Re: Observing low test-suite coverage

k, can we review this sometimes ? )) I'd like to set automatic coverage after that. ср, 23 февр. 2022 г. в 15:44, Tim Düsterhus : > Willy, > > On 2/23/22 11:43, Илья Шипицин wrote: > > Willy, can you please apply patch from Tim (below) ? > > No, please don'

[PATCH] CI: determine actual LibreSSL version dynamically

Hello, let us introduce "LIBRESSL_VERSION=latest" semantic. Ilya From da2b295f45ecc6d99559ef147569514816ad6f7c Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 13 May 2022 21:59:38 +0500 Subject: [PATCH] CI: determine actual LibreSSL version dynamically this change introduce "LIBRESSL_V

[PATCH] CI: dynamically determine actual h2spec version

Hi, small improvement, no need to use hardcoded version. Ilya From e3e4f129c7d7a56955133a29bedced021bf624a6 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 5 May 2022 15:15:12 +0500 Subject: [PATCH] CI: dynamically determine actual version of h2spec previously we used hardcoded h2spec

Re: valgrind follow up

пт, 29 апр. 2022 г. в 17:39, Willy Tarreau : > Hi Ilya, > > On Fri, Apr 29, 2022 at 04:35:03PM +0500, ??? wrote: > > Hello, > > > > I added sample in my branch: CI: github actions: add valgrind smoke > tests · > > chipitsine/haproxy@7cd7f4a > > < > https://github.com/chipitsine/haproxy/co

valgrind follow up

Hello, I added sample in my branch: CI: github actions: add valgrind smoke tests · chipitsine/haproxy@7cd7f4a here's its run: VTest · chipitsine/haproxy@7cd7f4a (github.com)

[PATCH] CI: minor LibreSSL update 3.5.1 --> 3.5.2

Hello, small patch to sync with current LibreSSL release Ilya From 425d2810e8b2b9288c3abbb05fefacf5e9044b9d Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 28 Apr 2022 11:46:53 +0500 Subject: [PATCH] CI: github actions: update LibreSSL to 3.5.2 LibreSSL-3.5.2 was released on Apr 23nd 2

[PATCH] move missing function definition to openssl-compat.h

Hello, small cleanup patch. Ilya From 637f02dc75a68bf40d30cb78d4e021551d323d90 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 23 Apr 2022 23:07:26 +0500 Subject: [PATCH] CLEANUP: move ssl_sock_load_ocsp definition to openssl-compat.h literally it removes one "ifdef" and moves missing

Re: [ANNOUNCE] haproxy-2.6-dev6

сб, 16 апр. 2022 г. в 22:40, Willy Tarreau : > Hi Ilya, > > On Sat, Apr 16, 2022 at 10:08:58PM +0500, ??? wrote: > > ??, 16 ???. 2022 ?. ? 19:07, Willy Tarreau : > > > > > Hi, > > > > > > HAProxy 2.6-dev6 was released on 2022/04/16. It added 150 new commits > > > after version 2.6-dev5. >

Re: [ANNOUNCE] haproxy-2.6-dev6

сб, 16 апр. 2022 г. в 19:07, Willy Tarreau : > Hi, > > HAProxy 2.6-dev6 was released on 2022/04/16. It added 150 new commits > after version 2.6-dev5. > can we schedule those coverity findings before 2.6 ? src/haproxy.c: unintentional integer overflow suspected by coverity · Issue #1585 · haprox

Re: HTTP/3 -- POST requests not working

Shawn, I wonder if there a test suite similar to h2check (which is http2 and hpack). I saw some quic conformance test reported on release notes, but it seem did not catch POST issue. Should we try to report to them? On Tue, Apr 12, 2022, 4:45 AM Shawn Heisey wrote: > On 4/11/2022 4:51 PM, Shawn

Re: [ANNOUNCE] haproxy-2.6-dev5

Hello, can we pay some attention to cppcheck findings before 2.6 ? https://github.com/haproxy/haproxy/issues/1184 I found cppcheck somewhat useful (and somewhat noisy as well, but cppcheck folks are really friendly on fixing false positives). сб, 9 апр. 2022 г. в 17:00, Willy Tarreau : > Hi, >

[PATCH] CI: cirrus: update freebsd image to the actual 13.0 version

Hello, small cirrus-ci patch Ilya From 17e3719e05a04b3064b2783ef89cc7bc7c3524e9 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Mon, 11 Apr 2022 22:25:35 +0500 Subject: [PATCH] CI: cirrus: switch to FreeBSD-13.0 we use outdated FreeBSD-12.2, which is outdated, let us update to the actual re

