01:25:42PM +0500, Илья Шипицин wrote:
> > пт, 26 июн. 2020 г. в 13:18, William Lallemand :
> >
> > > Hello,
> > >
> > > On Sat, Jun 20, 2020 at 11:42:57PM +0500, Илья Шипицин wrote:
> > > > include/haproxy/openssl-compat.h | 7 +++
пт, 26 июн. 2020 г. в 13:18, William Lallemand :
> Hello,
>
> On Sat, Jun 20, 2020 at 11:42:57PM +0500, Илья Шипицин wrote:
> > include/haproxy/openssl-compat.h | 7 +++
> > 1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/include/hap
вт, 23 июн. 2020 г. в 00:16, Tim Düsterhus :
> Hi List,
>
> I was having a bit of off-list disagreement with Willy regarding how
> HAProxy ACLs should work and what (experienced) administrators may or
> may expect from them. I am arguing about something I believe many
> administrators might
I added "*.pem" to ignore list. Fixed several tens of found typos.
Ilya Shipitcin
From 5081b0cd6eb4336065ee517afd380a5ae7624247 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sun, 21 Jun 2020 21:42:57 +0500
Subject: [PATCH 3/3] CLEANUP: assorted typo fixes in the code and comments
This is
Hello,
using "ninja" speeds up boringssl builds.
Cheers,
Ilya Shipitcin
From a1fae033fd037293fd03faa713afdd2e12a2b184 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sun, 21 Jun 2020 16:39:30 +0500
Subject: [PATCH] CI: travis-ci: switch BoringSSL builds to ninja
using ninja instead of make
Hello,
BoringSSL builds are broken
https://travis-ci.com/github/haproxy/haproxy/jobs/351670996
I attached the fix.
Cheers,
Ilya Shipitcin
From 39527ba53557aaf8a031401f00b6b217bec2935e Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sat, 20 Jun 2020 23:38:37 +0500
Subject: [PATCH] BUILD:
Lots of changes before 2.2 release :)
On Sun, Jun 14, 2020, 9:24 PM Tim Düsterhus wrote:
> Hi List,
> Willy,
> Ilya,
>
> I noticed that the reg-tests were unable find the issue reported by
> William here:
> https://www.mail-archive.com/haproxy@formilux.org/msg37637.html
>
> This is because
I added "-O1" to travis builds.
Can we apply it until a better solution will be found ?
пт, 12 июн. 2020 г. в 21:40, Илья Шипицин :
>
>
> пт, 12 июн. 2020 г. в 21:09, Willy Tarreau :
>
>> On Fri, Jun 12, 2020 at 08:57:44PM +0500, ??? wrote:
>> &g
пт, 12 июн. 2020 г. в 21:09, Willy Tarreau :
> On Fri, Jun 12, 2020 at 08:57:44PM +0500, ??? wrote:
> > ??, 12 ???. 2020 ?. ? 20:46, Willy Tarreau :
> >
> > > On Fri, Jun 12, 2020 at 08:11:52PM +0500, ??? wrote:
> > > > > Has it ever reported a *real* issue ? I mean, we've been
пт, 12 июн. 2020 г. в 20:46, Willy Tarreau :
> On Fri, Jun 12, 2020 at 08:11:52PM +0500, ??? wrote:
> > > Has it ever reported a *real* issue ? I mean, we've been working around
> > >
> >
> >
> > https://github.com/haproxy/haproxy/issues/96
> >
пт, 12 июн. 2020 г. в 20:01, Willy Tarreau :
> On Fri, Jun 12, 2020 at 07:52:48PM +0500, ??? wrote:
> > it should be detectable using
> >
> > #if defined(__has_feature)# if __has_feature(address_sanitizer)//
> > code that builds only under AddressSanitizer# endif#endif
>
> OK that
пт, 12 июн. 2020 г. в 19:31, Willy Tarreau :
> Hi Ilya,
>
> On Mon, Mar 16, 2020 at 10:49:26AM +0100, Tim Düsterhus wrote:
> > Ilya,
> >
> > Am 16.03.20 um 07:52 schrieb ???:
> > > we use clang because of its address sanitizer. I found gcc asan more
> noisy
> > > and less usable.
