On Wed, Jan 05, 2022 at 05:07:16PM +0100, Tim Düsterhus wrote:
> > This makes me think that this should also mark the turn for 2.0 to
> > enter the "critical fixes only" status. We all know it doesn't mean
> > much, beyond giving us an excuse for producing releases less often,
> > but this is also
Hi Tim,
On Tue, Jan 04, 2022 at 06:41:14PM +0100, Tim Düsterhus wrote:
> On 12/19/21 7:36 PM, Nemo wrote:
> > Is there any way for users to find out exact EoL dates in advance, or is
> > there an accepted answer for what Q1/Q2/Q3/Q4 would usually mean here?
>
> I believe you missed Nemo's email a
Hi Nemo,
first, sorry for missing your message, I remember noticing it,
postponing the response, then I forgot about it.
On Mon, Dec 20, 2021 at 12:06:28AM +0530, Nemo wrote:
> Reaching out on behalf of endoflife.date[0],
I wasn't aware of this project, this can indeed be quite useful for
variou
Hi!
On Mon, Jan 03, 2022 at 06:47:04PM +0500, Sohaib Ahmad wrote:
> Hi,
>
> While debugging some timeouts I noticed a very high total time when request
> is being served from haproxy's local cache.
>
> 10.0.17.137:45444 [03/Jan/2022:12:38:46.991] web webnode/
> 0/0/0/0/15263 200 308984 - - LR--
On Fri, Dec 31, 2021 at 08:25:08AM +, David CARLIER wrote:
> Hi here a minor patch for solaris based system.
>
> not urgent tough happy new year in advance :)
Thanks David, now applied.
Willy
On Sat, Dec 25, 2021 at 02:15:38PM +0500, ??? wrote:
> Hello,
>
> the attached patch updates OpenSSL to recently released 3.0.1
And applied as well, thanks. I thought I already took it but I was
apparently mistaken.
Willy
On Sat, Dec 25, 2021 at 11:48:47AM +0500, ??? wrote:
> Hello,
>
> yet another spelling patch.
Applied, thanks Ilya!
Willy
On Fri, Dec 31, 2021 at 06:30:53AM +, David CARLIER wrote:
> Hi,
>
> all CPU macros which were incompatible with Linux (ie CPU_AND*,
> CPU_*OR...) had been changed and there is no backward compatibility
> with the old BSD api (at least not for now, they might introduce
> detection like solaris
Hi David,
On Fri, Dec 31, 2021 at 05:02:37AM +, David CARLIER wrote:
> Here a simpler version if that s fine with you.
Indeed, even simpler and I also prefer this one. I've now merged it,
thank you. Just to be sure, was this a breaking change in FreeBSD or
is the old API still supported ? I'm
Hi Alex,
On Sat, Dec 25, 2021 at 11:59:20PM +0100, Aleksandar Lazic wrote:
>
> Hi.
>
> as the message tell us that we should report this to the developers I do so
> :-)
>
>
> ```
> Dec 24 01:10:31 lb1 haproxy[20008]: A bogus STREAM [0x559faa07b4f0] is
> spinning at 204371 calls per second
>
On Wed, Dec 29, 2021 at 12:29:11PM +0100, Aleksandar Lazic wrote:
> > [28/Dec/2021:12:48:34.023] frontend proxy (#2): invalid request
> > backend (#-1), server (#-1), event #166, src
> > 192.168.1.90:44350
> > buffer starts at 0 (including 0 out), 16258 free,
> > len 126, wraps at 16
On Sat, Dec 25, 2021 at 06:40:57PM +0500, ??? wrote:
> Let's merge as is.
>
> I'll test changes later. Anyway, I've figured out how to enable cache and
> there will be patches later
OK that works, now merged.
Have a nice week-end!