[PATCH] doc: adjust QUICTLS part

Hello, small fix for guide how to build QUICTLS Ilya From 3ffd8d1b8d54f5dccd04d2cee6069e2d89d249ec Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 10 Apr 2022 12:09:31 +0500 Subject: [PATCH] DOC: adjust QUIC instruction in INSTALL enable-tls1_3 is default, no need to specify it. make "

Re: QUIC and HTTP/3

сб, 9 апр. 2022 г. в 21:20, Shawn Heisey : > On 4/9/2022 3:30 AM, Willy Tarreau wrote: > > On Sat, Apr 09, 2022 at 09:21:31AM +0500, ??? wrote: > >> there are missing bits ... > >> https://github.com/haproxy/haproxy/blob/master/INSTALL#L392 > > Yep and it does work, as I've applied it as-

Re: QUIC and HTTP/3

there are missing bits ... https://github.com/haproxy/haproxy/blob/master/INSTALL#L392 сб, 9 апр. 2022 г. в 03:40, Shawn Heisey : > I've been trying to figure out a way to get haproxy doing QUIC. If I > add USE_QUIC=1 then compiling fails on the latest code for both 2.4 and > 2.5. > > I may have

Re: Mailing domain is vulnerable and email can be spoofable due Vulnerable DMARC Record

I wouldf also suggest BIMI record ( https://mailchimp.com/marketing-glossary/bimi/ ) to have recognizable logo in major email systems. (maybe for "haproxy.com" as well ) Ilya чт, 7 апр. 2022 г. в 17:11, Willy Tarreau : > Hello, > > On Sat, Apr 02, 2022 at 03:46:58AM +0500, Arslan Kabeer wrote:

Re: [PATCH]: BUILD/MINOR: ssl openssl 3 warning fix

ср, 6 апр. 2022 г. в 14:08, William Lallemand : > On Wed, Apr 06, 2022 at 09:45:02AM +0100, David CARLIER wrote: > > > I recall there is a openssl3 port ongoing perhaps ? > > > > I was trying to see if the said 3.x portage work is close to be merged > > to master then yes my patch is useless. > >

[PATCH] CI: update OpenSSL from 3.0.1 to 3.0.2

Hello, minor openssl update in CI. Ilya From ef50b14a80b0a54e4d71688e19bb91369fdbf5a7 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 27 Mar 2022 10:51:51 +0500 Subject: [PATCH] CI: github actions: update OpenSSL to 3.0.2 --- .github/matrix.py | 2 +- 1 file changed, 1 insertion(+), 1

Re: [*EXT*] [ANNOUNCE] haproxy-2.6-dev4

сб, 26 мар. 2022 г. в 22:23, Ionel GARDAIS : > Thanks Willy for these updates. > > While skimming the result on the interop website, I was surprised that > haproxy is always more than 50% slower than its competitor. > Is it because you've enable lots of traces as part of your debugging > process f

Re: CI caching improvement

пт, 18 мар. 2022 г. в 15:32, William Lallemand : > On Wed, Mar 16, 2022 at 09:31:56AM +0100, Tim Düsterhus wrote: > > Willy, > > > > On 3/8/22 20:43, Tim Düsterhus wrote: > > >> Yes my point was about VTest. However you made me think about a very > good > > >> reason for caching haproxy builds as

[PATCH] CI: switch to LibreSSL-3.5.1

Hello, as LibreSSL-3.5.1 is released, let us switch to the most recent release. thanks, Ilya From 7e85be757646d4bd788bfccd74146d317c5595bb Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 16 Mar 2022 12:10:47 +0500 Subject: [PATCH] CI: github actions: switch to LibreSSL-3.5.1 --- .gith

Re: CI caching improvement

script/build-vtest.sh was/is reused for cirrus,travis On Wed, Mar 9, 2022, 12:05 AM Tim Düsterhus wrote: > William, > > On 3/8/22 16:06, William Lallemand wrote: > > Let me know if we can improve the attached patch, otherwise I'll merge > > it. > > > > Let me make a competing proposal that: > >

Re: CI caching improvement

вт, 8 мар. 2022 г. в 21:13, William Lallemand : > On Tue, Mar 08, 2022 at 08:38:00PM +0500, Илья Шипицин wrote: > > > > I'm fine with swapping "vtest" <--> "haproxy" order. > > > > Ok, I can do that. > > > also, I do not think c

Re: CI caching improvement

I thought to build "vtest" just once and deliver using artifacts to all jobs. It will save some electricity, also GitHub sometimes throw 429 when we download "vtest" in too many parallel ways. however, it will not speed up, so I postoned that idea (something like that https://docs.github.com/en/act