>
>
if haproxy was built against openssl with disabled TLS1.0, so haproxy does
not support TLS1.0
you need to rebuild haproxy after enabling
пт, 12 июн. 2020 г. в 18:12, bjun...@gmail.com :
> Hi,
>
> currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
>
> I'm trying to get TLSv1 working (we need
pushing to github is not related to Travis. Those are different clouds:)
On Thu, Jun 11, 2020, 3:23 PM Willy Tarreau wrote:
> On Thu, Jun 11, 2020 at 03:17:07PM +0500, ??? wrote:
> > we had to change libslz url as well
> >
> >
>
we had to change libslz url as well
https://github.com/haproxy/haproxy/commit/13dd45178e24504504a02d89d9a81d4b80c63c93#diff-354f30a63fb0907d4ad57269548329e3
however, I did not investigate deeper (traceroute, etc, ...)
чт, 11 июн. 2020 г. в 14:59, Tim Düsterhus :
> Bjoern,
> Willy,
>
> Am
it is a good report. backtraces are very useful
is there github issue filled for it ? if no, can you please create one ?
I hope, it won't be lost that way
вт, 9 июн. 2020 г. в 15:13, Sander Hoentjen :
> Is there anybody with a clue? If I need to supply more info I can do so,
> of course.
>
>
пн, 8 июн. 2020 г. в 03:58, Tim Düsterhus :
> Willy,
>
> Am 05.06.20 um 21:09 schrieb Willy Tarreau:
> > I'm just asking here that the regular contributors have a glance at the
> > branch named "20200605-rework-include-final" and honestly say how they
> > feel about adopting this (even if they
вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini :
> Hello all,
>
> I'm moving to HA using it to replace NGINX and I've a question regarding
> how to do a Rate Limiting in HA that enables queuing the requests instead
> of closing them.
>
> I was able to limit per IP following those examples:
>
Hello,
currently we run tests on several LibreSSL versions: 3.1.1, 3.0.2, 2.9.2
with new LibreSSL released (they implemented TLS1.3 in their own way, not
yet compatible with openssl) we definitely wish to move to 3.2.0
what to do with other builds ? I'd like to keep some oldish versions as
btw, what is minimal supported openssl version ? 0.9.7 ? how will that work
on it ?
пт, 29 мая 2020 г. в 12:11, William Lallemand :
> On Wed, May 27, 2020 at 12:40:54PM +0200, William Lallemand wrote:
> > Hello List,
> >
> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
>
чт, 28 мая 2020 г. в 14:35, William Lallemand :
> On Thu, May 28, 2020 at 09:32:25AM +0200, Willy Tarreau wrote:
> > On Thu, May 28, 2020 at 12:21:20AM +0200, Tim Düsterhus wrote:
> > > Ilya,
> > >
> > > Am 27.05.20 um 22:53 schrieb ???:
> > > > Hello,
> > > >
> > > > let us skip new
There were bug reports if centos 6 is broken. Which means people actively
use it
On Thu, May 28, 2020, 3:21 AM Tim Düsterhus wrote:
> Ilya,
>
> Am 27.05.20 um 22:53 schrieb Илья Шипицин:
> > Hello,
> >
> > let us skip new test on CentOS6
> >
>
> There
Hello,
let us skip new test on CentOS6
Cheers,
Ilya Shipitcin
From 4585b4f3b3f6dcbef071b36e7a589cd89757818e Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Thu, 28 May 2020 01:50:57 +0500
Subject: [PATCH] CI: cirrus-ci: skip
reg-tests/connection/proxy_protocol_send_unique_id_alpn.vtc on
nored. is it bad ? I'm not sure.
code comes from
https://github.com/haproxy/haproxy/commit/61cc85223098a962616ececa2d6bdd7809c37fe3
Christopher, do you know why we ignore exit status here ?
