[PATCH 2/3] CI: add Illumos scheduled workflow
this is very initial implementation. I was not able to install gcc-11, thus I mimic it's define --- .github/workflows/illumos.yml | 24 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/illumos.yml diff --git a/.github/workflows/illumos.yml b/.github/workflows/illumos.yml new file mode 100644 index 0..8990feda2 --- /dev/null +++ b/.github/workflows/illumos.yml @@ -0,0 +1,24 @@ +name: Illumos + +on: + schedule: +- cron: "0 0 25 * *" + +jobs: + gcc: +runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} +permissions: + contents: read +steps: + - name: "Checkout repository" +uses: actions/checkout@v4 + + - name: "Build on VM" +uses: vmactions/solaris-vm@v1 +with: + prepare: | +pkg install gcc make + run: | +gmake DEFINE="-D__illumos__" CC=gcc TARGET=solaris USE_OPENSSL=1 USE_PROMEX=1 + -- 2.45.0
[PATCH 3/3] CI: netbsd: limit scheduled workflow to parent repo only
it is not very useful for most of forks. --- .github/workflows/netbsd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/netbsd.yml b/.github/workflows/netbsd.yml index ea0345954..6514725e1 100644 --- a/.github/workflows/netbsd.yml +++ b/.github/workflows/netbsd.yml @@ -7,6 +7,7 @@ on: jobs: gcc: runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} permissions: contents: read steps: -- 2.45.0
[PATCH 0/3] initial Illumos CI, netbsd CI cleanup
very initial Illumos CI Ilya Shipitsin (3): BUILD: illumos: pthread_getcpuclockid is not available CI: add Illumos scheduled workflow CI: netbsd: limit scheduled workflow to parent repo only .github/workflows/illumos.yml | 24 .github/workflows/netbsd.yml | 1 + src/clock.c | 2 +- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/illumos.yml -- 2.45.0
[PATCH 1/3] BUILD: illumos: pthread_getcpuclockid is not available
this function is considered optional for POSIX and not implemented on Illumos Reference: https://www.gnu.org/software/gnulib/manual/html_node/pthread_005fgetcpuclockid.html According to https://github.com/cpredef/predef/blob/master/OperatingSystems.md Illumos is identified by __illumos__ macro available since gcc-11 --- src/clock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/clock.c b/src/clock.c index ec2133c8b..f484c2d9c 100644 --- a/src/clock.c +++ b/src/clock.c @@ -135,7 +135,7 @@ uint64_t now_cpu_time_thread(int thr) /* set the clock source for the local thread */ void clock_set_local_source(void) { -#if defined(_POSIX_TIMERS) && (_POSIX_TIMERS > 0) && defined(_POSIX_THREAD_CPUTIME) +#if defined(_POSIX_TIMERS) && (_POSIX_TIMERS > 0) && defined(_POSIX_THREAD_CPUTIME) && !defined(__illumos__) #ifdef USE_THREAD pthread_getcpuclockid(pthread_self(), _thread_clock_id[tid]); #else -- 2.45.0
[PATCH 0/1] CI: switch to more recent macos version(s)
let's modernize macos CI build matrix since macos-14 is available Ilya Shipitsin (1): CI: modernize macos matrix .github/matrix.py | 4 ++-- scripts/build-vtest.sh | 9 - 2 files changed, 10 insertions(+), 3 deletions(-) -- 2.44.0
[PATCH 1/1] CI: modernize macos matrix
let's stick to macos-13 for stable branches and macos-14 for development branches. since macos-14 is available for Apple Silicon, some modifications are required for VTest (should be ported to VTest later) news: https://github.blog/changelog/2024-01-30-github-actions-macos-14-sonoma-is-now-available/ --- .github/matrix.py | 4 ++-- scripts/build-vtest.sh | 9 - 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/matrix.py b/.github/matrix.py index 571eddf08..9300d325b 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -231,9 +231,9 @@ def main(ref_name): # macOS if "haproxy-" in ref_name: -os = "macos-12" # stable branch +os = "macos-13" # stable branch else: -os = "macos-latest" # development branch +os = "macos-14" # development branch TARGET = "osx" for CC in ["clang"]: diff --git a/scripts/build-vtest.sh b/scripts/build-vtest.sh index 4db35d6ee..f53d2e467 100755 --- a/scripts/build-vtest.sh +++ b/scripts/build-vtest.sh @@ -6,5 +6,12 @@ curl -fsSL https://github.com/vtest/VTest/archive/master.tar.gz -o VTest.tar.gz mkdir ../vtest tar xvf VTest.tar.gz -C ../vtest --strip-components=1 # Special flags due to: https://github.com/vtest/VTest/issues/12 -make -C ../vtest FLAGS="-O2 -s -Wall" +# +# temporarily detect Apple Silicon (it's using /opt/homebrew instead of /usr/local) +# +if test -f /opt/homebrew/include/pcre2.h; then + make -C ../vtest FLAGS="-O2 -s -Wall" INCS="-Isrc -Ilib -I/usr/local/include -I/opt/homebrew/include -pthread" +else + make -C ../vtest FLAGS="-O2 -s -Wall" +fi -- 2.44.0
[PATCH 2/2] CLEANUP: assorted typo fixes in the code and comments
This is 41st iteration of typo fixes --- doc/configuration.txt | 4 ++-- include/haproxy/cli-t.h| 2 +- include/haproxy/session.h | 2 +- include/haproxy/vecpair.h | 2 +- reg-tests/ssl/ocsp_auto_update.vtc | 2 +- src/haproxy.c | 2 +- src/linuxcap.c | 2 +- src/log.c | 2 +- src/ring.c | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 51aefb1fa..bc7f5c1c4 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -6733,7 +6733,7 @@ fullconn guid Specify a case-sensitive global unique ID for this proxy. This must be unique - accross all haproxy configuration on every object types. Format is left + across all haproxy configuration on every object types. Format is left unspecified to allow the user to select its naming policy. The only restriction is its length which cannot be greater than 127 characters. All alphanumerical values and '.', ':', '-' and '_' characters are valid. @@ -16994,7 +16994,7 @@ force-tlsv13 guid Specify a case-sensitive global unique ID for this server. This must be - unique accross all haproxy configuration on every object types. See "guid" + unique across all haproxy configuration on every object types. See "guid" proxy keyword description for more information on its format. id diff --git a/include/haproxy/cli-t.h b/include/haproxy/cli-t.h index 6e0abae57..8555ea8c7 100644 --- a/include/haproxy/cli-t.h +++ b/include/haproxy/cli-t.h @@ -56,7 +56,7 @@ enum { CLI_ST_INIT = 0, /* initial state, must leave to zero ! */ CLI_ST_END,/* final state, let's close */ CLI_ST_GETREQ, /* wait for a request */ - CLI_ST_PARSEREQ, /* pase a request */ + CLI_ST_PARSEREQ, /* parse a request */ CLI_ST_OUTPUT, /* all states after this one are responses */ CLI_ST_PROMPT, /* display the prompt (first output, same code) */ CLI_ST_PRINT, /* display const message in cli->msg */ diff --git a/include/haproxy/session.h b/include/haproxy/session.h index b70a5a89c..a9cea62ed 100644 --- a/include/haproxy/session.h +++ b/include/haproxy/session.h @@ -209,7 +209,7 @@ static inline int session_add_conn(struct session *sess, struct connection *conn } LIST_APPEND(>conn_list, >sess_el); - /* Ensure owner is set for connection. It could have been resetted + /* Ensure owner is set for connection. It could have been reset * prior on after a session_add_conn() failure. */ conn->owner = sess; diff --git a/include/haproxy/vecpair.h b/include/haproxy/vecpair.h index f5337af6a..e49570636 100644 --- a/include/haproxy/vecpair.h +++ b/include/haproxy/vecpair.h @@ -436,7 +436,7 @@ static inline size_t vp_get_varint_ofs(struct ist *v1, struct ist *v2, size_t of vp_skip(v1, v2, ofs); - /* let's see where we start from. The wraping area only concerns the + /* let's see where we start from. The wrapping area only concerns the * end of the first area, even if it's empty it does not overlap with * the second one so we don't care about v1 being set or not. */ diff --git a/reg-tests/ssl/ocsp_auto_update.vtc b/reg-tests/ssl/ocsp_auto_update.vtc index e3a7ae6ae..8bb138bc6 100644 --- a/reg-tests/ssl/ocsp_auto_update.vtc +++ b/reg-tests/ssl/ocsp_auto_update.vtc @@ -645,7 +645,7 @@ process p7 -wait ## ## -# EIGTH TEST CASE# +# EIGHTH TEST CASE # ## ## diff --git