Willy
On Sat, Dec 25, 2021 at 01:53:54PM +0100, Tim Düsterhus wrote:
> Willy,
>
> On 12/25/21 11:10 AM, Willy Tarreau wrote:
> > That's a good idea. I cannot judge if the method is correct but the
> > less errors we produce on early failures, the better. I think Tim told
>
Hi Ilya,
> From 05efdbd79b64df22b9b5a066afb73047a079b54a Mon Sep 17 00:00:00 2001
> From: Ilya Shipitsin
> Date: Sat, 25 Dec 2021 13:53:04 +0500
> Subject: [PATCH] CI: Github Actions: do not show VTest failures if build
> failed
>
> this is mostly cleanup, issue is minor. If build failed, VTest
: cli: "show version" displays the current process version
BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt
mode
Willy Tarreau (4):
CI: Github Actions: temporarily disable BoringSSL builds
BUILD: tree-wide: avoid warnings caused by redundant ch
Hi Aleks,
On Sun, Dec 19, 2021 at 01:43:01PM +0100, Aleksandar Lazic wrote:
> Do you agree that we now can add HAProxy to that list :-)
>
> https://github.com/quicwg/base-drafts/wiki/Implementations
Ideally we should submit it once we have a public server with it. There
are still low-level issue
On Tue, Dec 14, 2021 at 02:12:28AM +, David CARLIER wrote:
> ping :)
sorry for the delay David, we'll check today.
Willy
On Fri, Dec 10, 2021 at 03:35:34PM +0100, Willy Tarreau wrote:
> > If I browse https://www.haproxy.org/, the links to haproxy.com do not work.
> > Clicking on the banners on the left ("Looking for support?", "Looking for
> > Easy?",...) I land on a 404 not
Hi Marco,
On Fri, Dec 10, 2021 at 12:29:00PM +0100, Marco Corte wrote:
> Hi.
>
> Sorry for the OT
>
> If I browse https://www.haproxy.org/, the links to haproxy.com do not work.
> Clicking on the banners on the left ("Looking for support?", "Looking for
> Easy?",...) I land on a 404 not found.
>
On Thu, Dec 09, 2021 at 08:38:20PM +0100, Tim Düsterhus wrote:
> Adam,
>
> On 12/9/21 7:09 PM, Adam Mills wrote:
> > Fleet Manager, Engineer, Exec, Field Operations... <- this is not me.
>
> as a heads up: This email arrived via the HAProxy mailing list. Please do
> not reply to Spam while includ
Hi Ilya,
On Fri, Dec 10, 2021 at 12:26:16PM +0500, ??? wrote:
> gentle ping
didn't notice, too many locations to look at, sorry :-(
Please try to remember to CC the relevant maintainers with your patches,
this significantly fluidies review and merging. I'm CCing William and
Emeric who a
On Thu, Dec 09, 2021 at 01:27:14AM +0100, Lukas Tribus wrote:
> In commit 6f7497616 ("MEDIUM: connection: rename fc_conn_err and
> bc_conn_err to fc_err and bc_err"), fc_conn_err became fc_err, so
> update this example.
Ah good catch! Both patches applied now, thank you Lukas!
Willy
On Wed, Dec 08, 2021 at 05:50:50PM +0100, Tim Düsterhus wrote:
> Lukas,
>
> On 12/8/21 11:33 AM, Lukas Tribus wrote:
> > We are using comma-delimited list for init-addr for example, let's
> > document that this is space-delimited to avoid the guessing game.
>
> Shouldn't this rather be fixed by u
On Fri, Nov 26, 2021 at 08:51:56PM +, David CARLIER wrote:
> Hi
>
> Here the following up for the apple system allocator (aka libmalloc).
Thank you David, now merged (second version).
Willy
On Fri, Nov 26, 2021 at 05:15:04PM +0100, Tim Düsterhus wrote:
> Willy,
>
> On 11/26/21 4:18 PM, Willy Tarreau wrote:
> > Do you have any objection against this being merged ? Would you prefer
> > to change it a bit (e.g. delimit the output one way or another) ? I'
) ? I'm
open to suggestions, knowing that in its current raw form it did the
job for me, so the rest is cometic.