вт, 26 мая 2020 г. в 19:59, Илья Шипицин :
>
>
> вт, 26 мая 2020 г. в 12:02, Willy Tarreau :
&
hello,
how does haproxy serves queries like that:
Range: bytes=0-,0-,0-,0-,
more info:
https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-cdn-servers/
Cheers,
Ilya Shipitcin
ср, 27 мая 2020 г. в 16:09, Tim Düsterhus :
> William,
>
> Am 27.05.20 um 12:40 schrieb William Lallemand:
> > Hello List,
> >
> > Since HAProxy 1.8, the minimum default TLS version for bind lines is
> > TLSv10. I was thinking to increase this minimum default to TLSv11 before
> > the 2.2 release.
as a person running pretty large load balancer installation, I confirm
there are a lot of usages of TLS10.
for example, depending on .net version, default setting might be TLS1.0 if
you run .net 4.5
the ability to turn TLS1.0 without recompile is the must thing to have.
I'm even not sure about
вт, 26 мая 2020 г. в 12:02, Willy Tarreau :
> Hi Ilya,
>
> On Sat, May 23, 2020 at 03:47:58PM +0500, ??? wrote:
> > From: Ilya Shipitsin
> > Date: Sat, 23 May 2020 15:35:36 +0500
> > Subject: [PATCH] CLEANUP: src/checks.c: ignore return value using
> DISGUISE(..)
> >
> > we do not want
Hello,
let us clean up non important finding by wrapping it with DISGUISE(..)
Cheers,
Ilya Shipitcin
From 7060a886a76452245ec466f6f7aaf28d504c9c3f Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sat, 23 May 2020 15:35:36 +0500
Subject: [PATCH] CLEANUP: src/checks.c: ignore return value
чт, 21 мая 2020 г. в 18:31, PiBa-NL :
> Hi Ilya,
> Op 21-5-2020 om 04:57 schreef Илья Шипицин:
> > Hello,
> >
> > seems, freebsd images on cirrus-ci run with no ipv6 support
> > https://cirrus-ci.com/task/6613883307687936
> >
> It fails on srv3 configura
Hello,
seems, freebsd images on cirrus-ci run with no ipv6 support
https://cirrus-ci.com/task/6613883307687936
any idea how we can skip such tests ?
Cheers,
Ilya Shipitcin
Hello,
travis timed out when downloading libslz
fatal: unable to access 'http://git.1wt.eu/git/libslz.git/': Failed to
connect to git.1wt.eu port 80: Connection timed out
The command "git clone http://git.1wt.eu/git/libslz.git/; failed and
exited with 128 during .
it is something related to
Hello,
can we apply that patch ?
it removes single assignment, fixes #593
Cheers,
Ilya Shipitcin
From e922cfb5e6e60f573c8861d3e10e6736be601d47 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sat, 16 May 2020 22:42:12 +0500
Subject: [PATCH] CLEANUP: src/acl.c: remove unused assignment
commit message adjusted
пт, 15 мая 2020 г. в 22:02, Илья Шипицин :
>
>
> пт, 15 мая 2020 г. в 20:07, Willy Tarreau :
>
>> Ilya,
>>
>> > also, I'd suggest to purge travis-ci cache (if you are build in your own
>> > fork).
>> > some travis related
I mean, I will include your fix into next spellcheck patch if you do not
mind
On Fri, May 15, 2020, 11:22 PM Olaf Buitelaar
wrote:
> Hi Илья Шипицин,
>
> The codespell looks really cool. But i'm sorry, I cannot really find how i
> can add a check for this case, otherwise i would be
пт, 15 мая 2020 г. в 20:07, Willy Tarreau :
> Ilya,
>
> > also, I'd suggest to purge travis-ci cache (if you are build in your own
> > fork).
> > some travis related issue might be related when something is took from
> > cache (which was not supposed to happen)
>
> Could you please handle
that's a typo.