Re: Observing low test-suite coverage

Willy, can you please apply patch from Tim (below) ? пт, 4 февр. 2022 г. в 03:06, Tim Düsterhus : > Hugo, > > On 1/25/22 13:13, Hugo Lefeuvre wrote: > > We are wondering if this is caused by our measurement approach (gcov, > > passing -fprofile-arcs -ftest-coverage in the CFLAGS and -lgcov to >

Re: [PATCH] fix guarding when OPENSSL_NO_DH is set

пн, 14 февр. 2022 г. в 14:36, William Lallemand : > > Hello Ilya, > > > Subject: [PATCH 1/2] BUILD: SSL: fix guarding when OpenSSL is built with > > OPENSSL_NO_DH > > > > some parts of the code support OPENSSL_NO_DH macro, but other do not. > > let us add wherever appropriate > > > I can't apply

[PATCH] fix guarding when OPENSSL_NO_DH is set

Hello, small fix for OPENSSL_NO_DH and weekly CI job. Ilya From 8ccbc7a3fdad681bbdad17d337ba6b86fa038b43 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 12 Feb 2022 21:28:49 +0500 Subject: [PATCH 2/2] CI: github actions: add weekly build with OPENSSL_NO_DH set --- ...nodeprecated.yml

Re: haproxy in windows

we build for cygwin in CI Actions · haproxy/haproxy (github.com) however, we do not run tests, also not sure about performance. cygwin is considered experimental, I doubt anybody uses it in production чт, 10 февр. 2022 г. в 16:15

Re: [PATCH] CI: enable QUIC for Coverity scan

gentle ping ср, 2 февр. 2022 г. в 10:27, Илья Шипицин : > Hello, > > since QUIC is first class citizen, let us scan it in code analysis. > > > Ilya >

Re: Re: Re: [PATCH] get BoringSSL back to the game

as you already suggested "best effort" support policy, it should not require your time. am I correct ? пт, 4 февр. 2022 г. в 23:47, William Lallemand : > On Fri, Feb 04, 2022 at 11:02:24PM +0500, Илья Шипицин wrote: > > пт, 4 февр. 2022 г. в 19:16, William Lallemand : >

Re: Re: [PATCH] get BoringSSL back to the game

пт, 4 февр. 2022 г. в 19:16, William Lallemand : > On Fri, Feb 04, 2022 at 11:52:06AM +0100, William Lallemand wrote: > > > > I just tried to build with the latest boringSSL version, the problem is > > on our side: > > > > We are defining X509_OBJECT_get0_X509_CRL() because it does not exist in >

Re: Observing low test-suite coverage

ср, 2 февр. 2022 г. в 21:54, Hugo Lefeuvre : > Hi, > > On Mon, Jan 31, 2022 at 02:25:39PM +0500, Илья Шипицин wrote: > > can you share details how did you invoked "gcov" ? > > I tried to make it work recently chipitsine/haproxy | Coveralls - Test > > Cov

Re: [EXTERNAL] [PATCH] get BoringSSL back to the game

ср, 2 февр. 2022 г. в 21:51, Frederic Lecaille : > On 1/31/22 6:22 AM, Илья Шипицин wrote: > > Hello, > > > > 0001 .. 0003 are "pre QUIC" patches > > 0004 .. 0006 are most questionable QUIC part > > 0007 is very simple > > > &g

[PATCH] CI: enable QUIC for Coverity scan

Hello, since QUIC is first class citizen, let us scan it in code analysis. Ilya From dd316a69698299f0bfc5ec7a86133f83dc1061a3 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 2 Feb 2022 10:24:58 +0500 Subject: [PATCH] CI: enable QUIC for Coverity scan --- .github/workflows/coverity.ym

Re: [PATCH] get BoringSSL back to the game

вт, 1 февр. 2022 г. в 15:35, William Lallemand : > On Mon, Jan 31, 2022 at 10:22:01AM +0500, Илья Шипицин wrote: > > > > Hello, > > > > Hello Ilya, > > > 0001 .. 0003 are "pre QUIC" patches > > 0004 .. 0006 are most questionable QUIC part >

Re: Observing low test-suite coverage

Hugo, can you share details how did you invoked "gcov" ? I tried to make it work recently chipitsine/haproxy | Coveralls - Test Coverage History & Statistics , but it needs more attention. вт, 25 янв. 2022 г. в 17:16, Hugo Lefeuvre : > Hi! > > As

[PATCH] get BoringSSL back to the game

Hello, 0001 .. 0003 are "pre QUIC" patches 0004 .. 0006 are most questionable QUIC part 0007 is very simple we can discuss whether BoringSSL should be 1) dropped completely 2) supported, but no QUIC 3) supported for QUIC as well as for "3)" I've checked current state of QUICTLS,