Thanks,
Willy
>From 02b1e379dce2120b518605fa2164c2e9c358d3ae Mon Sep 17 00:00:00 2001
From: Willy Tarreau
Date: Fri, 26 Nov 2021 15:45:41 +0100
Subject: CI: github actions:
On Thu, Nov 25, 2021 at 04:29:55PM +, David CARLIER wrote:
> Ok I applied your suggestions and move back the malloc_trim/mallinfo
> part as it was before.
Thanks, now merged!
Willy
On Thu, Nov 25, 2021 at 01:19:39PM +, David CARLIER wrote:
> Here a patchset instead :)
Thanks!
I've reviewed it, I'm having some comments below:
> From e8daa477b53a43ab39113cf0e9c43d9bbda1e9a9 Mon Sep 17 00:00:00 2001
> From: David Carlier
> Date: Thu, 25 Nov 2021 10:26:50 +
> Subject:
On Thu, Nov 25, 2021 at 04:38:27PM +0500, ??? wrote:
> > Thus I think that instead of focusing on the OS we ought to continue
> > to focus on the allocator and improve runtime detection:
> >
> > - glibc (currently detected using detect_allocator)
> > => use malloc_trim()
> > - jema
On Thu, Nov 25, 2021 at 01:29:13PM +0300, Dmitry Sivachenko wrote:
>
> > On 25 Nov 2021, at 13:09, Willy Tarreau wrote:
> >
> > Please try the two attached patches. They re-backport something that
> > we earlier failed to backport that simplifies the ugly ifdefs ev
at
we earlier failed to backport that simplifies the ugly ifdefs everywhere
that virtually break every single backport related to SSL.
For me they work with/without SSL and with older versions (tested as far
as 0.9.8).
Thanks,
Willy
>From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00
Hi David,
On Wed, Nov 24, 2021 at 08:08:39PM +, David CARLIER wrote:
> Hi
>
> here a little patch for FreeBSD to support memory arenas trimming.
(...)
> FreeBSD uses a slighty simplified version of jemalloc as libc allocator
> since many years (there is thoughts to eventually switch to snmall
On Tue, Nov 23, 2021 at 05:40:22PM +0100, Tim Düsterhus wrote:
> Willy,
>
> On 11/23/21 5:18 PM, Willy Tarreau wrote:
> > As a reminder, this is a stable version which will receive fixes for
> > around 12 months. Its initially scheduled EOL is 2023-Q1 but it can be
> >
e, Björn Jacke, Christopher Faulet,
David Carlier, Dirkjan Bussink, Dragan Dosen, Emeric Brun,
Frédéric Lécaille, Ilya Shipitsin, John Roesler, Marcin Deranek,
Maximilian Mader, Miroslav Zagorac, Olivier Houchard,
Remi Tricot-Le Breton, Thayne McCombs, Thierry Fournier,
Tim Düsterhus, William
On Sat, Nov 20, 2021 at 11:15:44PM +0500, ??? wrote:
> Hello,
>
> some spell fixes.
Now merged, thanks Ilya!
