Re: Reproducible CI build with OpenSSL and "latest" keyword

I think I got the idea. looks like you use the same github actions for stable branches. either I will manage to make them different or I will stick to 3.0.something. hopefully tomorrow вт, 6 дек. 2022 г. в 19:54, Илья Шипицин : > I recall I even promised to do something, but I

Re: Reproducible CI build with OpenSSL and "latest" keyword

I recall I even promised to do something, but I did not :-) automatically determine "which is latest 3.0.x" does not make much sense, it is stable branch, very conservative. we can stick to 3.0.7, for example. I do not expect any breaking change between 3.0.7 and 3.0.8 we can move "latest" to

[PATCH] spelling fixes

hello, yet another spelling patch. cheers, Ilya From c12cd6be4bc937b5d708e1bd646d732b5aae2cd6 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 30 Nov 2022 16:22:42 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 33rd iteration of typo fixes ---

Re: [ANNOUNCE] haproxy-2.7-dev9

as release is getting close, I've performed cppcheck analysis https://github.com/haproxy/haproxy/issues/1939 https://github.com/haproxy/haproxy/issues/1940 https://github.com/haproxy/haproxy/issues/1941 let me know, if it is noisy/useless, I'm fine with cdiscarding cppcheck issues (however, it

Re: [PATCH] fix spelling "choosen" --> "chosen"

Hello, can we settle it before 2.7 ? пн, 7 нояб. 2022 г. в 11:50, Willy Tarreau : > On Wed, Nov 02, 2022 at 10:43:49AM +0100, William Lallemand wrote: > > > > - if (!tp->choosen) > > > > + if (!tp->chosen) > > > > return; > > > > > > > > - chunk_appendf(b,

Re: [PATCH] CI: switch to LibreSSL-3.6.1, enable QUIC

gentle ping ср, 2 нояб. 2022 г. в 12:12, Илья Шипицин : > Hello, > > after LibreSSL-3.6.1 we can switch back the latest and enable QUIC. > > Ilya >

[PATCH] CI: switch to LibreSSL-3.6.1, enable QUIC

Hello, after LibreSSL-3.6.1 we can switch back the latest and enable QUIC. Ilya From 7f1940350856f078978f7d43ffd54c143484111a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 2 Nov 2022 11:59:37 +0500 Subject: [PATCH 2/2] CI: enable QUIC for LibreSSL builds since LibreSSL-3.6.x

[PATCH] fix spelling "choosen" --> "chosen"

Hello, I'm not sure how good is idea to fix variable names. if we want to keep as is, I'd setup spelling exclusion. Ilya From ac321fef557fac0b29073084ddd39071b8f4277b Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Tue, 1 Nov 2022 15:46:39 +0500 Subject: [PATCH] CLEANUP: replace "choosen"

[PATCH] spelling fixes

Hello, yet another spelling fix. Ilya From d6a14fe0c224e083a6226a985078f7e1acf11d03 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 29 Oct 2022 09:34:32 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 32nd iteration of typo fixes ---

Re: [PATCH] CI: monthly scheduled cross compile jobs

gentle ping вт, 18 окт. 2022 г. в 19:16, Илья Шипицин : > Hello, > > hope this will help to catch some regression. > > Ilya >

Re: coredump and traceback on the CI

чт, 20 окт. 2022 г. в 23:09, William Lallemand : > On Thu, Oct 20, 2022 at 10:51:23PM +0500, Илья Шипицин wrote: > > I would suggest to display vtest result failure only if vtest failed, > > haproxy/vtest.yml at master · haproxy/haproxy (github.com) > > < > https://gith

Re: coredump and traceback on the CI

I would suggest to display vtest result failure only if vtest failed, haproxy/vtest.yml at master · haproxy/haproxy (github.com) I doubt if there could be coredump together with successful vtest just curious,

[PATCH] CI: monthly scheduled cross compile jobs

Hello, hope this will help to catch some regression. Ilya From 90c8a08f627e62fb501ef214d4c1c6eccfef3c64 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Tue, 18 Oct 2022 19:13:45 +0500 Subject: [PATCH] CI: add monthly gcc cross compile jobs Build only gcc cross compile jobs are added with