a/src/haproxy.c b/src/haproxy.c index 208c9bccb..be8b587cc 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -3490,7 +3490,7 @@ int main(int argc, char **argv) #if defined(USE_LINUX_CAP) /* If CAP_NET_BIND_SERVICE is in binary file permitted set and process * is started and run under the same non-root user, this allows -* binding to priviledged ports. +* binding to privileged ports. */ prepare_caps_from_permitted_set(geteuid(), global.uid, argv[0]); #endif diff --git a/src/linuxcap.c b/src/linuxcap.c index 7058370de..b330296a8 100644 --- a/src/linuxcap.c +++ b/src/linuxcap.c @@ -71,7 +71,7 @@ static uint32_t caplist; * will be unset by the same reason. * We do this only if the current euid is non-root and there is no global.uid. * Otherwise the process will continue either to run under root, or it will do - * a transition to unpriviledged user later in prepare_caps_for_setuid(), + * a transition to unprivileged user later in prepare_caps_for_setuid(), * which specially manages its capabilities in that case. * Always returns 0. Diagnostic warnings will be emitted only, if * LSTCHK_NETADM is presented in LSTCHK_NETADM and some failures are diff --git a/src/log.c b/src/log.c index
[PATCH 1/2] CI: reduce ASAN log redirection umbrella size
previously ASAN_OPTIONS=log_path=asan.log was intended for VTest execution only, it should not affect "haproxy -vv" and hsproxy config smoke testing --- .github/workflows/vtest.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml index 9d0bf48b0..5ee8a7a64 100644 --- a/.github/workflows/vtest.yml +++ b/.github/workflows/vtest.yml @@ -42,8 +42,6 @@ jobs: # Configure a short TMPDIR to prevent failures due to long unix socket # paths. TMPDIR: /tmp - # Force ASAN output into asan.log to make the output more readable. - ASAN_OPTIONS: log_path=asan.log OT_CPP_VERSION: 1.6.0 steps: - uses: actions/checkout@v4 @@ -143,6 +141,9 @@ jobs: run: echo "::add-matcher::.github/vtest.json" - name: Run VTest for HAProxy ${{ steps.show-version.outputs.version }} id: vtest + env: +# Force ASAN output into asan.log to make the output more readable. +ASAN_OPTIONS: log_path=asan.log run: | # This is required for macOS which does not actually allow to increase # the '-n' soft limit to the hard limit, thus failing to run. -- 2.44.0
[PATCH 0/2] CI cleanup, spell fixes
the main part is reducing ASAN_OPTIONS scope, it was supposed only to capture output of vtests, accidently it covered "config smoke tests" as well Ilya Shipitsin (2): CI: reduce ASAN log redirection umbrella size CLEANUP: assorted typo fixes in the code and comments .github/workflows/vtest.yml| 5 +++-- doc/configuration.txt | 4 ++-- include/haproxy/cli-t.h| 2 +- include/haproxy/session.h | 2 +- include/haproxy/vecpair.h | 2 +- reg-tests/ssl/ocsp_auto_update.vtc | 2 +- src/haproxy.c | 2 +- src/linuxcap.c | 2 +- src/log.c | 2 +- src/ring.c | 2 +- 10 files changed, 13 insertions(+), 12 deletions(-) -- 2.44.0
[PATCH 1/1] CI: revert kernel entropy introduced in 3a0fc8641b1549b00cd3125107545b6879677801
--- .github/workflows/vtest.yml | 11 --- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml index a704c92dc..a426b608d 100644 --- a/.github/workflows/vtest.yml +++ b/.github/workflows/vtest.yml @@ -64,17 +64,6 @@ jobs: run: | echo "key=$(echo ${{ matrix.name }} | sha256sum | awk '{print $1}')" >> $GITHUB_OUTPUT - -# -# temporary hack -# should be revisited after https://github.com/actions/runner-images/issues/9491 is resolved -# - -- name: Setup enthropy - if: ${{ startsWith(matrix.os, 'ubuntu-') }} - run: | -sudo sysctl vm.mmap_rnd_bits=28 - - name: Cache SSL libs if: ${{ matrix.ssl && matrix.ssl != 'stock' && matrix.ssl != 'BORINGSSL=yes' && matrix.ssl != 'QUICTLS=yes' }} id: cache_ssl -- 2.44.0
[PATCH 0/1] CI: revert entropy hack
hack introduced in 3a0fc8641b1549b00cd3125107545b6879677801 might be reverted Ilya Shipitsin (1): CI: revert kernel entropy introduced in 3a0fc8641b1549b00cd3125107545b6879677801 .github/workflows/vtest.yml | 11 --- 1 file changed, 11 deletions(-) -- 2.44.0
[PATCH 1/1] CI: extend Fedora Rawhide, add m32 mode
hopefully it will allow to catch regressions like this https://github.com/haproxy/haproxy/commit/e41638a --- .github/workflows/fedora-rawhide.yml | 18 -- 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/fedora-rawhide.yml b/.github/workflows/fedora-rawhide.yml index 1bb274557..90f270e5c 100644 --- a/.github/workflows/fedora-rawhide.yml +++ b/.github/workflows/fedora-rawhide.yml @@ -11,8 +11,13 @@ jobs: build_and_test: strategy: matrix: -cc: [ gcc, clang ] -name: ${{ matrix.cc }} +platform: [ + { name: x64, cc: gcc, QUICTLS_EXTRA_ARGS: "", ADDLIB_ATOMIC: "", DEBUG_CFLAGS: "", LDFLAGS: "" }, + { name: x64, cc: clang, QUICTLS_EXTRA_ARGS: "", ADDLIB_ATOMIC: "", DEBUG_CFLAGS: "", LDFLAGS: "" }, + { name: x86, cc: gcc, QUICTLS_EXTRA_ARGS: "-m32 linux-generic32", ADDLIB_ATOMIC: "-latomic", DEBUG_CFLAGS: "-m32", LDFLAGS: "-m32" }, + { name: x86, cc: clang, QUICTLS_EXTRA_ARGS: "-m32 linux-generic32", ADDLIB_ATOMIC: "-latomic", DEBUG_CFLAGS: "-m32", LDFLAGS: "-m32" } +] +name: ${{ matrix.platform.cc }}.${{ matrix.platform.name }} runs-on: ubuntu-latest if: ${{ github.repository_owner == 'haproxy' }} container: @@ -21,20 +26,21 @@ jobs: - uses: actions/checkout@v4 - name: Install dependencies run: | -dnf -y install git pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang +dnf -y install diffutils git pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang +dnf -y install 'perl(FindBin)' 'perl(File::Compare)' perl-IPC-Cmd 'perl(File::Copy)' glibc-devel.i686 lua-devel.i686 lua-devel.x86_64 systemd-devel.i686 zlib-ng-compat-devel.i686 pcre-devel.i686 libatomic.i686 - name: Install VTest run: scripts/build-vtest.sh - name: Install QuicTLS - run: QUICTLS=yes scripts/build-ssl.sh + run: QUICTLS=yes QUICTLS_EXTRA_ARGS="${{ matrix.platform.QUICTLS_EXTRA_ARGS }}" scripts/build-ssl.sh - name: Build contrib tools run: | make admin/halog/halog make dev/flags/flags make dev/poll/poll make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht -- name: Compile HAProxy with ${{ matrix.cc }} +- name: Compile HAProxy with ${{ matrix.platform.cc }} run: | -make -j3 CC=${{ matrix.cc }} V=1 ERR=1 TARGET=linux-glibc USE_OPENSSL=1 USE_QUIC=1 USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_SYSTEMD=1 ADDLIB="-Wl,-rpath,${HOME}/opt/lib" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include +make -j3 CC=${{ matrix.platform.cc }} V=1 ERR=1 TARGET=linux-glibc USE_OPENSSL=1 USE_QUIC=1 USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_SYSTEMD=1 ADDLIB="${{ matrix.platform.ADDLIB_ATOMIC }} -Wl,-rpath,${HOME}/opt/lib" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG_CFLAGS="${{ matrix.platform.DEBUG_CFLAGS }}" LDFLAGS="${{ matrix.platform.LDFLAGS }}" make install - name: Show HAProxy version id: show-version -- 2.44.0
[PATCH 0/1] CI: extend Fedora Rawhide to run x86 bit as well
it seems to be the easiest to build "m32" on Fedora comparing to Ubuntu, let's stick on that for a while Ilya Shipitsin (1): CI: extend Fedora Rawhide, add m32 mode .github/workflows/fedora-rawhide.yml | 18 -- 1 file changed, 12 insertions(+), 6 deletions(-) -- 2.44.0
[PATCH 0/1] CI improvement, display coredumps if any
it is pretty rare case, however displaying "bt" may provide some ideas what went wrong Ilya Shipitsin (1): CI: vtest: show coredumps if any .github/workflows/vtest.yml | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) -- 2.44.0
[PATCH 1/1] CI: vtest: show coredumps if any