Willy
Hi Dominik,
On Mon, Nov 22, 2021 at 10:31:15AM +, Froehlich, Dominik wrote:
> For ongoing connections (not total), the stats page shows a tooltip stating
>
>
> * Current Active Connections
> * Current Used Connections
> * Current Idle Connections (broken down into safe and unsafe
On Sun, Nov 21, 2021 at 01:11:13AM +0100, William Lallemand wrote:
> On Fri, Nov 19, 2021 at 08:03:22PM +0100, Willy Tarreau wrote:
> > - since TLS early-data support was added, resumed connections could
> > cause a confusingly incorrect error to be reported if the strict-
Hi all,
I wanted to emit another dev release but it will be difficult, I've
been kicked off the net by my operator (Nerim) who was apparently
sold to Keyyo and who apparently changed their equipments configs
so that after a reconnect of the ADSL, I lost both my IPv4 and IPv6
public addresses and a
Hi all,
I intended to emit the final 2.5 this week-end, but a few users having
upgraded to the latest 2.4, 2.3 or 2.2 reported strange issues that we
couldn't reproduce and for which we don't have more info yet. Some seem
related to connections taking longer to vanish, others to possibly
truncated
On Mon, Nov 08, 2021 at 02:31:32PM +0100, William Dauchy wrote:
> On Mon, Nov 8, 2021 at 1:52 PM Willy Tarreau wrote:
> > Just to be sure, is this something you want to merge into 2.5 or is it
> > to be queued next ? I'm fine with both, but I prefer to ask as it's not
&
Hi William,
On Sun, Nov 07, 2021 at 10:18:47AM +0100, William Dauchy wrote:
> - add new metric: `haproxy_backend_agg_server_check_status`
> it counts the number of servers matching a specific check status
> this permits to exclude per server check status as the usage is often
> to rely on th
On Sat, Nov 06, 2021 at 12:30:43PM +0100, William Dauchy wrote:
> `info_field_names` and `stat_field_names` no longer exist and have been
> moved in stats.c
> To avoid changing this comment, just mention the name of the new table
> `info_fields` and `stat_fields`
Merged, thanks William.
Willy
On Mon, Nov 08, 2021 at 12:53:00PM +0100, Tim Düsterhus wrote:
> Willy,
>
> On 11/8/21 11:43 AM, Willy Tarreau wrote:
> > > You're totally right. Not only it is redundant, but it is wrong (which
> > > is why it is redundant). By being called strncat() one would
On Mon, Nov 08, 2021 at 11:41:52AM +0100, Willy Tarreau wrote:
> Hi Tim,
>
> On Mon, Nov 08, 2021 at 09:04:59AM +0100, Tim Duesterhus wrote:
> > Hi Willy,
> >
> > find my (probably :-) ) final CLEANUP series for 2.5.
> >
> > Regarding the final patch:
&
Hi Tim,
On Mon, Nov 08, 2021 at 09:04:59AM +0100, Tim Duesterhus wrote:
> Hi Willy,
>
> find my (probably :-) ) final CLEANUP series for 2.5.
>
> Regarding the final patch:
>
> 'chunk_strncat()' appears to be completely redundant, it simply passes through
> the arguments and even takes an int i
On Sat, Nov 06, 2021 at 03:14:45PM +0100, Tim Duesterhus wrote:
> Use a consistent size as the parameter for the *alloc family.
Series applied, thanks Tim!
Willy
):
BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE
Tim Duesterhus (7):
MINOR: jwt: Make invalid static JWT algorithms an error in `jwt_verify`
converter
CLEANUP: halog: Remove dead stores
DEV: coccinelle: Add ha_free.cocci
CLEANUP: Apply ha_fre
On Fri, Nov 05, 2021 at 02:17:51PM +0100, Tim Düsterhus wrote:
> Willy,
>
> On 10/11/21 5:15 PM, Tim Düsterhus wrote:
> > > > > > please also apply to https://github.com/wtarreau/libslz/.
> > > > > > [...]
> > > > >
> > > > > Now applied, thanks!
> > > >
> > > > Not seeing anything in the libslz
Hi Tim,
On Thu, Nov 04, 2021 at 07:12:04PM +0100, Tim Düsterhus wrote:
> Your patch is already merged and the bug is fixed. However I'd like to
> comment on the reasons behind why I refactored the whole function to use the
> ist API:
>
> I *strongly* dislike code that just works because of some i
Hi Tim,
On Thu, Nov 04, 2021 at 09:04:24PM +0100, Tim Duesterhus wrote:
> Found using clang's scan-build.
(...)
This and your 4 other cleanup patches applied now, thank you!
Willy
On Thu, Nov 04, 2021 at 09:53:59PM +0500, ??? wrote:
> we do not fail build if SSL_LIB points to wrong folder ?