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

There's an interesting case for OpenSSL-3.0, we do test it, but we run it in "relaxed" mode, while Ubuntu 22.04 and Fedora run it in SECLEVEL=2 mode. that will definitely change when "ubuntu-latest" become 22.04, but we should test it before вт, 18 окт. 2022 г. в 18:28, Илья

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

вт, 18 окт. 2022 г. в 17:40, William Lallemand : > On Tue, Oct 18, 2022 at 03:10:07PM +0500, Илья Шипицин wrote: > > > Sorry I didn't see the first commit that introduced this behavior. I'm > > > not sure we would want to replace the version automatically in the

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

вт, 18 окт. 2022 г. в 14:46, William Lallemand : > On Thu, Oct 13, 2022 at 08:54:38AM +0200, Willy Tarreau wrote: > > Hi Ilya, > > > > On Tue, Oct 11, 2022 at 12:18:40PM +0500, ??? wrote: > > > split patches attached. > > > > Sorry for the delay. Both applied now, thank you! > > Willy >

[PATCH] improve quictls build time

Hello, currently QuicTLS takes 3m40s disabling "tests" saves 40sec per build. cheers, Ilya From ab0b26d299c143a69ca32834f5044b498cc602d0 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 15 Oct 2022 09:55:49 +0500 Subject: [PATCH] BUILD: scripts: disable tests build on QuicTLS build

Re: HAProxy version is generated in bad way for forks

I bet that Tim builds haproxy as 2.5 :) [ilia@fedora .git]$ git describe --tags --match 'v*' --abbrev=0 | cut -c 2- 2.5-dev11 [ilia@fedora .git]$ чт, 13 окт. 2022 г. в 14:33, Илья Шипицин : > Hello, > > I'm running github fork https://github.com/chipitsine/haproxy > but only m

HAProxy version is generated in bad way for forks

Hello, I'm running github fork https://github.com/chipitsine/haproxy but only master branch is kept in sync (no tags) because of that, HAProxy version is generated in wrong way: HAProxy version 2.0-dev2-91b230-9208 2022/10/13 - https://haproxy.org/ that behaviour due to

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

split patches attached. Ilya вт, 11 окт. 2022 г. в 11:08, Willy Tarreau : > On Tue, Oct 11, 2022 at 10:27:20AM +0500, ??? wrote: > > I was in doubt whether to split it into 2 patches (because they touch > > single file), > > The principle to keep in mind is that you may want to change

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

I was in doubt whether to split it into 2 patches (because they touch single file), ok, I'll do that вт, 11 окт. 2022 г. в 10:19, Willy Tarreau : > Hi Ilya, > > On Sat, Oct 08, 2022 at 08:17:26PM +0500, ??? wrote: > > Hello, > > > > when OPENSSL_VERSION=latest (same for

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

I sent patch to the list and reported libressl regression: https://github.com/libressl-portable/portable/issues/792 сб, 8 окт. 2022 г. в 10:26, Илья Шипицин : > unfortunately, we have a bug. I'll fix it today > > [image: image.png] > > > чт, 6 окт. 2022 г. в 14:07, Илья Шипиц

[PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

Hello, when OPENSSL_VERSION=latest (same for LIBRESSL_VERSION=latest) was introduced, I made a mistake, and resolved version was generated as OPENSSL=3.0.5 which makes no sense to build-ssl.sh, proper version should have been OPENSSL_VERSION=3.0.5 temporarily we stick to LIBRESSL=3.5.3, because

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

unfortunately, we have a bug. I'll fix it today [image: image.png] чт, 6 окт. 2022 г. в 14:07, Илья Шипицин : > > > чт, 6 окт. 2022 г. в 14:03, William Lallemand : > >> On Thu, Oct 06, 2022 at 08:46:08AM +0500, Илья Шипицин wrote: >> > libressl-3.6.0 was released

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

чт, 6 окт. 2022 г. в 14:03, William Lallemand : > On Thu, Oct 06, 2022 at 08:46:08AM +0500, Илья Шипицин wrote: > > libressl-3.6.0 was released yesterday > > > > [image: image.png] > > > > > > hopefully, github pipeline will pick it on the next build (

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

libressl-3.6.0 was released yesterday [image: image.png] hopefully, github pipeline will pick it on the next build (it tries to pick latest available). we can modify github pipeline to use quic for libressl builds чт, 15 сент. 2022 г. в 13:54, William Lallemand : > On Thu, Sep 15, 2022 at