if any coredump is found, it is passed to gdb with 'thread apply all bt full' --- .github/workflows/vtest.yml | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml index 8c461385f..a704c92dc 100644 --- a/.github/workflows/vtest.yml +++ b/.github/workflows/vtest.yml @@ -49,6 +49,13 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 100 + +- name: Setup coredumps + if: ${{ startsWith(matrix.os, 'ubuntu-') }} + run: | +sudo sysctl -w fs.suid_dumpable=1 +sudo sysctl kernel.core_pattern=/tmp/core.%h.%e.%t + # # Github Action cache key cannot contain comma, so we calculate it based on job name # @@ -92,7 +99,8 @@ jobs: libpcre2-dev \ libsystemd-dev \ ninja-build \ - socat + socat \ + gdb - name: Install brew dependencies if: ${{ startsWith(matrix.os, 'macos-') }} run: | @@ -150,6 +158,7 @@ jobs: # This is required for macOS which does not actually allow to increase # the '-n' soft limit to the hard limit, thus failing to run. ulimit -n 65536 +ulimit -c unlimited make reg-tests HAPROXY_ARGS="-dI" VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel - name: Config syntax check memleak smoke testing if: ${{ contains(matrix.name, 'ASAN') }} @@ -175,3 +184,18 @@ jobs: echo "::endgroup::" done exit 1 + +- name: Show coredumps + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | +failed=false +shopt -s nullglob +for file in /tmp/core.*; do + failed=true + printf "::group::" + gdb -ex 'thread apply all bt full' ./haproxy $file + echo "::endgroup::" +done +if [ "$failed" = true ]; then + exit 1; +fi -- 2.44.0
[PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 39th iteration of typo fixes --- addons/promex/README | 4 ++-- addons/promex/include/promex/promex.h | 4 ++-- doc/DeviceAtlas-device-detection.txt | 2 +- doc/configuration.txt | 2 +- reg-tests/ssl/ocsp_auto_update.vtc| 10 +- src/mux_quic.c| 4 ++-- src/quic_cc_cubic.c | 2 +- src/resolvers.c | 2 +- src/stick_table.c | 2 +- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/addons/promex/README b/addons/promex/README index 7f638a5db..8c2266f69 100644 --- a/addons/promex/README +++ b/addons/promex/README @@ -81,9 +81,9 @@ It is possible to filter metrics dumped by the exporter. To to so, multiple "metrics" parameters may be passed to specify all metrics to include or exclude, as a comma-separated list of filter. By default, there is no filter and all metrics are dumped. By specifying at least one metric to be included in the -dump, this disables the default behavior and only explicitly mentionned metrics +dump, this disables the default behavior and only explicitly mentioned metrics are dumped. To include a metric, its name must be specified. To exclude it, its -name must be preceeded by a minus character ('-'). Here are examples: +name must be preceded by a minus character ('-'). Here are examples: # Dumped all metrics, except "haproxy_server_check_status" /metrics?metrics=-haproxy_server_check_status diff --git a/addons/promex/include/promex/promex.h b/addons/promex/include/promex/promex.h index c4712bc21..74ea2f120 100644 --- a/addons/promex/include/promex/promex.h +++ b/addons/promex/include/promex/promex.h @@ -84,13 +84,13 @@ struct promex_label { * is responsible to deinit the dump context. * * * metric_info(): This one is mandatory. It returns the info about the - * metric: name, type and flags and descrition. + * metric: name, type and flags and description. * * * start_ts(): This one is mandatory, it initializes the context for a time * series for a given metric. This context is the second * restart point. * - ** next_ts(): This one is mandatory. It interates on time series for a + ** next_ts(): This one is mandatory. It iterates on time series for a * given metrics. It is also responsible to handle end of a * time series and deinit the context. * diff --git a/doc/DeviceAtlas-device-detection.txt b/doc/DeviceAtlas-device-detection.txt index 2f7ed9f71..9df978377 100644 --- a/doc/DeviceAtlas-device-detection.txt +++ b/doc/DeviceAtlas-device-detection.txt @@ -16,7 +16,7 @@ directory. Also, in the case the api cache support is not needed and/or a C++ to However, if the API had been installed beforehand, DEVICEATLAS_SRC can be omitted. Note that the DeviceAtlas C API version supported is from the 3.x -releases serie (3.2.1 minimum recommended). +releases series (3.2.1 minimum recommended). For HAProxy developers who need to verify that their changes didn't accidentally break the DeviceAtlas code, it is possible to build a dummy library provided in diff --git a/doc/configuration.txt b/doc/configuration.txt index 1b35e0141..281ff4176 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15317,7 +15317,7 @@ wait-for-body time [ at-least ] case HAProxy will respond with a 408 "Request Timeout" error to the client and stop processing the request. Note that if any of the other conditions happens first, this timeout will not occur even if the full body has -not yet been recieved. +not yet been received. This action may be used as a replacement for "option http-buffer-request". diff --git a/reg-tests/ssl/ocsp_auto_update.vtc b/reg-tests/ssl/ocsp_auto_update.vtc index 2ab4a4a08..46d11ea09 100644 --- a/reg-tests/ssl/ocsp_auto_update.vtc +++ b/reg-tests/ssl/ocsp_auto_update.vtc @@ -621,11 +621,11 @@ shell { haproxy h7 -wait - -# # -# EIGTH TEST CASE # -# # - +# +# # +# EIGHTH TEST CASE # +# # +# # # Check that a certificate created through the CLI and which does not have ocsp diff --git a/src/mux_quic.c b/src/mux_quic.c index af678b72a..4afebbd8c 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -1103,7 +1103,7 @@ void qcc_reset_stream(struct qcs *qcs, int err) /* Soft offset cannot be inferior to real one. */ BUG_ON(qcc->tx.fc.off_soft - diff < qcc->tx.fc.off_real); - /* Substract to conn flow control data amount prepared on stream not yet sent. */ + /* Subtract to conn flow control data amount prepared on stream not yet sent. */ qcc->tx.fc.off_soft -= diff;
[PATCH 0/1] CI: skip scheduled tasks in forks
some fine tuning on scheduled workflows Ilya Shipitsin (1): CI: skip scheduled builds on forks .github/workflows/cross-zoo.yml | 1 + .github/workflows/fedora-rawhide.yml | 1 + 2 files changed, 2 insertions(+) -- 2.43.2
[PATCH 1/1] CI: skip scheduled builds on forks
tracking bleeding edge changes with some rare platforms or modern compilers on scheduled basis is not what usually forks do. let's skip by default in forks, if some fork is interested, it might be enabled locally --- .github/workflows/cross-zoo.yml | 1 + .github/workflows/fedora-rawhide.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/cross-zoo.yml b/.github/workflows/cross-zoo.yml index d9864e298..5abd9cbcd 100644 --- a/.github/workflows/cross-zoo.yml +++ b/.github/workflows/cross-zoo.yml @@ -90,6 +90,7 @@ jobs: } ] runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} steps: - name: install packages run: | diff --git a/.github/workflows/fedora-rawhide.yml b/.github/workflows/fedora-rawhide.yml index 8f2578154..1bb274557 100644 --- a/.github/workflows/fedora-rawhide.yml +++ b/.github/workflows/fedora-rawhide.yml @@ -14,6 +14,7 @@ jobs: cc: [ gcc, clang ] name: ${{ matrix.cc }} runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} container: image: fedora:rawhide steps: -- 2.43.2
[PATCH 1/1] CI: enable monthly build only test on netbsd-9.3
it is interesting to try https://github.com/vmactions/netbsd-vm actions --- .github/workflows/netbsd.yml | 22 ++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/netbsd.yml diff --git a/.github/workflows/netbsd.yml b/.github/workflows/netbsd.yml new file mode 100644 index 0..e34fe7621 --- /dev/null +++ b/.github/workflows/netbsd.yml @@ -0,0 +1,22 @@ +name: NetBSD + +on: + schedule: +- cron: "0 0 25 * *" + +jobs: + gcc: +runs-on: ubuntu-latest +permissions: + contents: read +steps: + - name: "Checkout repository" +uses: actions/checkout@v4 + + - name: "Build on VM" +uses: vmactions/netbsd-vm@v1 +with: + prepare: | +/usr/sbin/pkg_add gmake pcre2 + run: | +gmake CC=gcc TARGET=netbsd USE_OPENSSL=1 USE_LUA=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PROMEX=1 USE_ZLIB=1 -- 2.43.2