For sure we do, since libs will be missing, and the linking will
fail!
Willy
On Thu, Nov 04, 2021 at 03:54:15PM +0100, Aleksandar Lazic wrote:
> On 04.11.21 15:28, Willy Tarreau wrote:
> > Hello,
> >
> > as some of you know, 2.5 will come with a new "option httpslog" to ease
> > logging some useful TLS info by default.
> >
>
Hi all,
just as a reminder for those who don't necessarily follow the activity
around this, the HAProxyConf 2021 will be held on 16-17 of this month
(in 12 days), with live Q&A sessions after each talk. The conference is
online only, and attending it is free and open to anyone.
The list of presen
Hello,
as some of you know, 2.5 will come with a new "option httpslog" to ease
logging some useful TLS info by default.
While running some tests in production with the error-log-format, I
realized that we're not logging the SNI in "httpslog", and that it's
probably a significant miss that we ough
newlines in die() messages
MINOR: halog: Add support for extracting captures using -hdr
William Lallemand (2):
BUG/MINOR: systemd: ExecStartPre must use -Ws
DOC: management: certificate files must be sanitized before injection
Willy Tarreau (36):
BUG/MINOR: compat: make sur
Hi Shawn,
On Wed, Nov 03, 2021 at 10:56:02AM -0600, Shawn Heisey wrote:
> On 11/3/21 9:25 AM, ??? wrote:
> > you either need to specify LD_LIBRARY_PATH or add rpath during link,
> > here's example how to use rpath via ADDLIB haproxy/.travis.yml at
> > 57610c694e56a6b0d55bf42f1170bad93b7b3
On Wed, Nov 03, 2021 at 12:23:54PM +0100, Remi Tricot-Le Breton wrote:
> jwt_parse_alg would mistakenly return JWT_ALG_NONE for algorithms "",
> "n", "no" and "non" because of a strncmp misuse. It now sees them as
> unknown algorithms.
Merged, thank you Rémi!
Willy
onsistent indentation in help()
BUG/MINOR: halog: Add missing newlines in die() messages
MINOR: halog: Add support for extracting captures using -hdr
William Lallemand (1):
Revert "CLEANUP: server: always include the storage for SSL settings"
Willy Tarreau (29):
Hi Rémi,
On Wed, Nov 03, 2021 at 09:47:36AM +0100, Remi Tricot-Le Breton wrote:
> Hello,
>
> On 02/11/2021 16:50, Willy Tarreau wrote:
> > Tim,
> >
> > On Fri, Oct 29, 2021 at 06:06:55PM +0200, Tim Duesterhus wrote:
> > > It is not useful to start a configur
MINOR: httpclient/lua: return an error when it can't generate the request
MINOR: httpclient: request streaming with a callback
MINOR: httpclient/lua: handle the streaming into the lua applet
REGTESTS: lua: test httpclient with body streaming
BUG/MINOR: httpclient/lua: m
On Fri, Oct 29, 2021 at 10:23:02PM +0200, PR Bot wrote:
> Dear list!
>
> Author: John Roesler
> Number of patches: 1
>
> This is an automated relay of the Github pull request:
>Some grammar in peers.txt
(...)
Applied, thank you John,
Willy
Tim,
On Fri, Oct 29, 2021 at 06:06:55PM +0200, Tim Duesterhus wrote:
> It is not useful to start a configuration where an invalid static string is
> provided as the JWT algorithm. Better make the administrator aware of the
> suspected typo by failing to start.
I'm hopeful that I can finally emit
On Fri, Oct 29, 2021 at 05:20:23PM +0200, Remi Tricot-Le Breton wrote:
> > > Rémi, am I missing something or is it just that this code snippet indeed
> > > has a bug that was not spotted by the regtests (which I'm fine with,
> > > they're regression tests, not unit tests seeking 100% coverage) ?