Re: Health Checks and DNS lookups in stopping processes

пн, 19 сент. 2022 г. в 20:47, Tim Düsterhus : > Hi > > recently our HAProxy nodes started handling long-running HTTP > connections (similar to WebSockets). This causes old workers to stay > around for several days after a reload. > > This isn't too bad from a memory perspective, we have

[PATCH] cirrus-ci: bump FreeBSD image to 13.1

Hello, as we install freebsd binary packages, we need to bump image from time to time to match prebuilt packages. Ilya From 2692f43317e6c2812cfeb9dc9ddf9414700dfe79 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 8 Sep 2022 21:45:16 +0500 Subject: [PATCH] CI: cirrus-ci: bump FreeBSD

Re: Warnings with gcc 12.2.0 ... is the community interested in those, or already aware?

пн, 5 сент. 2022 г. в 13:48, Tim Düsterhus : > Shawn, > > On 9/5/22 06:04, Shawn Heisey wrote: > > I have a secondary system running Ubuntu 22.10 (kinetic). It has gcc > > 12.2.0 installed. Building haproxy on that system results in a small > > number of warnings. It does build. > > > > Is

Re: SSL Certificate

Dear Vahe, that website provides some non confidential documentation. neither it asks you for login/password or payment details. there's nothing wrong with http on such websites. Ilya чт, 1 сент. 2022 г. в 19:33, V N : > Hi, My name is Vahe, > I'm DevOps Egnineer security researcher, your

most probably next LibreSSL release will come with ... QUIC

Hello, Provide the remaining QUIC API. · libressl-portable/openbsd@635aa39 (github.com) Ilya

Re: [PATCH] CI: enable weekly "m32" builds

пн, 1 авг. 2022 г. в 22:40, Tim Düsterhus : > Ilya, > > On 7/29/22 20:25, Илья Шипицин wrote: > > not sure. it is not 32 bit, it is 32 bit built on x86_64. > > but I'm fine with "32 Bits" > > > > My understanding is that the primary thing that this t

[PATCH] spell fixes

Hello, yet another spell fixes. Ilya From ce1dc66eeb1ab7e73426c0fa41dbb6e7655ce951 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 6 Aug 2022 23:01:00 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 32nd iteration of typo fixes ---

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

I accidently lost "-E' flag on grep. follow up patch attached. сб, 6 авг. 2022 г. в 21:50, Илья Шипицин : > > > сб, 6 авг. 2022 г. в 20:59, Willy Tarreau : > >> On Sat, Aug 06, 2022 at 05:48:56PM +0200, Willy Tarreau wrote: >> > On Fri, Jul 29, 2022 at 09:3

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

сб, 6 авг. 2022 г. в 20:59, Willy Tarreau : > On Sat, Aug 06, 2022 at 05:48:56PM +0200, Willy Tarreau wrote: > > On Fri, Jul 29, 2022 at 09:37:46PM +0500, ??? wrote: > > > gentle ping > > > > Sorry Ilya, but William is in vacation right now. Since I don't think > > there's any risk with

Re: [PATCH] CI: enable weekly "m32" builds

пт, 29 июл. 2022 г. в 22:48, Tim Düsterhus : > Ilya, > > On 7/29/22 18:53, Илья Шипицин wrote: > > another exotic (but hopefully useful) CI job. > > > > In the first patch you have an indentation mixup. The script uses > spaces, but the modified line now uses ta

[PATCH] speling fixes

Hello, yet another spell check fiexs. Ilya From fa2f99b1b2e5b30987db9eba77e1a59479610915 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 29 Jul 2022 22:26:53 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 31st iteration of typo fixes ---

[PATCH] CI: enable weekly "m32" builds

Hello, another exotic (but hopefully useful) CI job. Ilya From d6185a3e972c0e04d86e8b7ddc075a08d115031a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 29 Jul 2022 21:42:12 +0500 Subject: [PATCH 1/2] BUILD: SSL: allow to pass additional configure args to QUICTLS this allows to pass