we established weekly "codespell" check
here's example of check:
https://github.com/haproxy/haproxy/runs/665274281?check_suite_focus=true
I submit spell fixes from time to time, I may include your fix as well if
you do not mind
(it was impossible to catch "an" <--> "and" from
ues at
> https://github.com/haproxy/haproxy/pull/630/files#diff-354f30a63fb0907d4ad57269548329e3R51
>
> On Fri, May 15, 2020 at 1:11 PM Илья Шипицин wrote:
>
>> or we'd better move SSL_LIB, SSL_INC to build-ssl.sh script
>>
>> пт, 15 мая 2020 г. в 15:09, Илья Шипицин
or we'd better move SSL_LIB, SSL_INC to build-ssl.sh script
пт, 15 мая 2020 г. в 15:09, Илья Шипицин :
> probably, you also need to unset SSL_LIB and SSL_INC
>
>
>
> btw, I got an answer how to grant travis-ci rights (for triggering build
> manually)
>
> https
gt; On Mon, May 11, 2020 at 12:38 PM Илья Шипицин
> wrote:
>
>>
>>
>> сб, 9 мая 2020 г. в 11:45, Willy Tarreau :
>>
>>> On Sat, May 09, 2020 at 08:11:27AM +0200, Vincent Bernat wrote:
>>> > ? 8 mai 2020 14:25 +02, Willy T
сб, 9 мая 2020 г. в 11:45, Willy Tarreau :
> On Sat, May 09, 2020 at 08:11:27AM +0200, Vincent Bernat wrote:
> > ? 8 mai 2020 14:25 +02, Willy Tarreau:
> >
> > >> > Let's increase the timeout to see if it has a chance to finish, no ?
> > >> >
> > >>
> > >> yes
> > >
> > > OK now pushed. It's
Hello,
patch attached.
Ilya Shipitcin
From ebc6529630cc86a41e894b8f80d2926dd3e5afcf Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sat, 9 May 2020 21:36:04 +0500
Subject: [PATCH] CI: travis-ci: upgrade LibreSSL versions
3.0.2 --> 3.1.1
2.9.2 --> 3.0.2
2.8.3 --> 2.9.2
---
.travis.yml | 6
пт, 8 мая 2020 г. в 18:04, Martin Grigorov :
>
>
> On Fri, May 8, 2020 at 3:25 PM Willy Tarreau wrote:
>
>> On Fri, May 08, 2020 at 05:04:43PM +0500, ??? wrote:
>> > > Let's increase the timeout to see if it has a chance to finish, no ?
>> > >
>> >
>> > yes
>>
>> OK now pushed. It's
пт, 8 мая 2020 г. в 17:25, Willy Tarreau :
> On Fri, May 08, 2020 at 05:04:43PM +0500, ??? wrote:
> > > Let's increase the timeout to see if it has a chance to finish, no ?
> > >
> >
> > yes
>
> OK now pushed. It's really annoying to work blindly like this. The
> build model Travis uses
пт, 8 мая 2020 г. в 16:45, Willy Tarreau :
> On Fri, May 08, 2020 at 04:17:18PM +0500, ??? wrote:
> > as far as I understand, arm64 is run inside containers. something like
> > docker or lxd.
> >
> > "Processing triggers for dbus (1.12.2-1ubuntu1.1) ..."
> >
> >
> > dbus is not supposed
as far as I understand, arm64 is run inside containers. something like
docker or lxd.
"Processing triggers for dbus (1.12.2-1ubuntu1.1) ..."
dbus is not supposed to be available from container, right ?
пт, 8 мая 2020 г. в 16:15, Илья Шипицин :
> another travis-ci bug.
> UI do
another travis-ci bug.
UI does not show full log:
https://api.travis-ci.com/v3/job/329873686/log.txt
пт, 8 мая 2020 г. в 15:58, Willy Tarreau :
> On Fri, May 08, 2020 at 03:29:26PM +0500, ??? wrote:
> > I attached a patch
>
> Pushed, thanks. Next step in 10 minutes :-)
>
it did not
пт, 8 мая 2020 г. в 15:09, Willy Tarreau :
> On Fri, May 08, 2020 at 03:07:51PM +0500, ??? wrote:
> > ??, 8 ??? 2020 ?. ? 14:55, Willy Tarreau :
> >
> > > On Fri, May 08, 2020 at 01:59:57PM +0500, ??? wrote:
> > > > > We don't know how long it gets cached so if we increase it
пт, 8 мая 2020 г. в 14:55, Willy Tarreau :
> On Fri, May 08, 2020 at 01:59:57PM +0500, ??? wrote:
> > > We don't know how long it gets cached so if we increase it we'll have
> to
> > > leave it.