Re: [PATCH] CI: Consistently use actions/checkout@v2

Ack from me On Fri, Jan 28, 2022, 10:45 PM Tim Duesterhus wrote: > v2 is the current version of the checkout action and faster than v1. > --- > .github/workflows/compliance.yml | 2 +- > .github/workflows/musl.yml | 2 +- > .github/workflows/openssl-nodeprecated.yml |

Re: [PATCH] BUILD/MEDIUM: debug haiku build fix

https://github.com/haproxy/haproxy/runs/4935746464?check_suite_focus=true вт, 25 янв. 2022 г. в 16:47, David CARLIER : > Hi, > sure whatever solution you deem better. > > On Tue, 25 Jan 2022 at 11:09, Willy Tarreau wrote: > > > > Hi David, > > > > On Tue, Jan 25, 2022 at 10:40:57AM +, David

[PATCH] CI: introduce caching for ssl libs (except BoringSSL, QUICTLS)

Hello, this patch introduces github actions cache for SSL libs. hope it will save couple of minutes. cheers, Ilya From 5c62945e56f3bd36432483b01cba4e734dd44979 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 22 Jan 2022 00:00:44 +0500 Subject: [PATCH] CI: github actions: use cache for S

[PATCH] BUILD: refactor OpenTracing build script

Hello, as we agreed to keep scripts/build-ot.sh. Let's reuse it in CI. thanks, Ilya From 8918362582db79afc6a85ba8d556b7726bdd1932 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 15 Jan 2022 14:23:37 +0500 Subject: [PATCH] CI: refactor OpenTracing build script re-use scripts/build-ot.sh

Re: [PATCH] CI: cache for OT libs

чт, 13 янв. 2022 г. в 12:07, Willy Tarreau : > Hi Ilya, > > On Thu, Jan 13, 2022 at 11:44:08AM +0500, ??? wrote: > > Hello, > > > > I've figured out how to use CI caches. > > if that will work for some time, I'll do the same for SSL libs. > > Ah, quite interesting, thank you. > > While I

[PATCH] CI: cache for OT libs

Hello, I've figured out how to use CI caches. if that will work for some time, I'll do the same for SSL libs. Ilya From b3cb40d6dbe29ef5bda448ff83ef1a8be0a23f84 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 13 Jan 2022 11:36:28 +0500 Subject: [PATCH] CI: github actions: use cache for

Re: [EXTERNAL] Re: [PATCH] BUILD/MINOR: cpuset Fix FreeBSD 14 build

David, there are minor failures after this patch BUG/MEDIUM: mworker: don't use _getsocks in wait mode · haproxy/haproxy@f82afbb (github.com) пт, 31 дек. 2021 г. в 09:33, David CARLIER : > Hi, > > all CPU macros which wer

[PATCH] CI: cleanup default step condition

Hello, this is cleanup patch that removes default (non needed) step condition. behavior is not changed. thanks, Ilya From edbcc5312efa468f028ea8d97cbe1393aafdfcd7 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 7 Jan 2022 20:09:35 +0500 Subject: [PATCH] CI: github actions: clean default

Re: [PATCH] CI: github actions: do not try to show vtest results if vtest was not run

I'm stuck for 1 week on "github caching". I created bad cache and I have to wait 1 week until it is expired (no purge option). So, I'll send " cleanup" part first, I tested Tim's suggestion, works as designed On Sat, Dec 25, 2021, 6:32 PM Илья Шипицин wrote:

[PATCH] refactor CI spell check, fix 2 spelling typos

Hello, another spelling check cleanup. Ilya From 7f8ecfac2319fa8ebf0518796b5c7493a681fd6e Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 7 Jan 2022 14:46:15 +0500 Subject: [PATCH 2/2] CLEANUP: assorted typo fixes in the code and comments This is 30th iteration of typo fixes --- reg-t

Re: [PATCH] speling fixes

gentle ping сб, 25 дек. 2021 г. в 11:48, Илья Шипицин : > Hello, > > yet another spelling patch. > > thanks, > Ilya >

Re: [PATCH] CI: update OpenSSL to 3.0.1

gentle ping сб, 25 дек. 2021 г. в 14:15, Илья Шипицин : > Hello, > > the attached patch updates OpenSSL to recently released 3.0.1 > > Ilya >

Re: Haproxy non standard port delay ssl handshake

haproxy-1.5 is EOL already. where did you take it from ? can you switch to newer ? as for "delay" issue, indeed it could happen, however it is not possible to investigate without minimal repro configuration. please provide configuration (if that's possible). пт, 31 дек. 2021 г. в 14:51, prasad ja