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

gentle ping вс, 24 июл. 2022 г. в 00:12, Илья Шипицин : > Hello, > > Ubuntu 22.04 is shipped with "openssl" command line 3.0.5, also SECLEVEL=2 > is set by default. > > "SECLEVEL=2" has uncovered an interesting issue with DH length, which was > set t

Re: Docker image 2.5.8

Bob, there are several haproxy images, for example "haproxytech": haproxytech's Profile | Docker Hub (and many others) please tell us which image are you talking about? вт, 26 июл. 2022 г. в 01:48, Tim Düsterhus : > Bob, > > On 7/25/22 22:40, Stevenson,

[PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

Hello, Ubuntu 22.04 is shipped with "openssl" command line 3.0.5, also SECLEVEL=2 is set by default. "SECLEVEL=2" has uncovered an interesting issue with DH length, which was set to 1024 for EC keys. While better strategy for DH on EC keys needs to be discussed, let us set it to configured dh

Re: [PR] Fix -v flag usage with install(1) on OpenBSD/NetBSD/Solaris/AIX

I wonder how do NetBSD/OpenBSD ports work, do they use their own "install" invocation instead of "make install" ? shouldn't they switch to "make install" ? пт, 15 июл. 2022 г. в 10:25, PR Bot : > Dear list! > > Author: Brad Smith > Number of patches: 1 > > This is an automated relay of the

Re: Thoughts on QUIC/HTTP3

ср, 6 июл. 2022 г. в 19:11, Shawn Heisey : > On 5/31/22 08:16, Amaury Denoyelle wrote: > > Thanks for your continuing your journey on HTTP/3 :) > > Yesterday I pulled down the haproxy 2.6 and quictls git repos. The > branch for quictls was openssl-3.0.4+quic. I built and installed > quictls and

Re: running SECLEVEL=2 for OpenSSL-3.0 tests ?

вт, 5 июл. 2022 г. в 11:56, William Lallemand : > On Tue, Jul 05, 2022 at 11:15:25AM +0500, Илья Шипицин wrote: > > I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and > > SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) > > > >

running SECLEVEL=2 for OpenSSL-3.0 tests ?

I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) test · chipitsine/haproxy@1d69992 (github.com) ssl - What could

[PATCH] CI: enable gcc asan builds

Hello, let us run asan for gcc as well. Ilya From 51912b2f8e28b1906a0016283b59311d1dda2da1 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 2 Jul 2022 10:30:28 +0500 Subject: [PATCH] CI: re-enable gcc asan builds for some unclear reasons asan builds were limited to clang only. let us

Re: Configuration in a database

there are few external tools for config provisioning, what comes to mind ... (*) consul templates consul-template/haproxy.md at main · hashicorp/consul-template (github.com) (*) dataplane api haproxytech/dataplaneapi:

QUIC / Chrome sudden timeouts

there were interesting investigation on nginx mailing list Re: nginxQuic: медленный ответ от сервера. my translation: *What was found so far. Issue is located on Chrome/QUICHE side when EarlyData + HelloRetryRequest are bundled.

Re: grooming IUS haproxy packages

ср, 1 июн. 2022 г. в 18:17, William Lallemand : > On Wed, Jun 01, 2022 at 09:50:20AM +0500, Илья Шипицин wrote: > > Hello, > > > > I created couple of PRs > > > > HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20 > > (github.com) <ht

Re: What does HAProxy do?

< tdtemc...@gmail.com>: > Dear Ilya, > > We have a Software BOM list. > > HAProxy is among many commercial and open source software in the list. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individual in Singapore > > On Wed, 25 May 2022 at

grooming IUS haproxy packages

Hello, I created couple of PRs HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20 (github.com) HAProxy 2.2.24 by chipitsine · Pull Request #21 · iusrepo/haproxy22 (github.com) 2.0 and

Re: how to install on RHEL7 and 8

вт, 31 мая 2022 г. в 13:09, William Lallemand : > Hello Ryan, > > On Thu, May 26, 2022 at 01:28:58PM -0500, Ryan O'Hara wrote: > > > > I am the maintainer for all the Red Hat and Fedora packages. Feel free to > > ask questions here on the mailing list or email me directly. > > > > I try to keep