> > >
> >
> > it is cached forever, until cache is purged manually or some cache key
> >
пт, 8 мая 2020 г. в 12:26, Willy Tarreau :
> On Fri, May 08, 2020 at 09:34:32AM +0300, Martin Grigorov wrote:
> > It must have started failing when you updated the version of OpenSSL.
> > .travis.yml caches ~/opt folder between builds. After the update to
> 1.1.1f
> > the build doesn't see the
Hello,
gcc 10 now includes static analyzer
https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html
findings mostly correlate to coverity
for example
src/peers.c: In function ‘peers_register_table’:
src/peers.c:2984:13: warning: dereference of possibly-NULL ‘st’ [CWE-690]
пт, 8 мая 2020 г. в 11:35, Martin Grigorov :
> Hi,
>
> I think I understand why it started failing.
> It must have started failing when you updated the version of OpenSSL.
> .travis.yml caches ~/opt folder between builds. After the update to 1.1.1f
> the build doesn't see the OpenSSL binaries in
пт, 8 мая 2020 г. в 11:27, Willy Tarreau :
> On Fri, May 08, 2020 at 11:12:00AM +0500, ??? wrote:
> > btw, in my fork it is green
> > https://travis-ci.com/github/chipitsine/haproxy/jobs/329528056
>
> Cool, that tends to confirm the issue remains a bit random. There
> is actually
пт, 8 мая 2020 г. в 10:56, Martin Grigorov :
> Hi all,
>
> On Thu, May 7, 2020 at 11:56 PM Willy Tarreau wrote:
>
>> Hi Ilya,
>>
>> On Thu, May 07, 2020 at 09:19:48PM +0500, ??? wrote:
>> > Hello,
>> >
>> > let us enable arm64 builds back.
>>
>> Good idea, just merged now. Let's see how
Hello,
let us enable arm64 builds back.
Cheers,
Ilya Shipitcin
From 8c68b4494ba37469de86798fd7c492e38a2a8668 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Thu, 7 May 2020 20:57:26 +0500
Subject: [PATCH] CI: travis-ci: enable arm64 builds again
travis-ci arm64 were temporarily disabled
How did you get "test result"?
Should we add automated test for that? For example, once a week
On Wed, May 6, 2020, 5:28 PM Gilchrist Dadaglo wrote:
>
> Background:
> Python 2 is no longer supported since January, 1st 2020 as per
> https://www.python.org/doc/sunset-python-2/
>
It almost works! There are few tests that fail. Any help finding the
> reason is very welcome!
>
> Martin
>
> On Mon, Mar 23, 2020 at 11:12 AM Martin Grigorov
> wrote:
>
>> Hi Илья,
>>
>> On Sun, Mar 22, 2020 at 2:46 PM Илья Шипицин
>> wrote:
>>
>
Hello,
do we have any experience of
https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8
?
Cheers,
Ilya Shipitcin
thank you, I will have a look!
ср, 6 мая 2020 г. в 14:27, Martin Grigorov :
> Hi Илья,
>
> On Wed, May 6, 2020 at 11:59 AM Илья Шипицин wrote:
>
>> do you run tests on GH arm64 agents ? is it dedicated (your own) agents
>> attached to your repo ? can you give a link ?
&g
do you run tests on GH arm64 agents ? is it dedicated (your own) agents
attached to your repo ? can you give a link ?
ср, 6 мая 2020 г. в 13:22, Martin Grigorov :
> Hello HAProxy team,
>
> While working on a PR to build & test HAProxy on AARCH64 at GitHub Actions
> I've noticed a strange
пн, 4 мая 2020 г. в 13:06, Christopher Faulet :
> Le 04/05/2020 à 08:57, Christopher Faulet a écrit :
> > Le 04/05/2020 à 07:46, William Lallemand a écrit :
> >> On Fri, May 01, 2020 at 12:57:06PM +0500, Илья Шипицин wrote:
> >>>
> >>> The following t
Hello,
this partially fixes #610
Cheers,
Ilya Shipitcin
From ea2bf2e2ebc6186f4fbd722c7cfdd72401163ec3 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Fri, 1 May 2020 12:53:49 +0500
Subject: [PATCH] REGTEST: specify PCRE|PCRE2 for those tests that require that
option
The following tests
Hello,
new reg-test requires ALPN which is not available on CentOS 6.