[PATCH 0/1] CI: enable monthly netbsd builds
let's try https://github.com/vmactions/netbsd-vm Ilya Shipitsin (1): CI: enable monthly build only test on netbsd-9.3 .github/workflows/netbsd.yml | 22 ++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/netbsd.yml -- 2.43.2
[PATCH 1/1] CI: run more smoke tests on config syntax to check memory related issues
config syntax check seems add a value on testing code path not covered by VTest, also checks are very fast --- .github/workflows/vtest.yml | 4 1 file changed, 4 insertions(+) diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml index 7b5254b04..d65741a27 100644 --- a/.github/workflows/vtest.yml +++ b/.github/workflows/vtest.yml @@ -144,6 +144,10 @@ jobs: if: ${{ contains(matrix.name, 'ASAN') }} run: | ./haproxy -f .github/h2spec.config -c +./haproxy -f examples/content-sw-sample.cfg -c +./haproxy -f examples/option-http_proxy.cfg -c +./haproxy -f examples/quick-test.cfg -c +./haproxy -f examples/transparent_proxy.cfg -c - name: Show VTest results if: ${{ failure() && steps.vtest.outcome == 'failure' }} run: | -- 2.43.2
[PATCH 0/1] CI: additional ASAN smoke tests
Ilya Shipitsin (1): CI: run more smoke tests on config syntax to check memory related issues .github/workflows/vtest.yml | 4 1 file changed, 4 insertions(+) -- 2.43.2
[PATCH 0/2] CI cleanup and improvement
remove redundant function, improve openssl download helper Ilya Shipitsin (2): CI: cleanup: abandon asan matrix.py helper BUILD: SSL: add yet another OpenSSL download fallback .github/matrix.py| 15 +-- scripts/build-ssl.sh | 4 +++- 2 files changed, 8 insertions(+), 11 deletions(-) -- 2.43.0
[PATCH 2/2] BUILD: SSL: add yet another OpenSSL download fallback
--- scripts/build-ssl.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh index 1c17775c3..608d6beb1 100755 --- a/scripts/build-ssl.sh +++ b/scripts/build-ssl.sh @@ -13,7 +13,9 @@ download_openssl () { wget -P download-cache/ \ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz; || \ wget -P download-cache/ \ - "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz; + "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz; || \ + wget -P download-cache/ \ + "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz; fi } -- 2.43.0
[PATCH 1/2] CI: cleanup: abandon asan matrix.py helper
that helper was useful in days when we beleived that gcc and clang require different flags. those days are gone. --- .github/matrix.py | 15 +-- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/.github/matrix.py b/.github/matrix.py index dde5b4414..1ad9534bd 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -86,14 +86,6 @@ def clean_compression(compression): return compression.replace("USE_", "").lower() -def get_asan_flags(cc): -return [ -"USE_OBSOLETE_LINKER=1", -'DEBUG_CFLAGS="-g -fsanitize=address"', -'LDFLAGS="-fsanitize=address"', -'CPU_CFLAGS.generic="-O1"', -] - def main(ref_name): print("Generating matrix for branch '{}'.".format(ref_name)) @@ -155,8 +147,11 @@ def main(ref_name): "os": os, "TARGET": TARGET, "CC": CC, -"FLAGS": get_asan_flags(CC) -+ [ +"FLAGS": [ +"USE_OBSOLETE_LINKER=1", +'DEBUG_CFLAGS="-g -fsanitize=address"', +'LDFLAGS="-fsanitize=address"', +'CPU_CFLAGS.generic="-O1"', "USE_ZLIB=1", "USE_OT=1", "OT_INC=${HOME}/opt-ot/include", -- 2.43.0
[PATCH 2/3] CI: extend spell check white list
siz - seen in src/debug.c EXPERIM - seen in src/cli.c --- .github/workflows/codespell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index de99e4c4d..385b698a5 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -17,5 +17,5 @@ jobs: - uses: codespell-project/actions-codespell@master with: skip: CHANGELOG,Makefile,*.fig,*.pem,./doc/design-thoughts,./doc/internals -ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor,clen,collet,bu,htmp +ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor,clen,collet,bu,htmp,siz,experim uri_ignore_words_list: trafic,ressources -- 2.43.0
[PATCH 3/3] CI: enable spell chek on git push
--- .github/workflows/codespell.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 385b698a5..f54fe6d8b 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -1,8 +1,7 @@ name: Spelling Check on: - schedule: -- cron: "0 0 * * 2" + push: permissions: contents: read -- 2.43.0
[PATCH 1/3] CLEANUP: fix spelling of "elemt"
--- include/haproxy/quic_sock-t.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/haproxy/quic_sock-t.h b/include/haproxy/quic_sock-t.h index 67a574929..0b9c18c12 100644 --- a/include/haproxy/quic_sock-t.h +++ b/include/haproxy/quic_sock-t.h @@ -36,8 +36,8 @@ struct quic_dgram { struct sockaddr_storage daddr; struct quic_conn *qc; - struct list recv_list; /* elemt to quic_receiver_buf . */ - struct mt_list handler_list; /* elem to quic_dghdlr . */ + struct list recv_list; /* element pointing to quic_receiver_buf . */ + struct mt_list handler_list; /* element pointing to quic_dghdlr . */ }; /* QUIC datagram handler */ -- 2.43.0
[PATCH 0/3] fix speling remnants, enable spel chek on push
it is very fast check, should not affect developer velocity much Ilya Shipitsin (3): CLEANUP: fix spelling of "elemt" CI: extend spell check white list CI: enable spell chek on git push .github/workflows/codespell.yml | 5 ++--- include/haproxy/quic_sock-t.h | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) -- 2.43.0
[PATCH 3/3] CLEANUP: fix spelling of "occured" in src/h3.c
--- src/h3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/h3.c b/src/h3.c index ff91443ca..40e3a8996 100644 --- a/src/h3.c +++ b/src/h3.c @@ -1977,7 +1977,7 @@ static size_t h3_snd_buf(struct qcs *qcs, struct buffer *buf, size_t count) break; } - /* If an error occured, connection error must be set to break from the current loop. */ + /* If an error occurred, connection error must be set to break from the current loop. */ BUG_ON(ret < 0 && !h3c->err); } -- 2.43.0
[PATCH 0/3] spell check improvements
few words are added to whitelists, few typos fixed Ilya Shipitsin (3): CI: codespell: ignore some words in URLs CI: codespell: add more words to whitelist CLEANUP: fix spelling of "occured" in src/h3.c .github/workflows/codespell.yml | 3 ++- src/h3.c| 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) -- 2.43.0
[PATCH 1/3] CI: codespell: ignore some words in URLs
"trafic,ressources" are found in URIs, due to https://github.com/codespell-project/actions-codespell/issues/55 we cannot use wildcard for exclusion, let start with fixed list --- .github/workflows/codespell.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 3d66f2980..71d7626e3 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -18,3 +18,4 @@ jobs: with: skip: CHANGELOG,Makefile,*.fig,*.pem,./doc/design-thoughts,./doc/internals ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor,clen +uri_ignore_words_list: trafic,ressources -- 2.43.0
[PATCH 2/3] CI: codespell: add more words to whitelist
"Collet" is "Yann Collet" - a developer of xxhash "bu" is variable name in src/sock_unix.c "htmp" is variable name in src/quic_retransmit.c --- .github/workflows/codespell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 71d7626e3..de99e4c4d 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -17,5 +17,5 @@ jobs: - uses: codespell-project/actions-codespell@master with: skip: CHANGELOG,Makefile,*.fig,*.pem,./doc/design-thoughts,./doc/internals -ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor,clen +ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor,clen,collet,bu,htmp uri_ignore_words_list: trafic,ressources -- 2.43.0
[PATCH 1/1] CI: use semantic version compare for determing "latest" OpenSSL