Re: Thoughts on QUIC/HTTP3

пн, 30 мая 2022 г. в 00:56, Shawn Heisey : > On 5/29/2022 12:49 PM, Илья Шипицин wrote: > > roundcube runs automatic browser tests > > > > > https://github.com/roundcube/roundcubemail/runs/6642129873?check_suite_focus=true > > > > I think we can try to run thos

Re: Thoughts on QUIC/HTTP3

вс, 29 мая 2022 г. в 23:40, Shawn Heisey : > On 4/29/2022 10:10 AM, Shawn Heisey wrote: > > I did a build and install this morning, a bunch of quic-related > > changes in that. Now everything seems to be working on my paste > > site. Large pastes work, and I can reload the page a ton of times >

Re: how to install on RHEL7 and 8

3:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't think OBS is relevant for this case, the documentation is poor > and it's complicated to contribute to a

Re: how to install on RHEL7 and 8

чт, 26 мая 2022 г. в 16:08, William Lallemand : > Ilya, > > On Thu, May 26, 2022 at 03:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't th

Re: how to install on RHEL7 and 8

чт, 26 мая 2022 г. в 16:08, William Lallemand : > Ilya, > > On Thu, May 26, 2022 at 03:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't th

Re: how to install on RHEL7 and 8

I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora COPR, and I can try OBS). if I will not come back in next couple of weeks, that means I did not find a time. ср, 25 мая 2022 г. в 20:52, William Lallemand : > On Tue, May 24, 2022 at 08:56:14PM +, Alford, Mark wrote: >

Re: What does HAProxy do?

Hello, Turritopsis! Please tell us how you found that your organization is using HAProxy. Ilya вт, 24 мая 2022 г. в 18:04, Turritopsis Dohrnii Teo En Ming < tdtemc...@gmail.com>: > Subject: What does HAProxy do? > > Good day from Singapore, > > I notice that my company/organization uses

Re: [PR] chore: Included githubactions in the dependabot config

in theory, this flow might be evolved 1) currently there's automation which closes every PR. automation is hidden somewhere and only few people can modify it 2) the same automation might be implemented using Github Actions (closing PR, sending email to list, etc), and there's a space for

Re: [ANNOUNCE] haproxy-2.6-dev11

вт, 24 мая 2022 г. в 10:47, Willy Tarreau : > Hi Ilya, > > On Tue, May 24, 2022 at 09:53:01AM +0500, ??? wrote: > > Hello, > > > > can we please address https://github.com/haproxy/haproxy/issues/1585 > before > > final 2.6 ? > > I thought it was since I replied it was an FP but OK, I

Re: [ANNOUNCE] haproxy-2.6-dev11

Hello, can we please address https://github.com/haproxy/haproxy/issues/1585 before final 2.6 ? Ilya сб, 21 мая 2022 г. в 13:11, Willy Tarreau : > Hi, > > HAProxy 2.6-dev11 was released on 2022/05/20. It added 106 new commits > after version 2.6-dev10. > > Yes, there were still too many changes

[PATCH] CI: determine actual OpenSSL version dynamically

Hello, another small improvement, this change introduce "OPENSSL_VERSION=latest" semantic. Ilya From 0ba9b1a7791f8894b1d2061914f7e2b613785775 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 20 May 2022 23:02:38 +0500 Subject: [PATCH] CI: determine actual OpenSSL version dynamically

Re: Paid feature development: TCP stream compression

> Mark > On 20/05/2022 10:12, Илья Шипицин wrote: > > in theory, you can try OpenVPN with compression enabled. > or maybe stunnel with compression stunnel TLS Proxy > <https://www.stunnel.org/static/stunnel.html> > > пт, 20 мая 2022 г. в 13:59, Mark Zealey : >

Re: Paid feature development: TCP stream compression

CP to backend servers > > We don't have any other implementation of this, at the moment it is just > an idea we would like to implement. > > Mark > > > On 20/05/2022 09:54, Илья Шипицин wrote: > > isn't it SSL encapsulated ? how is compression is supposed to work in >

Re: Paid feature development: TCP stream compression

isn't it SSL encapsulated ? how is compression is supposed to work in details ? any other implementation to look at ? чт, 19 мая 2022 г. в 21:32, Mark Zealey : > Hi there, > > We are using HAProxy to terminate and balance TCP streams (XMPP) between > our apps and our service infrastructure. We