Re: [PATCH] BUILD/MINOR: cpuset Fix FreeBSD 14 build

we use FreeBSD 12 for CI haproxy/.cirrus.yml at master · haproxy/haproxy (github.com) David, can you have a look please ? Should we switch to newer version? чт, 30 дек. 2021 г. в 19:13, David CARLIER : > Hi > > Here a little build fix

Re: [PATCH] CI: github actions: do not try to show vtest results if vtest was not run

On Sat, Dec 25, 2021, 5:09 PM Willy Tarreau wrote: > On Sat, Dec 25, 2021 at 06:40:57PM +0500, ??? wrote: > > Let's merge as is. > > > > I'll test changes later. Anyway, I've figured out how to enable cache and > > there will be patches later > > OK that works, now merged. > > Have a nic

Re: [PATCH] CI: github actions: do not try to show vtest results if vtest was not run

On Sat, Dec 25, 2021, 4:14 PM Willy Tarreau wrote: > On Sat, Dec 25, 2021 at 01:53:54PM +0100, Tim Düsterhus wrote: > > Willy, > > > > On 12/25/21 11:10 AM, Willy Tarreau wrote: > > > That's a good idea. I cannot judge if the method is correct but the > > > less errors we produce on early failure

Re: [PATCH] CI: github actions: do not try to show vtest results if vtest was not run

Yes, I tested all possible situation came to my mind On Sat, Dec 25, 2021, 1:10 PM Willy Tarreau wrote: > Hi Ilya, > > > From 05efdbd79b64df22b9b5a066afb73047a079b54a Mon Sep 17 00:00:00 2001 > > From: Ilya Shipitsin > > Date: Sat, 25 Dec 2021 13:53:04 +0500 > > Subject: [PATCH] CI: Github Acti

[PATCH] CI: update OpenSSL to 3.0.1

Hello, the attached patch updates OpenSSL to recently released 3.0.1 Ilya From 4ff432aa2dad464bda19b1dab48cc998aff59feb Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 25 Dec 2021 14:01:52 +0500 Subject: [PATCH] CI: github actions: update OpenSSL to 3.0.1 OpenSSL-3.0.1 was released on

[PATCH] CI: github actions: do not try to show vtest results if vtest was not run

Hello, can you please review my patch ? cheers, Ilya From 05efdbd79b64df22b9b5a066afb73047a079b54a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 25 Dec 2021 13:53:04 +0500 Subject: [PATCH] CI: Github Actions: do not show VTest failures if build failed this is mostly cleanup, issue i

[PATCH] speling fixes

Hello, yet another spelling patch. thanks, Ilya From 9af73c937dc97b42097f9b5a94f985aace212351 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 25 Dec 2021 11:45:52 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes --- doc

Re: [PATCH] BUILD: unbreak the build with newer libressl

gentle ping ср, 8 дек. 2021 г. в 06:37, Daniel Jakots : > Hi, > > Here's the file inline generated with `git format-patch -1`. Is it ok? > > I'm not subscribed to the mailing list, please keep me in Cc:. > > Thanks, > Daniel > > From bc44099cb32a95d3a8895a6232b5b0ce5c9cb5c0 Mon Sep 17 00:00:00 20

Re: [PATC H] adjust vtc for cert revocation check

gentle ping сб, 4 дек. 2021 г. в 14:45, Илья Шипицин : > hello, > > breaking behaviour was introduced on LibreSSL side. > more details: https://github.com/libressl-portable/portable/issues/697 > > in short, currently vtc expects 21, but some openssl va

Re: [PATCH] BUILD: unbreak the build with newer libressl

related to your patch directly but rather to openbsd "porting" process. I'll share details privately to split email threads. > > Cheers, > Daniel > > On Wed, 8 Dec 2021 09:11:01 +0500, Илья Шипицин > wrote: > > > Daniel, can you try regtests ? > >

Re: [PATCH] BUILD: unbreak the build with newer libressl

Daniel, can you try regtests ? reg-tests/ssl/ssl_client_samples.vtc is failing for me on the latest LibreSSL ср, 8 дек. 2021 г. в 06:37, Daniel Jakots : > Hi, > > Here's the file inline generated with `git format-patch -1`. Is it ok? > > I'm not subscribed to the mailing list, please keep me in C

[PATC H] adjust vtc for cert revocation check

hello, breaking behaviour was introduced on LibreSSL side. more details: https://github.com/libressl-portable/portable/issues/697 in short, currently vtc expects 21, but some openssl variations return 20 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCAL

Re: Proposal patch to improve CI error reporting

пт, 26 нояб. 2021 г. в 21:15, Tim Düsterhus : > Willy, > > On 11/26/21 4:18 PM, Willy Tarreau wrote: > > Do you have any objection against this being merged ? Would you prefer > > to change it a bit (e.g. delimit the output one way or another) ? I'm > > open to suggestions, knowing that in its cur

Re: [PATCH]: MEDIUM: pool little FreeBSD support improvement.