currently "openssl-3.2.0-beta1" wins over "openssl-3.2.0" due to string comparision. let's switch to semantic version compare --- .github/matrix.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/matrix.py b/.github/matrix.py index d5ad6931a..5e01c28bb 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -14,6 +14,7 @@ import re import sys import urllib.request from os import environ +from packaging import version # # this CI is used for both development and stable branches of HAProxy @@ -47,7 +48,7 @@ def determine_latest_openssl(ssl): latest_tag = "" for tag in tags: if "openssl-" in tag: -if tag > latest_tag: +if (not latest_tag) or (version.parse(tag[8:]) > version.parse(latest_tag[8:])): latest_tag = tag return "OPENSSL_VERSION={}".format(latest_tag[8:]) -- 2.43.0
[PATCH 0/1] CI: switch to semantic version compare for openssl=latest
there's minor issue, with current string comparision openssl-3.2.0beta1 wins over openssl-3.2.0, let's switch to semantic comparision Ilya Shipitsin (1): CI: use semantic version compare for determing "latest" OpenSSL .github/matrix.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.43.0
[PATCH 1/1] CLEANUP: assorted typo fixes in the code and comments
This is 38th iteration of typo fixes --- addons/promex/service-prometheus.c | 2 +- dev/patchbot/README| 2 +- doc/configuration.txt | 24 include/haproxy/connection-t.h | 2 +- include/haproxy/quic_tx.h | 2 +- include/haproxy/server-t.h | 2 +- src/h3.c | 2 +- src/mux_quic.c | 2 +- src/proto_rhttp.c | 6 +++--- src/server.c | 6 +++--- 10 files changed, 25 insertions(+), 25 deletions(-) diff --git a/addons/promex/service-prometheus.c b/addons/promex/service-prometheus.c index 01408d298..228e0db69 100644 --- a/addons/promex/service-prometheus.c +++ b/addons/promex/service-prometheus.c @@ -310,7 +310,7 @@ const struct promex_metric promex_st_metrics[ST_F_TOTAL_FIELDS] = { const struct ist promex_st_front_metrics_names[ST_F_TOTAL_FIELDS] = { }; -/* Specialized bakcend metric names, to override default ones */ +/* Specialized backend metric names, to override default ones */ const struct ist promex_st_back_metrics_names[ST_F_TOTAL_FIELDS] = { }; diff --git a/dev/patchbot/README b/dev/patchbot/README index 169305608..a645cc304 100644 --- a/dev/patchbot/README +++ b/dev/patchbot/README @@ -256,7 +256,7 @@ proposed deployment layout is the following: channel systems. From this point, executing this update script manually should work and produce -the result. Count arount 0.5-2 mn per patch on a 8-core machine, so it can be +the result. Count around 0.5-2 mn per patch on a 8-core machine, so it can be reasonably fast during the early development stages (before -dev1) but unbearably long later, where it can make more sense to run it at night. It should not report any error and should only report the total execution time. diff --git a/doc/configuration.txt b/doc/configuration.txt index 97602c88e..f734f03c3 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -240,7 +240,7 @@ sometimes more) streams in parallel over a same connection, and let the server sort them out and respond in any order depending on what response is available. The main benefit of the multiplexed mode is that it significantly reduces the number of round trips, and speeds up page loading time over high latency -networks. It is sometimes visibles on sites using many images, where all images +networks. It is sometimes visible on sites using many images, where all images appear to load in parallel. These protocols have also improved their efficiency by adopting some mechanisms @@ -282,7 +282,7 @@ HAProxy essentially supports 3 connection modes : In addition to this, by default, the server-facing connection is reusable by any request from any client, as mandated by the HTTP protocol specification, so any information pertaining to a specific client has to be passed along with -each request if needed (e.g. client's source adress etc). When HTTP/2 is used +each request if needed (e.g. client's source address etc). When HTTP/2 is used with a server, by default HAProxy will dedicate this connection to the same client to avoid the risk of head of line blocking between clients. @@ -1153,17 +1153,17 @@ Both time and size formats require integers, decimal notation is not allowed. It is possible to use a list of pattern for maps or ACLs. A list of pattern is identified by its name and may be used at different places in the -configuration. List of pattern are splitted on three categories depending on +configuration. List of pattern are split on three categories depending on the name format: * Lists of pattern based on regular files: It is the default case. The filename, absolute or relative, is used as name. The file must exist otherwise an error is triggered. But it may be empty. The "file@" prefix -may also be specificed but it is not part of the name identifying the +may also be specified but it is not part of the name identifying the list. A filename, with or without the prefix, references the same list of pattern. - * Lists of pattern based on optional files: The filename must be preceeds by + * Lists of pattern based on optional files: The filename must be preceded by "opt@" prefix. The file existence is optional. If the file exists, its content is loaded but no error is reported if not. The prefix is not part of the name identifying the list. It means, for a given filename, Optional @@ -1174,8 +1174,8 @@ the name format: the name. Thus it cannot be mixed with other kind of lists. Virtual files are useful when patterns are fully dynamically managed with no -patterns on startup and on reload. Optional files may be used in the same -conditons. But patterns can be dumped in the file, via an external script based +patterns on startup and on reload. Optional files may be used under the same +conditions. But patterns can be dumped in the file, via an external script based on
[PATCH 0/1] more spell fixes
more spell fixes Ilya Shipitsin (1): CLEANUP: assorted typo fixes in the code and comments addons/promex/service-prometheus.c | 2 +- dev/patchbot/README| 2 +- doc/configuration.txt | 24 include/haproxy/connection-t.h | 2 +- include/haproxy/quic_tx.h | 2 +- include/haproxy/server-t.h | 2 +- src/h3.c | 2 +- src/mux_quic.c | 2 +- src/proto_rhttp.c | 6 +++--- src/server.c | 6 +++--- 10 files changed, 25 insertions(+), 25 deletions(-) -- 2.43.0
[PATCH 0/1] CI: switch to "latest" semantic for aws-lc builds
let's use fixed version for stable builds and "latest" for development builds Ilya Shipitsin (1): CI: switch aws-lc builds to "latest" semantic .github/matrix.py | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 2.42.0
[PATCH 1/1] CI: switch aws-lc builds to "latest" semantic
for development branches let's use "latest" and fixed for stable LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us switch back to the latest LibreSSL available --- .github/matrix.py | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/matrix.py b/.github/matrix.py index b5a971c5a..2d1831a4d 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -195,7 +195,6 @@ def main(ref_name): "OPENSSL_VERSION=1.1.1s", "QUICTLS=yes", "WOLFSSL_VERSION=5.6.4", -"AWS_LC_VERSION=1.16.0", # "BORINGSSL=yes", ] @@ -203,6 +202,11 @@ def main(ref_name): ssl_versions = ssl_versions + [ "OPENSSL_VERSION=latest", "LIBRESSL_VERSION=latest", +"AWS_LC_VERSION=latest", +] +else: # stable branch +ssl_versions = ssl_versions + [ +"AWS_LC_VERSION=1.17.3", ] for ssl in ssl_versions: @@ -213,6 +217,8 @@ def main(ref_name): flags.append("USE_OPENSSL_WOLFSSL=1") if "AWS_LC" in ssl: flags.append("USE_OPENSSL_AWSLC=1") +if "latest" in ssl: +ssl = determine_latest_aws_lc(ssl) if ssl != "stock": flags.append("SSL_LIB=${HOME}/opt/lib") flags.append("SSL_INC=${HOME}/opt/include") -- 2.42.0
[PATCH 0/2] spelling fixes