Re: Observing low test-suite coverage

k, can we review this sometimes ? )) I'd like to set automatic coverage after that. ср, 23 февр. 2022 г. в 15:44, Tim Düsterhus : > Willy, > > On 2/23/22 11:43, Илья Шипицин wrote: > > Willy, can you please apply patch from Tim (below) ? > > No, please don't. This p

[PATCH] CI: determine actual LibreSSL version dynamically

Hello, let us introduce "LIBRESSL_VERSION=latest" semantic. Ilya From da2b295f45ecc6d99559ef147569514816ad6f7c Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 13 May 2022 21:59:38 +0500 Subject: [PATCH] CI: determine actual LibreSSL version dynamically this change introduce

[PATCH] CI: dynamically determine actual h2spec version

Hi, small improvement, no need to use hardcoded version. Ilya From e3e4f129c7d7a56955133a29bedced021bf624a6 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 5 May 2022 15:15:12 +0500 Subject: [PATCH] CI: dynamically determine actual version of h2spec previously we used hardcoded h2spec

Re: valgrind follow up

пт, 29 апр. 2022 г. в 17:39, Willy Tarreau : > Hi Ilya, > > On Fri, Apr 29, 2022 at 04:35:03PM +0500, ??? wrote: > > Hello, > > > > I added sample in my branch: CI: github actions: add valgrind smoke > tests · > > chipitsine/haproxy@7cd7f4a > > < >

valgrind follow up

Hello, I added sample in my branch: CI: github actions: add valgrind smoke tests · chipitsine/haproxy@7cd7f4a here's its run: VTest · chipitsine/haproxy@7cd7f4a (github.com)

[PATCH] CI: minor LibreSSL update 3.5.1 --> 3.5.2

Hello, small patch to sync with current LibreSSL release Ilya From 425d2810e8b2b9288c3abbb05fefacf5e9044b9d Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 28 Apr 2022 11:46:53 +0500 Subject: [PATCH] CI: github actions: update LibreSSL to 3.5.2 LibreSSL-3.5.2 was released on Apr 23nd

[PATCH] move missing function definition to openssl-compat.h

Hello, small cleanup patch. Ilya From 637f02dc75a68bf40d30cb78d4e021551d323d90 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 23 Apr 2022 23:07:26 +0500 Subject: [PATCH] CLEANUP: move ssl_sock_load_ocsp definition to openssl-compat.h literally it removes one "ifdef" and moves

Re: [ANNOUNCE] haproxy-2.6-dev6

сб, 16 апр. 2022 г. в 22:40, Willy Tarreau : > Hi Ilya, > > On Sat, Apr 16, 2022 at 10:08:58PM +0500, ??? wrote: > > ??, 16 ???. 2022 ?. ? 19:07, Willy Tarreau : > > > > > Hi, > > > > > > HAProxy 2.6-dev6 was released on 2022/04/16. It added 150 new commits > > > after version 2.6-dev5.

Re: [ANNOUNCE] haproxy-2.6-dev6

сб, 16 апр. 2022 г. в 19:07, Willy Tarreau : > Hi, > > HAProxy 2.6-dev6 was released on 2022/04/16. It added 150 new commits > after version 2.6-dev5. > can we schedule those coverity findings before 2.6 ? src/haproxy.c: unintentional integer overflow suspected by coverity · Issue #1585 ·

Re: HTTP/3 -- POST requests not working

Shawn, I wonder if there a test suite similar to h2check (which is http2 and hpack). I saw some quic conformance test reported on release notes, but it seem did not catch POST issue. Should we try to report to them? On Tue, Apr 12, 2022, 4:45 AM Shawn Heisey wrote: > On 4/11/2022 4:51 PM,

Re: [ANNOUNCE] haproxy-2.6-dev5

Hello, can we pay some attention to cppcheck findings before 2.6 ? https://github.com/haproxy/haproxy/issues/1184 I found cppcheck somewhat useful (and somewhat noisy as well, but cppcheck folks are really friendly on fixing false positives). сб, 9 апр. 2022 г. в 17:00, Willy Tarreau : > Hi, >

[PATCH] CI: cirrus: update freebsd image to the actual 13.0 version

Hello, small cirrus-ci patch Ilya From 17e3719e05a04b3064b2783ef89cc7bc7c3524e9 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Mon, 11 Apr 2022 22:25:35 +0500 Subject: [PATCH] CI: cirrus: switch to FreeBSD-13.0 we use outdated FreeBSD-12.2, which is outdated, let us update to the actual

