau wrote:
> On Wed, Sep 09, 2020 at 05:40:05PM +0200, Vincent Bernat wrote:
> > ? 9 septembre 2020 16:58 +02, Willy Tarreau:
> >
> > > Ah I'm really angry because I tested on many platforms, *including* armhf,
> > > but now I'm not seeing it,
On Wed, Sep 09, 2020 at 05:43:08PM +0200, Olivier Houchard wrote:
> > I seem to remember there was one but can't find it, so I may have been
> > confused. With this said, it doesn't provide a big information since
> > once the handshake is completed, it's exactly identical to a regular
> > one.
On Wed, Sep 09, 2020 at 05:40:05PM +0200, Vincent Bernat wrote:
> ? 9 septembre 2020 16:58 +02, Willy Tarreau:
>
> > Ah I'm really angry because I tested on many platforms, *including* armhf,
> > but now I'm not seeing it, so either I failed on one test or it depends
> > on the compiler
It is not cross-built. Debian builds armhf from arm64 builders. It seems
Ubuntu is also using arm64 hardware to build armhf.
An alternative that could work is to use QEMU user emulation. You can
directly use "qemu-debootstrap --arch=armhf" to get a working chroot.
--
Format a program to help the
On Wed, Sep 09, 2020 at 05:35:28PM +0200, Willy Tarreau wrote:
> On Wed, Sep 09, 2020 at 04:57:58PM +0200, William Dauchy wrote:
> > > I think it's not easy to reproduce these tests, you need a high enough
> > > latency between haproxy and the client so that the handshake is not
> > > already
❦ 9 septembre 2020 16:58 +02, Willy Tarreau:
> Ah I'm really angry because I tested on many platforms, *including* armhf,
> but now I'm not seeing it, so either I failed on one test or it depends
> on the compiler combination :-(
I am getting it on Debian Unstable (gcc 10.2.0, glibc 2.31),
how do you build armh ? can you share details ?
if that's cross build, we can easily add to github actions, for example.
unfortunately, it is hard to get armh native CI.
ср, 9 сент. 2020 г. в 20:01, Willy Tarreau :
> On Tue, Sep 08, 2020 at 11:47:25PM +0200, Vincent Bernat wrote:
> > ? 8
On Wed, Sep 09, 2020 at 04:57:58PM +0200, William Dauchy wrote:
> > I think it's not easy to reproduce these tests, you need a high enough
> > latency between haproxy and the client so that the handshake is not
> > already completed when you evaluate the rule, and of course you need
> > to make
On Tue, Sep 08, 2020 at 11:47:25PM +0200, Vincent Bernat wrote:
> ? 8 septembre 2020 16:13 -04, Alex Evonosky:
>
> > Just compiling 2.2.3 and getting this reference:
> >
> >
> > /haproxy-2.2.3/src/thread.c:212: undefined reference to
> > `_Unwind_Find_FDE'
>
> I am getting the same issue on
Hello Willy,
Thank you for your answer,
On Wed, Sep 9, 2020 at 4:39 PM Willy Tarreau wrote:
> If I remember well, the principle consists in detecting whether or not
> the request was received using TLS early data (0-rtt) before the handshake
> was completed. The problem is that early data may
Hi William!
On Wed, Sep 09, 2020 at 12:02:03PM +0200, William Dauchy wrote:
> On Wed, Sep 9, 2020 at 10:48 AM William Dauchy wrote:
> > I'm trying to understand `ssl_fc_has_early` fetcher behavior as I'm
> > unable to find a single request where it returns 1.
>
> (sorry, forgot to mention, all
On Wed, Sep 9, 2020 at 10:48 AM William Dauchy wrote:
> I'm trying to understand `ssl_fc_has_early` fetcher behavior as I'm
> unable to find a single request where it returns 1.
(sorry, forgot to mention, all of these tests were done on v2.2.x)
--
William
On Tue, 8 Sep 2020 at 12:39, Teo Klestrup Röijezon
wrote:
>
> Hey Willy, sorry about the delay.. managed to get sick right after that stuff.
>
> > I don't understand what you mean here in that it does not make sense to
> > you. Actually it's not even about overriding verifyhost, it's more that
>
Hello,
I'm trying to understand `ssl_fc_has_early` fetcher behavior as I'm
unable to find a single request where it returns 1.
Our config has 0rtt enabled and it is as follow:
```
global
log 127.0.0.1 format rfc5424 local0 info
daemon
stats socket /var/lib/haproxy/stats level admin
Badari,
Am 09.09.20 um 04:10 schrieb Badari Prasad:
> Hi Admin,
> Need help here , not sure if my mails to the mailing lists are being
> blocked. Can you kindly check.
>
I am not the Admin, but I can confirm that your emails reach the list
just fine. You can easily check yourself using the
22 matches
Mail list logo