Cheers,
Ilya Shipitcin
From f6edcbacc58ccbfe47f25fccfe6a5743fcae1122 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Mon, 27 Apr 2020 23:35:13 +0500
Subject: [PATCH] CI: cirrus-ci: remove
How haproxy.org is managed, some manual update? Can we run git master there?
On Mon, Apr 27, 2020, 10:30 PM Willy Tarreau wrote:
> Hi all,
>
> just a quick note, be careful with -dev6, monitor your FDs from time
> to time. Today it caused an outage on haproxy.org after all FDs were
> in use.
вс, 26 апр. 2020 г. в 06:37, Ricardo Barbosa :
> Hello everyone, everything good? I'm studying how to enable the
> modsecurity module, but I don't know how the compilation process is done.
>
> I found this link
> https://github.com/haproxy/haproxy/tree/master/contrib/modsecurity. but I
> didn't
чт, 23 апр. 2020 г. в 14:39, Tim Düsterhus :
> Ilya,
>
> Am 23.04.20 um 11:20 schrieb Илья Шипицин:
> > src/mux_h2.c:5939:3: warning: Value stored to 'count' is never read
> > count = 0;
>
> without checking these in detail:
>
> I have run scan-b
Hello,
src/mux_h2.c:5939:3: warning: Value stored to 'count' is never read
count = 0;
src/ssl_sock.c:6650:6: warning: Value stored to 'ret' is never read
ret = 1;
src/ssl_sock.c:9428:2: warning: Value stored to 'p2' is never read
you can start with https://ssl-config.mozilla.org/
however, high security also means lower compatibility, i.e. old browsers
fail on high security (ssl labs provide handshake table for that)
ср, 22 апр. 2020 г. в 20:32, Branitsky, Norman <
norman.branit...@tylertech.com>:
> HA-Proxy version
ср, 22 апр. 2020 г. в 00:06, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 20:49 schrieb Илья Шипицин:
> > I thought of some more high level fuzzing without intercepting code path.
> > for example, we know about range queries
> >
> > Range: bytes=0-1023
> >
вт, 21 апр. 2020 г. в 20:24, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 17:02 schrieb Илья Шипицин:
> >> The two CVEs I mentioned were bugs *I* found using afl-fuzz. The biggest
> >> hurdle back when I attempted fuzzing was not getting an appropriate
> >> wor
вт, 21 апр. 2020 г. в 19:13, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 15:47 schrieb Илья Шипицин:
> >> The write-up is available now:
> >> https://bugs.chromium.org/p/project-zero/issues/detail?id=2023
> >>
> >> It has a "Methodology-Fuzzing
another option would be to enlist project at HackerOne and wait while Guido
Vranken will fuzz it :)
he already fuzzed dozens of projects, including openssl, openvpn, ...
https://guidovranken.com/
вт, 21 апр. 2020 г. в 18:21, Tim Düsterhus :
> Willy,
>
> Am 02.04.20 um 15:03 schrieb Willy
вт, 21 апр. 2020 г. в 18:21, Tim Düsterhus :
> Willy,
>
> Am 02.04.20 um 15:03 schrieb Willy Tarreau:
> > The main driver for this release is that it contains a fix for a serious
> > vulnerability that was responsibly reported last week by Felix Wilhelm
> > from Google Project Zero, affecting the
nice, I finished all CI stuff :)
I'll focus in copr / rpm next
вт, 21 апр. 2020 г. в 13:29, William Lallemand :
> On Mon, Apr 20, 2020 at 07:12:41PM +0500, Илья Шипицин wrote:
> > Lukas, Willy ?
> >
> > чт, 16 апр. 2020 г. в 23:16, Илья Шипицин :
> >
> > &g
Lukas, Willy ?
чт, 16 апр. 2020 г. в 23:16, Илья Шипицин :
> Hello,
>
> I added weekly build for detection incompatibilities against
> "no-deprecated" openssl.