чт, 25 нояб. 2021 г. в 18:22, David CARLIER : > On Thu, 25 Nov 2021 at 12:25, Willy Tarreau wrote: > > > > On Thu, Nov 25, 2021 at 04:38:27PM +0500, ??? wrote: > > > > Thus I think that instead of focusing on the OS we ought to continue > > > > to focus on the allocator and improve runti

Re: [PATCH]: MEDIUM: pool little FreeBSD support improvement.

чт, 25 нояб. 2021 г. в 14:54, Willy Tarreau : > Hi David, > > On Wed, Nov 24, 2021 at 08:08:39PM +, David CARLIER wrote: > > Hi > > > > here a little patch for FreeBSD to support memory arenas trimming. > (...) > > FreeBSD uses a slighty simplified version of jemalloc as libc allocator > > sin

Re: [ANNOUNCE] haproxy-2.5.0

вт, 23 нояб. 2021 г. в 21:45, Willy Tarreau : > On Tue, Nov 23, 2021 at 05:40:22PM +0100, Tim Düsterhus wrote: > > Willy, > > > > On 11/23/21 5:18 PM, Willy Tarreau wrote: > > > As a reminder, this is a stable version which will receive fixes for > > > around 12 months. Its initially scheduled EOL

[PATCH] more spell fixes

Hello, some spell fixes. Ilya From 894012d27ed0a776d37d305ebba32ecdd527c3ce Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 20 Nov 2021 23:11:12 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 28th iteration of typo fixes --- doc/configuration.txt

should we keep both OpenSSL-3.0.0 and QuicTLS builds in CI ?

Hello, Team! QuicTLS is built on top of OpenSSL-3.0.0 and may be considered as "kind of OpenSSL ... with QUIC enabled". should we keep both of just second ? (I'm fine with either of two) Cheers, Ilya

Re: [PATCH 1/2] BUILD: SSL: add quictls build to scripts/build-ssl.sh

it is safe to apply now чт, 18 нояб. 2021 г. в 19:11, Илья Шипицин : > In theory, we can drop QUICTLS/gcc build, leaving only clang. > let us spend some time on fixing and decide > > чт, 18 нояб. 2021 г. в 18:48, Amaury Denoyelle : > >> On Thu, Nov 18, 2021 at 06:27:56PM

Re: [PATCH 1/2] BUILD: SSL: add quictls build to scripts/build-ssl.sh

In theory, we can drop QUICTLS/gcc build, leaving only clang. let us spend some time on fixing and decide чт, 18 нояб. 2021 г. в 18:48, Amaury Denoyelle : > On Thu, Nov 18, 2021 at 06:27:56PM +0500, Ilya Shipitsin wrote: > > script/build-ssl.sh is used mostly in CI, let us introduce QUIC > > Open

Re: [ANNOUNCE] haproxy-2.5-dev13

thanks, all coverity issues were resolved :) [image: image.png] вс, 7 нояб. 2021 г. в 16:27, Илья Шипицин : > as we are close to 2.5, can the following remaining Coverity issues be > addressed ? at least I'm aware of possible null pointer deref > > src/stream_interface.c: insec

Re: How to compile with packaged openssl when custom openssl installed?

чт, 4 нояб. 2021 г. в 22:31, Shawn Heisey : > On 11/4/21 7:55 AM, Willy Tarreau wrote: > > Normally you just have to specify SSL_INC and SSL_LIB at build time to > > specify the one you want to build with. I'm doing exactly this when I > > want to build with older versions: > > > I tried this. My

Re: [ANNOUNCE] haproxy-2.5-dev13

as we are close to 2.5, can the following remaining Coverity issues be addressed ? at least I'm aware of possible null pointer deref src/stream_interface.c: insecure data handling suspected by coverity · Issue #1405 · haproxy/haproxy (github.com) s

Re: How to compile with packaged openssl when custom openssl installed?

чт, 4 нояб. 2021 г. в 18:58, Willy Tarreau : > Hi Shawn, > > On Wed, Nov 03, 2021 at 10:56:02AM -0600, Shawn Heisey wrote: > > On 11/3/21 9:25 AM, ??? wrote: > > > you either need to specify LD_LIBRARY_PATH or add rpath during link, > > > here's example how to use rpath via ADDLIB haproxy

Re: How to compile with packaged openssl when custom openssl installed?