>
On Thu, Oct 28, 2021 at 09:54:55AM -0700, Ryan Burn wrote:
> On the size limit, ideally we'd like to capture up to the first 128k of the
> body. But after doing some tests, it looks like we can only get up the first
> 15k, even if we specify "http-response wait-for-body time 10s at-least
> 128k". W
On Thu, Oct 28, 2021 at 04:06:42PM -0600, Shawn Heisey wrote:
> The file I transferred is 4GB in size, copied from /dev/urandom with dd.
> Did the pull from another machine on the same gigabit LAN. I picked the
> cipher by watching for TLS 1.2 ciphers shown by testssl.sh and choosing one
> that m
On Thu, Oct 14, 2021 at 07:48:08PM +0200, Tim Duesterhus wrote:
> Remi,
>
> please find a suggested cleanup for your JWT patch series. I think that
> using the ist functions results in easier to understand code, because you
> don't need to manually calculate lengths and offsets.
>
> Apply with `g
On Thu, Oct 28, 2021 at 09:09:13AM +0200, Tim Düsterhus wrote:
> Willy,
>
> On 10/14/21 7:23 PM, PR Bot wrote:
> > This is an automated relay of the Github pull request:
> > Typos fixed "it" should be "is"
> >
> > Patch title(s):
> > Typos fixed "it" should be "is"
> >
> > Link:
> >
On Thu, Oct 28, 2021 at 07:19:39PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> The check for the quote is to detect the start of the request method.
(...)
OK, got it!
> I've attached an updated patch with an extensive explanation :-)
perfect, thank you, now pushed.
Willy
Hi Tim,
On Thu, Oct 28, 2021 at 05:33:57PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> Willy,
>
> please find another halog series attached.
>
> 1. Some small changes to the new -qry/-query flag.
> 2. A new -hdr flag, resolving my own GitHub issue.
OK, some points below.
> From 50d5f579bc35fcf
Hi David,
On Tue, Oct 26, 2021 at 10:27:40AM +0100, David CARLIER wrote:
> Hi Willy,
>
> Ok with your changes suggestions even tough it seemed to work fine
> with the raspberry/clang combination
I have no doubt it works, given that this can rely on the fallback part.
It's just that I don't want
On Sat, Oct 23, 2021 at 07:53:35PM +0200, Tim Duesterhus wrote:
> This coccinelle patch finds locations where the return value of `realloc()` is
> assigned to the pointer passed to `realloc()`. This calls will leak memory if
> `realloc()` returns `NULL`.
Thanks. This and the hlua_alloc() patch wer
On Mon, Oct 18, 2021 at 06:40:28PM +0200, Tim Duesterhus wrote:
> The OpenSSL documentation
> (https://www.openssl.org/docs/man1.1.0/man3/HMAC.html)
> specifies:
>
> > It places the result in md (which must have space for the output of the hash
> > function, which is no more than EVP_MAX_MD_SIZE
On Mon, Oct 18, 2021 at 12:16:11PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
> From 6095a454dee425487083674ec9d35be7a59f7ef6 Mon Sep 17 00:00:00 2001
> From: Tim Duesterhus
> Date: Mon, 18 Oct 2021 12:12:02 +0200
> Subject: [PATCH] MINOR: halog: Add -qry parameter allowing to preserve the
> query
On Wed, Oct 27, 2021 at 07:04:31PM +0200, Tim Düsterhus wrote:
> Personally I'd prefer to see my config loudly rejected if it is incorrect
> than it silently working incorrectly. It's not like I'm going to roll out
> 2.5 in my fleet without testing the config at least once.