[PATCH] doc: adjust QUICTLS part

Hello, small fix for guide how to build QUICTLS Ilya From 3ffd8d1b8d54f5dccd04d2cee6069e2d89d249ec Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 10 Apr 2022 12:09:31 +0500 Subject: [PATCH] DOC: adjust QUIC instruction in INSTALL enable-tls1_3 is default, no need to specify it. make

Re: QUIC and HTTP/3

сб, 9 апр. 2022 г. в 21:20, Shawn Heisey : > On 4/9/2022 3:30 AM, Willy Tarreau wrote: > > On Sat, Apr 09, 2022 at 09:21:31AM +0500, ??? wrote: > >> there are missing bits ... > >> https://github.com/haproxy/haproxy/blob/master/INSTALL#L392 > > Yep and it does work, as I've applied it

Re: QUIC and HTTP/3

there are missing bits ... https://github.com/haproxy/haproxy/blob/master/INSTALL#L392 сб, 9 апр. 2022 г. в 03:40, Shawn Heisey : > I've been trying to figure out a way to get haproxy doing QUIC. If I > add USE_QUIC=1 then compiling fails on the latest code for both 2.4 and > 2.5. > > I may

Re: Mailing domain is vulnerable and email can be spoofable due Vulnerable DMARC Record

I wouldf also suggest BIMI record ( https://mailchimp.com/marketing-glossary/bimi/ ) to have recognizable logo in major email systems. (maybe for "haproxy.com" as well ) Ilya чт, 7 апр. 2022 г. в 17:11, Willy Tarreau : > Hello, > > On Sat, Apr 02, 2022 at 03:46:58AM +0500, Arslan Kabeer wrote:

Re: [PATCH]: BUILD/MINOR: ssl openssl 3 warning fix

ср, 6 апр. 2022 г. в 14:08, William Lallemand : > On Wed, Apr 06, 2022 at 09:45:02AM +0100, David CARLIER wrote: > > > I recall there is a openssl3 port ongoing perhaps ? > > > > I was trying to see if the said 3.x portage work is close to be merged > > to master then yes my patch is useless. > >

[PATCH] CI: update OpenSSL from 3.0.1 to 3.0.2

Hello, minor openssl update in CI. Ilya From ef50b14a80b0a54e4d71688e19bb91369fdbf5a7 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 27 Mar 2022 10:51:51 +0500 Subject: [PATCH] CI: github actions: update OpenSSL to 3.0.2 --- .github/matrix.py | 2 +- 1 file changed, 1 insertion(+),

Re: [*EXT*] [ANNOUNCE] haproxy-2.6-dev4

сб, 26 мар. 2022 г. в 22:23, Ionel GARDAIS : > Thanks Willy for these updates. > > While skimming the result on the interop website, I was surprised that > haproxy is always more than 50% slower than its competitor. > Is it because you've enable lots of traces as part of your debugging > process

Re: CI caching improvement

пт, 18 мар. 2022 г. в 15:32, William Lallemand : > On Wed, Mar 16, 2022 at 09:31:56AM +0100, Tim Düsterhus wrote: > > Willy, > > > > On 3/8/22 20:43, Tim Düsterhus wrote: > > >> Yes my point was about VTest. However you made me think about a very > good > > >> reason for caching haproxy builds as

[PATCH] CI: switch to LibreSSL-3.5.1

Hello, as LibreSSL-3.5.1 is released, let us switch to the most recent release. thanks, Ilya From 7e85be757646d4bd788bfccd74146d317c5595bb Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 16 Mar 2022 12:10:47 +0500 Subject: [PATCH] CI: github actions: switch to LibreSSL-3.5.1 ---

Re: CI caching improvement

script/build-vtest.sh was/is reused for cirrus,travis On Wed, Mar 9, 2022, 12:05 AM Tim Düsterhus wrote: > William, > > On 3/8/22 16:06, William Lallemand wrote: > > Let me know if we can improve the attached patch, otherwise I'll merge > > it. > > > > Let me make a competing proposal that: > >