ср, 3 нояб. 2021 г. в 18:57, Shawn Heisey : > I ran into a problem when I compiled haproxy 2.4.8. I had installed > openssl 3.0.1-dev from source between installing haproxy 2.4.7 and > 2.4.8, and haproxy's build system picked up the newer openssl instead of > the one packaged by Ubuntu. > > I tri

Re: [EXTERNAL] testing websockets

reg-tests/http-messaging/websocket.vtc is able to catch issue 737 ср, 20 окт. 2021 г. в 11:55, Илья Шипицин : > Proposed testsuite only catches issue 737 regression in https mode. > > Also, it tests h2, because native chromium is involved. > > I'll check whether VTC is abl

Re: adding Coverity badge to some visible place

I created demo in my fork https://github.com/chipitsine/haproxy/commit/a5047411dc39abba3d2610afd65a654839524464 how it looks: https://github.com/chipitsine/haproxy сб, 15 мая 2021 г. в 00:24, Tim Düsterhus : > Daniel, > Ilya, > > On 5/14/21 5:45 PM, Daniel Corbett wrote: > >> I would like t

Re: [EXTERNAL] testing websockets

, Oct 20, 2021, 9:50 AM Amaury Denoyelle wrote: > On Wed, Oct 20, 2021 at 09:59:59AM +0500, Илья Шипицин wrote: > > Hello, > > I've found a way how to test websockets automatically. > > this approach is able to catch > https://github.com/haproxy/haproxy/issues/737 &g

testing websockets

Hello, I've found a way how to test websockets automatically. this approach is able to catch https://github.com/haproxy/haproxy/issues/737 the idea is to place haproxy between browser and kestrel in SignalR tests ( https://github.com/dotnet/aspnetcore/tree/main/src/SignalR ) test takes 3 hours

Re: [PATCH v2] BUILD: SSL: function "ERR_func_error_string" is deprecated in OpenSSL-3.0.0

similar patchset https://patchwork.openvpn.net/project/openvpn2/list/?series=1309 Willy, please forward to SSL support team чт, 7 окт. 2021 г. в 14:08, Илья Шипицин : > > > чт, 7 окт. 2021 г. в 12:49, Willy Tarreau : > >> On Thu, Oct 07, 2021 at 11:30:54AM +0500,

Re: Inquiry of Vertical Balancer

hello, please tell us more about the relation between Vertical Balancer and the mailing list you used. пн, 11 окт. 2021 г. в 18:25, Mr. Reeder : > Greetings, > Hope you are fine. Well I am in the market to purchase a Vertical Balancer > and through my search I came across your address. Kindly le

Re: [ANNOUNCE] haproxy-2.5-dev9

can remaining coverity findings be reviewed before 2.5 ? https://github.com/haproxy/haproxy/issues/1163 https://github.com/haproxy/haproxy/issues/1405 пт, 8 окт. 2021 г. в 22:23, Willy Tarreau : > Hi, > > HAProxy 2.5-dev9 was released on 2021/10/08. It added 162 new commits > after version 2.5-d

Re: [PATCH v2] BUILD: SSL: function "ERR_func_error_string" is deprecated in OpenSSL-3.0.0

чт, 7 окт. 2021 г. в 12:49, Willy Tarreau : > On Thu, Oct 07, 2021 at 11:30:54AM +0500, ??? wrote: > > > Just thinking about something, given that the new API was already > adopted > > > by BoringSSL and will probably be at some point in time by LibreSSL, > would > > > it not be better to

Re: [PATCH v2] BUILD: SSL: function "ERR_func_error_string" is deprecated in OpenSSL-3.0.0

чт, 7 окт. 2021 г. в 10:58, Willy Tarreau : > Hi Ilya, > > On Wed, Oct 06, 2021 at 11:26:13PM +0500, Ilya Shipitsin wrote: > > +/* ERR_func_error_string is deprecated in OpenSSL-3.0.0 */ > > +#if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > +#define HA_ERR_func_error_string(ret) "OPENSSL_internal"

Re: executable properties (checksec, BinSkim)

No interest :) ? On Sat, Sep 18, 2021, 3:05 PM Илья Шипицин wrote: > Hello, > > I checked how looks binary shipped in several popular distributions > (ppa:vbernat/haproxy-2.4, docker haproxytech/haproxy-ubuntu, docker > haproxy). > > are we aware of those security features

Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode

пт, 24 сент. 2021 г. в 20:23, Willy Tarreau : > On Fri, Sep 24, 2021 at 08:09:29PM +0500, ??? wrote: > > ??, 24 . 2021 ?. ? 19:49, Willy Tarreau : > > > > > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > > > > I'd really prefer that we address all this API stuff thr

Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode

пт, 24 сент. 2021 г. в 19:49, Willy Tarreau : > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > > I'd really prefer that we address all this API stuff through the > > > openssl-compat stuff, so that over time we can more easily drop > > > unneeded stuff. Above that could be done

Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode

пт, 24 сент. 2021 г. в 18:44, Willy Tarreau : > Hi Ilya, > > On Mon, Sep 20, 2021 at 10:37:04PM +0500, ??? wrote: > > Subject: [PATCH] BUILD: SSL: function "ERR_func_error_string" is > deprecated in > > OpenSSL-3.0.0 > > > > let us prepare for using OpenSSL-3.0.0 in no deprecation mode >

Re: HA-Proxy inquiry

hello, there are several tutorials to start with, for example HAProxy version 2.4.0 - Starter Guide (cbonte.github.io) ср, 22 сент. 2021 г. в 10:16, Lhendup Norbu : > Dear Sir/Madan, > > > > I am Lhendup Norbu working in Bank of Bhutan under

[PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode

Hello, Fedora Rawhide now is shipped with OpenSSL-3.0.0 :) let us fix deprecations one by one. thanks, Ilya From 1d437e57e43e9c2f38977c373404e167f8230a08 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Mon, 20 Sep 2021 22:27:35 +0500 Subject: [PATCH] BUILD: SSL: function "ERR_func_error_str

executable properties (checksec, BinSkim)

Hello, I checked how looks binary shipped in several popular distributions (ppa:vbernat/haproxy-2.4, docker haproxytech/haproxy-ubuntu, docker haproxy). are we aware of those security features ? shall we move them to Makefile ? or is it up to distribution ? ppa:vbernat/haproxy-2.4 [root@fedora

Re: BoringSSL commit dddb60e breaks compilation of HAProxy

ср, 8 сент. 2021 г. в 13:54, Willy Tarreau : > On Wed, Sep 08, 2021 at 12:05:23PM +0500, ??? wrote: > > Hello, Bob > > > > I tracked an issue https://github.com/haproxy/haproxy/issues/1386 > > > > > > let's track activity there > > Quite frankly, I'm seriously wondering how long we'll wa

Re: BoringSSL commit dddb60e breaks compilation of HAProxy

Hello, Bob I tracked an issue https://github.com/haproxy/haproxy/issues/1386 let's track activity there вт, 7 сент. 2021 г. в 22:58, Zakharychev, Bob : > BoringSSL commit dddb60e, "Make most of crypto/x509 opaque.", breaks > compilation of HAProxy with the following errors (log from compiling

Re: BoringSSL commit dddb60e breaks compilation of HAProxy

yep :) CI: Github Actions: temporarily disable BoringSSL builds · haproxy/haproxy@30ee296 I had a look, I found the same as you (no easy fix). let us open github issue for tracking this. вт, 7 сент. 2021 г. в

[PATCH] spell fixes

hello, yet another spell fixes. Ilya From af89f34503eed1f36b0e2262bb2cef286336fbc5 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 22 Aug 2021 22:18:07 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 26th iteration of typo fixes --- doc/lua-api/ind

[PATCH] prepare scripts/build-ssl.sh for OpenSSL-3.0.0beta2

hello, starting with 3.0.0beta2 we need to specify libdir. thanks, Ilya From 6d000345e5f738d8e35f3818843ea8ab92d54f70 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 21 Aug 2021 16:01:25 +0500 Subject: [PATCH] BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 starting with https:

Re: double // after domain causes ERR_HTTP2_PROTOCOL_ERROR after upgrade to 2.4.3

double slashes behaviour is changed in BUG/MEDIUM: h2: match absolute-path not path-absolute for :path · haproxy/haproxy@46b7dff (github.com) however, Tim submitted several "normalization" patches recently. as far

Re: [PATCH] CI: Remove obsolete USE_SLZ=1 CI job

ack from me. сб, 14 авг. 2021 г. в 17:40, Tim Duesterhus : > Using SLZ is a default, thus this build is equivalent to the "no features" > build. > --- > .github/matrix.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/.github/matrix.py b/.github/matrix.py > index cfef53

[PATCH] CI: relax OpenSSL version comparision

we do not need strict comparison here, 3.0.0 is enough. thanks, Ilya From 779e30baa8385d4484441fdb7a1069933d30be4a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 15 Aug 2021 12:55:08 +0500 Subject: [PATCH] CI: github actions: relax OpenSSL-3.0.0 version comparision we better to check f

Re: [PATCH] assorted spelling fixes

Gentle ping On Sat, Aug 7, 2021, 2:45 PM Илья Шипицин wrote: > Hello, > > yet another spelling fixes. > > Ilya >

<    1   2   3   4   5   6   7   8   9   10   >