>
> So: +1 to make this
On Wed, Oct 27, 2021 at 08:46:23PM +0200, Christopher Faulet wrote:
> Le 10/27/21 à 18:32, Willy Tarreau a écrit :
> > Christopher also found that the set-var() converter already mandates a
> > matching method, as the following will be rejected:
> >
> > ... if { i
Hi all,
Among the current pending issues, Christopher and I have been scratching
our heads on an issue involving the var() sample fetch function. It
started in issue 1215 but is more generalized:
https://github.com/haproxy/haproxy/issues/1215
In short, var() was initially internally declare
Hi David,
On Sat, Oct 23, 2021 at 05:12:18PM +0100, David CARLIER wrote:
> > > diff --git a/include/haproxy/atomic.h b/include/haproxy/atomic.h
> > > index 3198b381a..29a06c57b 100644
> > > --- a/include/haproxy/atomic.h
> > > +++ b/include/haproxy/atomic.h
> > > @@ -698,7 +698,7 @@ __ha_barrier_a
On Thu, Oct 21, 2021 at 11:24:22AM +0200, Steve Hand wrote:
> I wasted a day yesterday with this config. This all seemed to work
> randomly, sometimes routing to default backend, sometimes routing to the acl
> backend.
>
> The problem was I had 'mode tcp' in global and had to add 'mode http' to
Hi David,
On Sat, Oct 23, 2021 at 02:51:59PM +0100, David CARLIER wrote:
> Hi,
> Hopefully not too late for the 2.5 release :-)
No worries, and fixes can be merged later anyway. I have some questions
below.
> From b9c083252bdabf2d0bbfffa1383453cdfd94ab13 Mon Sep 17 00:00:00 2001
> From: David CA
On Fri, Oct 22, 2021 at 10:22:17PM +0200, Vincent Bernat wrote:
> > I'm just thinking, we have a SILENT_DEFINE macro that should already
> > address this. Could you please try to pass your -f... there ? If it
> > works it would just be a matter of improving the SILENT_DEFINE
> > description to indi
Hi Vincent,
On Tue, Oct 19, 2021 at 09:23:25AM +0200, Vincent Bernat wrote:
> ? 19 October 2021 09:22 +02, Vincent Bernat:
>
> > This could be backported to 2.4. Older versions do not display CFLAGS.
>
> Note that if you find this too ugly, I have no problem to maintain this
> as an OOT patch.
Hi Lukas,
On Mon, Oct 18, 2021 at 04:47:12PM +0200, Lukas Tribus wrote:
> Hello,
>
> PCRE (1) is end of life and unmaintained now (see below).
Thanks for bringing this!
> Not a huge
> problem, because PCRE2 has been supported since haproxy 1.8.
>
> However going forward (haproxy 2.5+) should w
DEV: coccinelle: Add strcmp.cocci
CLEANUP: Apply strcmp.cocci
CI: Add `permissions` to GitHub Actions
CI: Clean up formatting in GitHub Action definitions
CLEANUP: Consistently `unsigned int` for bitfields
William Lallemand (2):
MINOR: httpclient/cli: access sho
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
> Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing changes in
> https://git.haproxy.org/?p=haproxy.git, but not in GitHub.
So it was in relation with the Painful Access Token apparently. The
mirror user was not allowed any
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
> Willy,
>
> On 10/18/21 9:15 AM, Willy Tarreau wrote:
> > On Mon, Oct 18, 2021 at 09:09:01AM +0200, Tim Düsterhus wrote:
> > > Feel free to replace 'unsigned int' with 'uint' and reformat
On Mon, Oct 18, 2021 at 09:09:01AM +0200, Tim Düsterhus wrote:
> Feel free to replace 'unsigned int' with 'uint' and reformat the struct as
> needed.
Done an pushed, thank you!
Willy
Hi Elias,
On Fri, Oct 15, 2021 at 11:45:30AM +0200, Elias Abacioglu wrote:
> Hi
>
> I have backends with `default-server tfo`.
> I also have `retry-on conn-failure` on every backend except one where I
> have `retry-on all-retryable-errors`.
>
> I still get this warning for every backend.
>
> [W
On Fri, Oct 15, 2021 at 04:18:21PM +0500, Ilya Shipitsin wrote:
> This is 27th iteration of typo fixes
Merged, thanks Ilya!