>
> (well, I first thought to add those option to travis, but it became
> over-engineered from my point
Hello,
next typo fixes.
Ilya Shipitcin
From 40a7e81223c783836d6e7d3726ad3db2f9ca418e Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Thu, 16 Apr 2020 23:51:34 +0500
Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 8th iteration of typo fixes
---
Hello,
I added weekly build for detection incompatibilities against
"no-deprecated" openssl.
(well, I first thought to add those option to travis, but it became
over-engineered from my point of view)
Lukas, if you have suggestions how to add to travis, I can try.
Cheers,
Ilya Shipitsin
From
чт, 16 апр. 2020 г. в 16:26, Willy Tarreau :
> On Thu, Apr 16, 2020 at 12:29:42PM +0200, Tim Düsterhus wrote:
> > > FWIW musl seems to work OK here when building for linux-glibc-legacy.
> >
> > Yes. HAProxy linked against Musl is smoke tested as part of the Docker
> > Official Images program,
yep, I thought about alpine as well.
I'm not sure how often official docker validation runs. If it runs often
enough, maybe we do not need CI.
чт, 16 апр. 2020 г. в 15:29, Tim Düsterhus :
> Willy,
>
> [removed Bindushree from Cc as we disgress from the main topic]
>
> Am 16.04.20 um 11:44
hmm.
seems, we need some musl or picolibc in CI.
beeing glibc dependent is dangerous
чт, 16 апр. 2020 г. в 13:29, Willy Tarreau :
> Hi Lukas,
>
> On Thu, Apr 16, 2020 at 09:44:39AM +0200, Lukas Tribus wrote:
> > Provide the output of "which haproxy" and "haproxy -vv", I doubt you
> > are
чт, 16 апр. 2020 г. в 12:48, Lukas Tribus :
> Hello,
>
> On Thu, 16 Apr 2020 at 06:04, wrote:
> >
> > Hi Team
> >
> > Let us know your availability to work on this.
>
> As Aleks already said:
>
> This haproxy executable has been build without OpenSSL support, which
> is required for your
ср, 15 апр. 2020 г. в 16:41, :
> Hi Team,
>
>
>
> We are in the process of using newer HAproxy version.
>
> Below is the scenario explained where we are stuck.
>
>
>
> · In RHEL 8.1 version, installed the latest version of the
> application.
>
>
вс, 12 апр. 2020 г. в 21:22, Willy Tarreau :
> Hello Hativ,
>
> On Sun, Apr 12, 2020 at 09:49:02AM +0200, Hativ wrote:
> > Hello Willy,
> > > Hativ, if I send you a patch to test next week, is it possible to
> > > give
> > > it a try on your side ? I'm interested in knowing if a clean "LOCAL"
> >
Hello,
7th iteration of typo fixes.
Cheers,
Ilya Shipitcin
From 51fa043677ee1783a2c3c92b37ff48ac7b21b647 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Wed, 8 Apr 2020 01:07:56 +0500
Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 7th iteration of typo fixes
Hello,
this is required to get freebsd builds green again.
Cheers,
Ilya Shipitcin
From 0a50786e6b255f990af5f2c8bcc37c0d463a23fd Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Wed, 8 Apr 2020 00:29:26 +0500
Subject: [PATCH] CI: cirrus-ci: rename openssl package after it is renamed in
Hello,
previous patch fixed builds for openssl-1.1.1f
however, links for download latest and previous releases are now different,
so I adopted script to handle older releases too.
Cheers,
Ilya Shipitcin
From c0023f9a7328980e7313c0f7ebfb6d355dab0ea9 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Hello,
that patch was not applied?
пт, 3 апр. 2020 г. в 17:18, Willy Tarreau :
> On Thu, Apr 02, 2020 at 11:46:58PM +0500, ??? wrote:
> > Hello,
> >
> > this PR cleans up SSL linking.
> > it is very well aligned to "how to link to custom openssl" documentation.
>
> It's indeed cleaner,
Hello,
small fix attached.