yet spelling fixes Ilya Shipitsin (2): CLEANUP: assorted typo fixes in the code and comments CI: limit codespell checks to main repo, not forks .github/workflows/codespell.yml| 1 + INSTALL| 4 ++-- doc/SPOE.txt | 4 ++-- doc/configuration.txt | 10 +- doc/regression-testing.txt | 6 +++--- examples/lua/mailers.lua | 14 +++--- include/haproxy/applet.h | 8 include/haproxy/channel.h | 2 +- include/haproxy/connection-t.h | 4 ++-- include/haproxy/global-t.h | 2 +- include/haproxy/http_ana-t.h | 4 ++-- include/haproxy/mqtt-t.h | 2 +- include/haproxy/protobuf.h | 2 +- include/haproxy/proxy-t.h | 2 +- include/haproxy/quic_conn.h| 2 +- include/haproxy/quic_openssl_compat-t.h| 2 +- include/haproxy/quic_openssl_compat.h | 2 +- include/haproxy/quic_tls.h | 2 +- include/haproxy/sc_strm.h | 2 +- include/haproxy/server-t.h | 2 +- include/haproxy/shctx-t.h | 2 +- include/haproxy/spoe-t.h | 2 +- include/haproxy/stconn.h | 2 +- include/haproxy/stream.h | 2 +- include/haproxy/tcpcheck-t.h | 2 +- .../connection/proxy_protocol_send_generic.vtc | 2 +- reg-tests/http-messaging/truncated.vtc | 2 +- src/acl.c | 2 +- src/backend.c | 2 +- src/cache.c| 4 ++-- src/check.c| 2 +- src/connection.c | 6 +++--- src/debug.c| 2 +- src/dynbuf.c | 2 +- src/flt_bwlim.c| 2 +- src/hlua.c | 2 +- src/hlua_fcn.c | 4 ++-- src/http_ana.c | 4 ++-- src/http_fetch.c | 2 +- src/htx.c | 2 +- src/lb_chash.c | 2 +- src/log.c | 8 src/mux_h1.c | 4 ++-- src/mux_h2.c | 6 +++--- src/mux_pt.c | 2 +- src/mux_quic.c | 2 +- src/peers.c| 2 +- src/pool.c | 4 ++-- src/proto_reverse_connect.c| 6 +++--- src/quic_conn.c| 8 src/quic_openssl_compat.c | 2 +- src/quic_sock.c| 2 +- src/quic_ssl.c | 2 +- src/quic_trace.c | 2 +- src/quic_tx.c | 2 +- src/ring.c | 2 +- src/sample.c | 12 ++-- src/session.c | 2 +- src/signal.c | 2 +- src/sink.c | 6 +++--- src/ssl_ckch.c | 2 +- src/ssl_sock.c | 2 +- src/stconn.c | 2 +- src/task.c | 2 +- src/tcp_act.c | 2 +- src/tools.c| 2 +- src/vars.c | 2 +- 67 files changed, 110 insertions(+), 109 deletions(-) -- 2.42.0
[PATCH 1/2] CLEANUP: assorted typo fixes in the code and comments
This is 37th iteration of typo fixes --- INSTALL| 4 ++-- doc/SPOE.txt | 4 ++-- doc/configuration.txt | 10 +- doc/regression-testing.txt | 6 +++--- examples/lua/mailers.lua | 14 +++--- include/haproxy/applet.h | 8 include/haproxy/channel.h | 2 +- include/haproxy/connection-t.h | 4 ++-- include/haproxy/global-t.h | 2 +- include/haproxy/http_ana-t.h | 4 ++-- include/haproxy/mqtt-t.h | 2 +- include/haproxy/protobuf.h | 2 +- include/haproxy/proxy-t.h | 2 +- include/haproxy/quic_conn.h| 2 +- include/haproxy/quic_openssl_compat-t.h| 2 +- include/haproxy/quic_openssl_compat.h | 2 +- include/haproxy/quic_tls.h | 2 +- include/haproxy/sc_strm.h | 2 +- include/haproxy/server-t.h | 2 +- include/haproxy/shctx-t.h | 2 +- include/haproxy/spoe-t.h | 2 +- include/haproxy/stconn.h | 2 +- include/haproxy/stream.h | 2 +- include/haproxy/tcpcheck-t.h | 2 +- .../connection/proxy_protocol_send_generic.vtc | 2 +- reg-tests/http-messaging/truncated.vtc | 2 +- src/acl.c | 2 +- src/backend.c | 2 +- src/cache.c| 4 ++-- src/check.c| 2 +- src/connection.c | 6 +++--- src/debug.c| 2 +- src/dynbuf.c | 2 +- src/flt_bwlim.c| 2 +- src/hlua.c | 2 +- src/hlua_fcn.c | 4 ++-- src/http_ana.c | 4 ++-- src/http_fetch.c | 2 +- src/htx.c | 2 +- src/lb_chash.c | 2 +- src/log.c | 8 src/mux_h1.c | 4 ++-- src/mux_h2.c | 6 +++--- src/mux_pt.c | 2 +- src/mux_quic.c | 2 +- src/peers.c| 2 +- src/pool.c | 4 ++-- src/proto_reverse_connect.c| 6 +++--- src/quic_conn.c| 8 src/quic_openssl_compat.c | 2 +- src/quic_sock.c| 2 +- src/quic_ssl.c | 2 +- src/quic_trace.c | 2 +- src/quic_tx.c | 2 +- src/ring.c | 2 +- src/sample.c | 12 ++-- src/session.c | 2 +- src/signal.c | 2 +- src/sink.c | 6 +++--- src/ssl_ckch.c | 2 +- src/ssl_sock.c | 2 +- src/stconn.c | 2 +- src/task.c | 2 +- src/tcp_act.c | 2 +- src/tools.c| 2 +- src/vars.c | 2 +- 66 files changed, 109 insertions(+), 109 deletions(-) diff --git a/INSTALL b/INSTALL index 8fc242691..e1053e3c3 100644 --- a/INSTALL +++ b/INSTALL @@ -516,7 +516,7 @@ As last resort, haproxy may be compiled against OpenSSL as follows: Note that QUIC 0-RTT is not supported by haproxy QUIC stack when built against OpenSSL. In addition to this compilation requirements, the QUIC listener -bindings must be explicitely enabled with a specifig QUIC tuning parameter. +bindings must be explicitly enabled with a specific QUIC tuning parameter. (see "limited-quic" global parameter of haproxy Configuration Manual). @@ -748,7 +748,7 @@ them all in the DEFINE variable. Example: The ADDINC variable may be used to add some extra include paths; this is sometimes needed when cross-compiling. Similarly the ADDLIB variable may be -used to specifify extra paths to library files. Example : +used to
[PATCH 2/2] CI: limit codespell checks to main repo, not forks
--- .github/workflows/codespell.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 781aa8332..3d66f2980 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -10,6 +10,7 @@ permissions: jobs: codespell: runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} steps: - uses: actions/checkout@v4 - uses: codespell-project/codespell-problem-matcher@v1 -- 2.42.0
[PATCH 1/1] CI: cirrus-ci: display gdb bt if any
previously, if test process crashes (either BUG_ON or segfault), no coredump were collected and analysed --- .cirrus.yml | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 2993b943a..4bf3fb672 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,8 +6,13 @@ FreeBSD_task: install_script: - pkg update -f && pkg upgrade -y && pkg install -y openssl git gmake lua53 socat pcre script: +- sudo sysctl kern.corefile=/tmp/%N.%P.core +- sudo sysctl kern.sugid_coredump=1 - scripts/build-vtest.sh - gmake CC=clang V=1 ERR=1 TARGET=freebsd USE_ZLIB=1 USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 LUA_INC=/usr/local/include/lua53 LUA_LIB=/usr/local/lib LUA_LIB_NAME=lua-5.3 - ./haproxy -vv - ldd haproxy -- env VTEST_PROGRAM=../vtest/vtest gmake reg-tests REGTESTS_TYPES=default,bug,devel || (for folder in /tmp/*regtest*/vtc.*; do cat $folder/INFO $folder/LOG; done && exit 1) + test_script: +- env VTEST_PROGRAM=../vtest/vtest gmake reg-tests REGTESTS_TYPES=default,bug,devel + on_failure: +debug_script: (for folder in /tmp/*regtest*/vtc.*; do cat $folder/INFO $folder/LOG; done && ls /tmp/haproxy.*.core && gdb -ex 'thread apply all bt full' ./haproxy /tmp/haproxy.*.core) -- 2.35.3.windows.1
[PATCH 0/1] CI: cirrus-ci: display gdb backtrace if there are any
improve cirrus-ci by displaying gdb backtrace Ilya Shipitsin (1): CI: cirrus-ci: display gdb bt if any .cirrus.yml | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.35.3.windows.1
[PATCH 0/2] CI: musl pipeline improvement
it has been figured out that it is hard to find gdb backtraces on musl, because corresponding section is not highlighted. let us fix that Ilya Shipitsin (2): CI: musl: highlight section if there are coredumps CI: musl: drop shopt in workflow invocation .github/workflows/musl.yml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.41.0
[PATCH 1/2] CI: musl: highlight section if there are coredumps
previously, section was collapsed, thus it was harder to find that there's something to look at --- .github/workflows/musl.yml | 5 + 1 file changed, 5 insertions(+) diff --git a/.github/workflows/musl.yml b/.github/workflows/musl.yml index 4017affb9..af358981f 100644 --- a/.github/workflows/musl.yml +++ b/.github/workflows/musl.yml @@ -40,12 +40,17 @@ jobs: - name: Show coredumps if: ${{ failure() && steps.vtest.outcome == 'failure' }} run: | + failed=false ls /tmp/core/ for file in /tmp/core/core.*; do +failed=true printf "::group::" gdb -ex 'thread apply all bt full' ./haproxy $file echo "::endgroup::" done + if [ "$failed" = true ]; then +exit 1; + fi - name: Show results if: ${{ failure() }} run: | -- 2.41.0
[PATCH 2/2] CI: musl: drop shopt in workflow invocation