Willy
On Fri, Oct 15, 2021 at 04:38:29PM +0200, Björn Jacke wrote:
> Hi,
>
> are there any objections for adding ::1 to the LOCALHOST acl? See attached
> patch...
No objection from me and I think it totally makes sense, of course.
I've added a small description to it and merged it.
Thanks Björn!
Willy
On Sat, Oct 16, 2021 at 06:24:18PM +0200, Tim Duesterhus wrote:
> see 6a0dd733906611dea958cf74b9f51bb16028ae20
>
> Found using GitHub's CodeQL scan.
> ---
> include/haproxy/stick_table-t.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/haproxy/stick_table-t.
On Sat, Oct 16, 2021 at 06:10:26PM +0200, Tim Duesterhus wrote:
> This change locks down the permissions of the access token in GitHub Actions
> to
> only allow reading the repository contents and nothing else.
(...)
This series and the coccinelle one applied, thanks Tim!
Willy
emand (4):
CI: github: switch to OpenSSL 3.0.0
REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc
MINOR: ssl: add ssl_fc_is_resumed to "option httpslog"
BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h
Willy Tarreau (25):
MINOR: rules: add a new function new_a
e collection
BUG/MEDIUM: httpclient/lua: crash because of b_xfer and get_trash_chunk()
MINOR: httpclient: destroy checks if a client was started but not stopped
BUG/MINOR: httpclient/lua: does not process headers when failed
MINOR: httpclient/lua: supports headers via named arg
On Thu, Oct 07, 2021 at 11:30:54AM +0500, ??? wrote:
> > Just thinking about something, given that the new API was already adopted
> > by BoringSSL and will probably be at some point in time by LibreSSL, would
> > it not be better to have a single macro "HA_SSL_USE_API_V3" or something
> >
This is the second patch. Some of your comments in it were useful to
raise some concerns about issues that could be difficult to address,
namely about the hard-coded use of IPPROTO_TCP at some places where
you'd have preferred to use protocol->sock_prot, but this one is not
correct since we're stil
f that's OK for you, feel free
to remerge it into yours.
Now switching to the second patch :-)
Thanks,
Willy
>From 9866bea00f11ab0091da752dc66e0d402244a298 Mon Sep 17 00:00:00 2001
From: Willy Tarreau
Date: Thu, 7 Oct 2021 08:44:38 +0200
Subject: [PATCH] EXP with better formatting
---
src/proto_
On Sat, Sep 18, 2021 at 03:05:10PM +0500, ??? wrote:
> Hello,
>
> I checked how looks binary shipped in several popular distributions
> (ppa:vbernat/haproxy-2.4, docker haproxytech/haproxy-ubuntu, docker
> haproxy).
>
> are we aware of those security features ? shall we move them to Make
Hi Ilya,
On Wed, Oct 06, 2021 at 11:26:13PM +0500, Ilya Shipitsin wrote:
> +/* ERR_func_error_string is deprecated in OpenSSL-3.0.0 */
> +#if (OPENSSL_VERSION_NUMBER >= 0x3000L)
> +#define HA_ERR_func_error_string(ret) "OPENSSL_internal"
> +#else
> +#define HA_ERR_func_error_string(ret) ERR_fu
On Mon, Oct 04, 2021 at 01:02:58AM -0600, astrotha...@gmail.com wrote:
> From: Thayne McCombs
>
> Add a more precise description on how backslash escaping is different
> than the top-level parser, and give examples of how to handle single
> quotes inside arguments.
This looks good, and thanks fo
Hi Björn,
On Mon, Oct 04, 2021 at 04:22:32PM +0200, Björn Jacke wrote:
> Hi Willy,
>
> I lost track of this issue but I caught this up finally again.
>
> I updated the setsockopt error patch as part of the mptcp branch here:
>
> https://gitlab.com/bjacke/haproxy/-/commits/bjacke-mptcp
Thanks f
801 - 900 of 9257 matches
Mail list logo