Ilya Shipitcin
From 2cf4b1a3baab84e420dcbbdf084c8138b2f8bd25 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sat, 4 Apr 2020 12:59:53 +0500
Subject: [PATCH] CLEANUP: src/log.c: fix comment
"fmt" is passed to parse_logformat_string, adjust comment
accordingly
---
пт, 3 апр. 2020 г. в 16:56, Илья Шипицин :
>
>
> пт, 3 апр. 2020 г. в 16:33, Martin Grigorov :
>
>> Hi everyone,
>>
>> On Mon, Mar 23, 2020 at 11:11 AM Martin Grigorov
>> wrote:
>>
>>> Hi Илья,
>>>
>>> On Mon, Mar 23, 2020 at 1
пт, 3 апр. 2020 г. в 16:33, Martin Grigorov :
> Hi everyone,
>
> On Mon, Mar 23, 2020 at 11:11 AM Martin Grigorov
> wrote:
>
>> Hi Илья,
>>
>> On Mon, Mar 23, 2020 at 10:52 AM Илья Шипицин
>> wrote:
>>
>>> well, I tried to repro abns fa
Hello,
patch is urgent.
openssl has changed download path, I guess it was done in purpose (to
signal people that they download outdated openssl)
so ... we need to upgrade to 1.1.1f
Cheers,
Ilya Shipitcin
From a21479ae91ad2c43dbe14d7d119eedc2363e0f49 Mon Sep 17 00:00:00 2001
From: Ilya
Hello,
this PR cleans up SSL linking.
it is very well aligned to "how to link to custom openssl" documentation.
Cheers,
Ilya Shipitcin
From 8fd3b9165558c4d0e3bc837df1ba8caca67ed059 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Thu, 2 Apr 2020 23:34:47 +0500
Subject: [PATCH] CI: use
Hello,
ongoing typo fixes.
Ilya Shipitcin
From f0ba77f8d64c301ac8877e3d2850a7966acea658 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Thu, 2 Apr 2020 15:25:26 +0500
Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments
This is sixth iteration of typo fixes
---
forgot to attach a ptach itself ))
чт, 2 апр. 2020 г. в 15:04, Илья Шипицин :
> Hello,
>
> this patch should resolve https://github.com/haproxy/haproxy/issues/553
>
> Cheers,
> Ilya Shipitcin
>
From 36dec6691e98dd92760c1434411aab207e43b93b Mon Sep 17 00:00:00 2001
From: Ilya
Hello,
this patch should resolve https://github.com/haproxy/haproxy/issues/553
Cheers,
Ilya Shipitcin
вс, 29 мар. 2020 г. в 23:41, William Lallemand :
> On Sun, Mar 29, 2020 at 09:18:54PM +0500, Илья Шипицин wrote:
> > Hello,
> >
>
> Hello Ilya,
>
> > while writing some doc "how to link custom openssl lib" (it is useful,
> for
> > example, for pfS
Hello,
while writing some doc "how to link custom openssl lib" (it is useful, for
example, for pfSense users),
I noticed that currently "-L$SSL_LIB" is specified both in .travis.yml and
Makefile.
no need to keep in .travis.yml, I'll send a patch.
On other hand, "-Wl,-rpath,$SSL_LIB" is only
чт, 26 мар. 2020 г. в 17:27, Emmanuel Hocdet :
>
> > Le 26 mars 2020 à 13:02, Илья Шипицин a écrit :
> >
> > RootCA is needed if you send cross certificate as well.
> >
> > It is very rare but legitimate case
>
> It’s only for self issued CA, it should be
RootCA is needed if you send cross certificate as well.
It is very rare but legitimate case
On Thu, Mar 26, 2020, 4:56 PM William Lallemand
wrote:
> On Wed, Mar 25, 2020 at 10:46:10AM +0100, Emmanuel Hocdet wrote:
> >
> > Hi,
> > Patch rebase from master.
> >
> > > Le 6 mars 2020 à 17:06,
btw, is there some tool to test at least RFC 7230 compliance ?
also, there are various specific implementation like MAPI / MS RPC which
might require some testing tool as well
inspired by h2spec actually. can/should we add some HTTP/1.1 tests as well ?
ср, 25 мар. 2020 г. в 11:02, Willy Tarreau
601 - 700 of 1113 matches
Mail list logo