"shopt" is bash specific, while musl uses bourne shell. /__w/_temp/1b0f5f5d-c71b-4a66-8be3-e1fe51c10993.sh: line 7: shopt: not found --- .github/workflows/musl.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/musl.yml b/.github/workflows/musl.yml index af358981f..930a22e01 100644 --- a/.github/workflows/musl.yml +++ b/.github/workflows/musl.yml @@ -60,4 +60,3 @@ jobs: cat $folder/LOG echo "::endgroup::" done - shopt -s nullglob -- 2.41.0
[PATCH 0/1] CI: fedora: fix dnf invocation
"dnf git" was used instead of "dnf install" Ilya Shipitsin (1): CI: fedora: fix "dnf" invocation syntax .github/workflows/fedora-rawhide.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.35.3.windows.1
[PATCH 1/1] CI: fedora: fix "dnf" invocation syntax
In 39e205302e8afb68d954e17944fad5f8c1587287 I erroneously used "dnf git" instead of "dnf install" --- .github/workflows/fedora-rawhide.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fedora-rawhide.yml b/.github/workflows/fedora-rawhide.yml index bf8ad3d72..aa3abc585 100644 --- a/.github/workflows/fedora-rawhide.yml +++ b/.github/workflows/fedora-rawhide.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v3 - name: Install dependencies run: | -dnf -y git install pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang +dnf -y install git pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang - name: Install VTest run: scripts/build-vtest.sh - name: Install QuicTLS -- 2.35.3.windows.1
[PATCH 2/2] CI: get rid of travis-ci wrapper for Coverity scan
historically coverity scan was performed by travis-ci script, let us rewrite it in bash --- .github/workflows/coverity.yml | 28 +--- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e208c8cac..e4e2bd5dc 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -16,13 +16,6 @@ jobs: scan: runs-on: ubuntu-latest if: ${{ github.repository_owner == 'haproxy' }} -env: - COVERITY_SCAN_PROJECT_NAME: 'Haproxy' - COVERITY_SCAN_BRANCH_PATTERN: '*' - COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com' - # We cannot pass the DEBUG at once here because Coverity splits - # parameters at whitespaces, without taking quoting into account. - COVERITY_SCAN_BUILD_COMMAND: "make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_QUIC=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern ADDLIB=\"-Wl,-rpath,$HOME/opt/lib/\" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG+=-DDEBUG_STRICT=1 DEBUG+=-DDEBUG_USE_ABORT=1" steps: - uses: actions/checkout@v3 - name: Install apt dependencies @@ -34,10 +27,23 @@ jobs: - name: Install QUICTLS run: | QUICTLS=yes scripts/build-ssl.sh +- name: Download Coverity build tool + run: | +wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}=Haproxy" -O coverity_tool.tar.gz +mkdir coverity_tool +tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool - name: Build WURFL run: make -C addons/wurfl/dummy -- name: Run Coverity Scan - env: -COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} +- name: Build with Coverity build tool + run: | +export PATH=`pwd`/coverity_tool/bin:$PATH +cov-build --dir cov-int make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_QUIC=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern ADDLIB=\"-Wl,-rpath,$HOME/opt/lib/\" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG+=-DDEBUG_STRICT=1 DEBUG+=-DDEBUG_USE_ABORT=1 +- name: Submit build result to Coverity Scan run: | -curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash || true +tar czvf cov.tar.gz cov-int +curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \ + --form email=chipits...@gmail.com \ + --form file=@cov.tar.gz \ + --form version="Commit $GITHUB_SHA" \ + --form description="Build submitted via CI" \ + https://scan.coverity.com/builds?project=Hsproxy -- 2.41.0
[PATCH 1/2] CI: do not use "groupinstall" for Fedora Rawhide builds
Fedora Rawhide migrated to dnf5, which does not support "groupinstall" --- .github/workflows/fedora-rawhide.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/fedora-rawhide.yml b/.github/workflows/fedora-rawhide.yml index 7e735a36c..bf8ad3d72 100644 --- a/.github/workflows/fedora-rawhide.yml +++ b/.github/workflows/fedora-rawhide.yml @@ -20,8 +20,7 @@ jobs: - uses: actions/checkout@v3 - name: Install dependencies run: | -dnf -y groupinstall 'C Development Tools and Libraries' 'Development Tools' -dnf -y install pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang +dnf -y git install pcre-devel zlib-devel pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang - name: Install VTest run: scripts/build-vtest.sh - name: Install QuicTLS -- 2.41.0
[PATCH 0/2] CI changes
fixed 'Unknown argument "groupinstall" for command "dnf5"' coverity scan CI rewritten without travis-ci wrapper Ilya Shipitsin (2): CI: do not use "groupinstall" for Fedora Rawhide builds CI: get rid of travis-ci wrapper for Coverity scan .github/workflows/coverity.yml | 28 +--- .github/workflows/fedora-rawhide.yml | 3 +-- 2 files changed, 18 insertions(+), 13 deletions(-) -- 2.41.0
[PATCH 2/2] CI: explicitely highlight VTest result section if there's something
it turned out that people miss VTest result section because it is not highlighted, let us fix that --- .github/workflows/vtest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml index 25d3cc72e..6977788a3 100644 --- a/.github/workflows/vtest.yml +++ b/.github/workflows/vtest.yml @@ -159,3 +159,4 @@ jobs: cat $asan echo "::endgroup::" done +exit 1 -- 2.40.1
[PATCH 1/2] CI: add naming convention documentation
branches "haproxy-" stand for stable branches, otherwise development --- .github/matrix.py | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/matrix.py b/.github/matrix.py index 7f22c43bb..dbf987e93 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -21,6 +21,14 @@ else: print("Usage: {} ".format(sys.argv[0]), file=sys.stderr) sys.exit(1) +# +# this CI is used for both development and stable branches of HAProxy +# +# naming convention used, if branch name matches: +# +# "haproxy-" - stable branches +# otherwise - development branch (i.e. "latest" ssl variants, "latest" github images) +# print("Generating matrix for branch '{}'.".format(ref_name)) @@ -83,9 +91,9 @@ matrix = [] # Ubuntu if "haproxy-" in ref_name: -os = "ubuntu-22.04" +os = "ubuntu-22.04" # stable branch else: -os = "ubuntu-latest" +os = "ubuntu-latest" # development branch TARGET = "linux-glibc" for CC in ["gcc", "clang"]: @@ -179,7 +187,7 @@ for CC in ["gcc", "clang"]: # "BORINGSSL=yes", ] -if "haproxy-" not in ref_name: +if "haproxy-" not in ref_name: # development branch ssl_versions = ssl_versions + [ "OPENSSL_VERSION=latest", "LIBRESSL_VERSION=latest", @@ -211,9 +219,9 @@ for CC in ["gcc", "clang"]: # macOS if "haproxy-" in ref_name: -os = "macos-12" +os = "macos-12" # stable branch else: -os = "macos-latest" +os = "macos-latest" # development branch TARGET = "osx" for CC in ["clang"]: -- 2.40.1
[PATCH 0/2] improve CI friendliness
thanks to Andrew Hopkins from Amazon, we've learned that CI is already easy to learn, however few things can be improved. let us add naming convention inline comment, also if VTest fails, let is highlight that. Ilya Shipitsin (2): CI: add naming convention documentation CI: explicitely highlight VTest result section if there's something .github/matrix.py | 18 +- .github/workflows/vtest.yml | 1 + 2 files changed, 14 insertions(+), 5 deletions(-) -- 2.40.1
[PATCH 0/1] enabling ssl keylog for LibreSSL 3.5.0
found during QUIC Interop for LibreSSL Ilya Shipitsin (1): BUILD: SSL: enable TLS key material logging if built with LibreSSL>=3.5.0 include/haproxy/openssl-compat.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.40.1
[PATCH 1/1] BUILD: SSL: enable TLS key material logging if built with LibreSSL>=3.5.0