Re: CI caching improvement

вт, 8 мар. 2022 г. в 21:13, William Lallemand : > On Tue, Mar 08, 2022 at 08:38:00PM +0500, Илья Шипицин wrote: > > > > I'm fine with swapping "vtest" <--> "haproxy" order. > > > > Ok, I can do that. > > > also, I do not think cur

Re: CI caching improvement

I thought to build "vtest" just once and deliver using artifacts to all jobs. It will save some electricity, also GitHub sometimes throw 429 when we download "vtest" in too many parallel ways. however, it will not speed up, so I postoned that idea (something like that

Re: Observing low test-suite coverage

Willy, can you please apply patch from Tim (below) ? пт, 4 февр. 2022 г. в 03:06, Tim Düsterhus : > Hugo, > > On 1/25/22 13:13, Hugo Lefeuvre wrote: > > We are wondering if this is caused by our measurement approach (gcov, > > passing -fprofile-arcs -ftest-coverage in the CFLAGS and -lgcov to >

Re: [PATCH] fix guarding when OPENSSL_NO_DH is set

пн, 14 февр. 2022 г. в 14:36, William Lallemand : > > Hello Ilya, > > > Subject: [PATCH 1/2] BUILD: SSL: fix guarding when OpenSSL is built with > > OPENSSL_NO_DH > > > > some parts of the code support OPENSSL_NO_DH macro, but other do not. > > let us add wherever appropriate > > > I can't apply

[PATCH] fix guarding when OPENSSL_NO_DH is set

Hello, small fix for OPENSSL_NO_DH and weekly CI job. Ilya From 8ccbc7a3fdad681bbdad17d337ba6b86fa038b43 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 12 Feb 2022 21:28:49 +0500 Subject: [PATCH 2/2] CI: github actions: add weekly build with OPENSSL_NO_DH set ---

Re: haproxy in windows

we build for cygwin in CI Actions · haproxy/haproxy (github.com) however, we do not run tests, also not sure about performance. cygwin is considered experimental, I doubt anybody uses it in production чт, 10 февр. 2022 г. в

Re: [PATCH] CI: enable QUIC for Coverity scan

gentle ping ср, 2 февр. 2022 г. в 10:27, Илья Шипицин : > Hello, > > since QUIC is first class citizen, let us scan it in code analysis. > > > Ilya >

Re: Re: Re: [PATCH] get BoringSSL back to the game

as you already suggested "best effort" support policy, it should not require your time. am I correct ? пт, 4 февр. 2022 г. в 23:47, William Lallemand : > On Fri, Feb 04, 2022 at 11:02:24PM +0500, Илья Шипицин wrote: > > пт, 4 февр. 2022 г. в 19:16, William Lallemand : >

Re: Re: [PATCH] get BoringSSL back to the game

пт, 4 февр. 2022 г. в 19:16, William Lallemand : > On Fri, Feb 04, 2022 at 11:52:06AM +0100, William Lallemand wrote: > > > > I just tried to build with the latest boringSSL version, the problem is > > on our side: > > > > We are defining X509_OBJECT_get0_X509_CRL() because it does not exist in >

Re: Observing low test-suite coverage

ср, 2 февр. 2022 г. в 21:54, Hugo Lefeuvre : > Hi, > > On Mon, Jan 31, 2022 at 02:25:39PM +0500, Илья Шипицин wrote: > > can you share details how did you invoked "gcov" ? > > I tried to make it work recently chipitsine/haproxy | Coveralls - Test > > Cov

Re: [EXTERNAL] [PATCH] get BoringSSL back to the game

ср, 2 февр. 2022 г. в 21:51, Frederic Lecaille : > On 1/31/22 6:22 AM, Илья Шипицин wrote: > > Hello, > > > > 0001 .. 0003 are "pre QUIC" patches > > 0004 .. 0006 are most questionable QUIC part > > 0007 is very simple > > > &g

[PATCH] CI: enable QUIC for Coverity scan

Hello, since QUIC is first class citizen, let us scan it in code analysis. Ilya From dd316a69698299f0bfc5ec7a86133f83dc1061a3 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 2 Feb 2022 10:24:58 +0500 Subject: [PATCH] CI: enable QUIC for Coverity scan ---

<    1   2   3   4   5   6   7   8   9   10   >