LibreSSL implements TLS key material since 3.5.0, let's enable it --- include/haproxy/openssl-compat.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 7fb153810..ed162031c 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -88,7 +88,8 @@ #define HAVE_SSL_SCTL #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +/* minimum OpenSSL 1.1.1 & libreSSL 3.5.0 */ +#if (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x305fL)) || (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) #define HAVE_SSL_KEYLOG #endif -- 2.40.1
[PATCH 2/2] BUILD: SSL: add QUICTLS to build matrix
--- .github/matrix.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/matrix.py b/.github/matrix.py index 568676001..53b5e0f88 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -113,12 +113,13 @@ for CC in ["gcc", "clang"]: "OPENSSL_VERSION=3.0.0", "LIBRESSL_VERSION=2.9.2", "LIBRESSL_VERSION=3.3.3", +"QUICTLS=yes", #"BORINGSSL=yes", ]: flags = ["USE_OPENSSL=1"] -if ssl == "BORINGSSL=yes": +if ssl == "BORINGSSL=yes" or ssl == "QUICTLS=yes": flags.append("USE_QUIC=1") -if "OPENSSL_VERSION=3.0.0" in ssl: +if "OPENSSL_VERSION=3.0.0" in ssl or ssl == "QUICTLS=yes": flags.append('DEBUG_CFLAGS="-g -Wno-deprecated-declarations"') if ssl != "stock": flags.append("SSL_LIB=${HOME}/opt/lib") -- 2.29.2.windows.2
[PATCH 1/2] BUILD: SSL: add quictls build to scripts/build-ssl.sh
script/build-ssl.sh is used mostly in CI, let us introduce QUIC OpenSSL fork support --- scripts/build-ssl.sh | 23 +++ 1 file changed, 23 insertions(+) diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh index e1d89a0eb..d143cec55 100755 --- a/scripts/build-ssl.sh +++ b/scripts/build-ssl.sh @@ -86,6 +86,17 @@ download_boringssl () { fi } +download_quictls () { +if [ ! -d "download-cache/quictls" ]; then +git clone --depth=1 https://github.com/quictls/openssl download-cache/quictls +else + ( +cd download-cache/quictls +git pull + ) +fi +} + if [ ! -z ${LIBRESSL_VERSION+x} ]; then download_libressl build_libressl @@ -121,3 +132,15 @@ if [ ! -z ${BORINGSSL+x} ]; then ) fi +if [ ! -z ${QUICTLS+x} ]; then +( + +download_quictls +cd download-cache/quictls + +./config shared --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY +make -j$(nproc) build_sw +make install_sw + +) +fi -- 2.29.2.windows.2
[PATCH] CLEANUP: assorted typo fixes in the code and comments
This is 27th iteration of typo fixes --- doc/configuration.txt| 2 +- include/haproxy/h3.h | 2 +- include/haproxy/mux_quic-t.h | 2 +- include/haproxy/mux_quic.h | 2 +- include/haproxy/qpack-t.h| 2 +- reg-tests/http-messaging/http_request_buffer.vtc | 4 ++-- reg-tests/ssl/ssl_errors.vtc | 2 +- src/h3.c | 4 ++-- src/hlua.c | 2 +- src/http_client.c| 6 +++--- src/xprt_quic.c | 12 ++-- 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index c242698c4..5774bf7f4 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -21273,7 +21273,7 @@ Detailed fields description : - "ssl_fc_err" is the last error of the first SSL error stack that was raised on the connection from the frontend's perspective. It might be used to detect SSL handshake errors for instance. It will be 0 if everything -went well. See the "ssl_fc_err" sample fetch's decription for more +went well. See the "ssl_fc_err" sample fetch's description for more information. - "ssl_c_err" is the status of the client's certificate verification process. diff --git a/include/haproxy/h3.h b/include/haproxy/h3.h index 4c329b8ab..e61a2d9b2 100644 --- a/include/haproxy/h3.h +++ b/include/haproxy/h3.h @@ -1,6 +1,6 @@ /* * include/haproxy/h3.h - * This file containts types for H3 + * This file contains types for H3 * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/include/haproxy/mux_quic-t.h b/include/haproxy/mux_quic-t.h index 09e0585f6..b93a8a578 100644 --- a/include/haproxy/mux_quic-t.h +++ b/include/haproxy/mux_quic-t.h @@ -1,6 +1,6 @@ /* * include/haproxy/mux_quic-t.h - * This file containts types for QUIC mux-demux. + * This file contains types for QUIC mux-demux. * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/include/haproxy/mux_quic.h b/include/haproxy/mux_quic.h index 2991e871a..332c5291a 100644 --- a/include/haproxy/mux_quic.h +++ b/include/haproxy/mux_quic.h @@ -1,6 +1,6 @@ /* * include/haproxy/mux_quic-t.h - * This file containts prototypes for QUIC mux-demux. + * This file contains prototypes for QUIC mux-demux. * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/include/haproxy/qpack-t.h b/include/haproxy/qpack-t.h index 832094e8e..1200eef94 100644 --- a/include/haproxy/qpack-t.h +++ b/include/haproxy/qpack-t.h @@ -1,6 +1,6 @@ /* * include/haproxy/qpack-t.h - * This file containts types for QPACK + * This file contains types for QPACK * * Copyright 2021 HAProxy Technologies, Frédéric Lécaille * diff --git a/reg-tests/http-messaging/http_request_buffer.vtc b/reg-tests/http-messaging/http_request_buffer.vtc index 8ed683be7..c41781425 100644 --- a/reg-tests/http-messaging/http_request_buffer.vtc +++ b/reg-tests/http-messaging/http_request_buffer.vtc @@ -87,7 +87,7 @@ client c2 -connect ${h1_fe1_sock} { } -run # Payload is fully sent in 2 steps (with a small delay, smaller than the client -# timeout) and splitted on a chunk size. +# timeout) and split on a chunk size. # ==> Request must be sent to the server. A 200 must be received client c3 -connect ${h1_fe1_sock} { send "POST /1 HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n1\r\n1\r\n1" @@ -98,7 +98,7 @@ client c3 -connect ${h1_fe1_sock} { } -run # Last CRLF of the request payload is missing but payload is sent in 2 steps -# (with a small delay, smaller than the client timeout) and splitted on a chunk +# (with a small delay, smaller than the client timeout) and split on a chunk # size. The client aborts before sending the last CRLF. # ==> Request must be handled as an error with 'CR--' termination state. client c4 -connect ${h1_fe1_sock} { diff --git a/reg-tests/ssl/ssl_errors.vtc b/reg-tests/ssl/ssl_errors.vtc index 7daf2102f..ef83e3e60 100644 --- a/reg-tests/ssl/ssl_errors.vtc +++ b/reg-tests/ssl/ssl_errors.vtc @@ -54,7 +54,7 @@ syslog Slg_cust_fmt -level info { barrier b1 sync -# In case of an error occuring before the certificate verification process, +# In case of an error occurring before the certificate verification process, # the client certificate chain is never parsed and verified so we can't # have information about the client's certificate. recv diff --git a/src/h3.c b/src/h3.c index fc68432f8..cd8f32d55 100644 --- a/src/h3.c +++ b/src/h3.c @@ -196,7 +196,7 @@ static int h3_decode_qcs(struct qcs *qcs, void *ctx) cs->ctx = qcs; stream_create_from_cs(cs, _buf); - /* buffer is
[PATCH v2] BUILD: SSL: function "ERR_func_error_string" is deprecated in OpenSSL-3.0.0
let us prepare for using OpenSSL-3.0.0 in no deprecation mode --- include/haproxy/openssl-compat.h | 7 +++ src/ssl_sock.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 17d073d51..1b7272636 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -41,6 +41,13 @@ #define OpenSSL_version_num SSLeay #endif +/* ERR_func_error_string is deprecated in OpenSSL-3.0.0 */ +#if (OPENSSL_VERSION_NUMBER >= 0x3000L) +#define HA_ERR_func_error_string(ret) "OPENSSL_internal" +#else +#define HA_ERR_func_error_string(ret) ERR_func_error_string(ret) +#endif + #if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070100fL) || defined(OPENSSL_IS_BORINGSSL) || (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L)) #define HAVE_SSL_EXTRACT_RANDOM #endif diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8be8c6fde..a7505e5a9 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -606,7 +606,7 @@ static forceinline void ssl_sock_dump_errors(struct connection *conn) return; fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: %s\n", conn->handle.fd, ret, - ERR_func_error_string(ret), ERR_reason_error_string(ret)); + HA_ERR_func_error_string(ret), ERR_reason_error_string(ret)); } } } -- 2.29.2.windows.2