Re: HAProxy performance on OpenBSD

2023-01-23 Thread Илья Шипицин
gmail decided to put original message to spam. I replied to first reply. indeed it was mentioned. sorry пн, 23 янв. 2023 г. в 14:22, Willy Tarreau : > Hi Ilya, > > On Mon, Jan 23, 2023 at 02:11:56PM +0600, ??? wrote: > > I would start with big picture view > > > > 1) are CPUs utilized

Re: HAProxy performance on OpenBSD

2023-01-23 Thread Илья Шипицин
also, I wonder what is LibreSSL <--> OpenSSL perf. I'll try "openssl speed" (I recall LibreSSL has the same feature), but I'm not sure I can get OpenBSD machine. can you try haproxy + openssl-1.1.1 (it is considered the most performant these days) ? пн, 23 янв. 2023 г. в 14:

Re: HAProxy performance on OpenBSD

2023-01-23 Thread Илья Шипицин
erf" tool. something like 25% of general impact later, I used "openssl speed", I compared Linux <--> FreeBSD (on required cipher suites) How can I interpret openssl speed output? - Stack Overflow <https://stackoverflow.com/questions/17410270/how-can-i-interpret-openssl

Re: HAProxy performance on OpenBSD

2023-01-23 Thread Илья Шипицин
I would start with big picture view 1) are CPUs utilized at 100% ? 2) what is CPU usage in details - fraction of system, user, idle ... ? it will allow us to narrow things and find what is the bottleneck, either kernel space or user space. пн, 23 янв. 2023 г. в 14:01, Willy Tarreau : > Hi

Re: Information Required For PostgreSQL HA

2023-01-18 Thread Илья Шипицин
there might be professional paid services how to migrate to F5. but I'm afraid it is wrong place to ask for such kind of services. чт, 19 янв. 2023 г. в 13:07, Willy Tarreau : > On Thu, Jan 19, 2023 at 06:40:30AM +, Zahid Haseeb wrote: > > ENVIRONMENT DETAIL > > We have setup high

Re: is there releases.json ?

2023-01-11 Thread Илья Шипицин
ср, 11 янв. 2023 г. в 20:52, Willy Tarreau : > Hi Ilya, > > On Wed, Jan 11, 2023 at 08:39:43PM +0600, ??? wrote: > > Hello, > > > > is "releases.json" generated by haproxy/make-releases-json at master · > > haproxy/haproxy (github.com) > > < >

is there releases.json ?

2023-01-11 Thread Илья Шипицин
Hello, is "releases.json" generated by haproxy/make-releases-json at master · haproxy/haproxy (github.com) published somewhere ? Ilya

Re: [PATCH 0/5] Changes to matrix.py

2022-12-29 Thread Илья Шипицин
I'm fine with reformatting/caching/whatever. btw, Tim, while on this, can you please add LibreSSL-3.7.0 (fixed) to stable branches ? I've forgotten, now we do not run libressl for stable branches at all чт, 29 дек. 2022 г. в 22:40, Tim Duesterhus : > Willy, > > please find some opinionated

Re: testing haproxy against older/newer gcc compilers

2022-12-29 Thread Илья Шипицин
чт, 29 дек. 2022 г. в 22:06, Willy Tarreau : > Hi Ilya, > > On Thu, Dec 29, 2022 at 09:24:43PM +0600, ??? wrote: > > Hello, > > > > I noticed some patches/commits related to "fix compilation on gcc-4/5..." > > > > I came to an idea to use official gcc images: > >

testing haproxy against older/newer gcc compilers

2022-12-29 Thread Илья Шипицин
Hello, I noticed some patches/commits related to "fix compilation on gcc-4/5..." I came to an idea to use official gcc images: https://hub.docker.com/_/gcc/tags?page=1 that mostly works in Github actions except gcc-4.8 :( so... are we interested in (monthly ?) run of something like this

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
haproxy/vtest.yml at master · chipitsine/haproxy (github.com) secret name can be arbitrary, for example "TOKEN". env variable is GITHUB_API_TOKEN пт, 23 дек. 2022 г. в 00:12, Willy Tarreau : > On Fri, Dec

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
not perfect, but it works [image: image.png] from github point of view, if token is bad, you'll get 401. as long as I'm getting 200, I assume it works for "openssl" org as well :) пт, 23 дек. 2022 г. в 00:04, Willy Tarreau : > On Thu, Dec 22, 2022 at 11:56:24PM +0600, ??? wrote: > >

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
you can limit token scope to read repo information. [image: image.png] чт, 22 дек. 2022 г. в 23:49, Willy Tarreau : > On Thu, Dec 22, 2022 at 11:35:35PM +0600, ??? wrote: > > here's how it works > > > > (unfortunately, github does not allow secret named GITHUB_ , so I created > >

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
here's how it works (unfortunately, github does not allow secret named GITHUB_ , so I created secret "TOKEN" and assigned it to variable GITHUB_API_TOKEN) I also added "env" to print all variables, you can value of GITHUB_API_TOKEN is masked. is it set to wrong value, so api call failed:

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
I'm not sure if it possible to issue organization based token (not a personal one). As for visibility, secrets are not visible for pull requests. чт, 22 дек. 2022 г. в 22:57, Илья Шипицин : > there are couple of steps left (no hurry, because "matrix.py" is backward > compatib

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
there are couple of steps left (no hurry, because "matrix.py" is backward compatible) 1. issue "some kind of token". either Personal Access Tokens (Classic) (github.com) (no time limit) or Fine-grained Personal Access Tokens (github.com)

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
I attached a patch. It keeps current behaviour and is safe to apply. in order to make a difference, github token must be issued and set via github ci settings. Ilya чт, 22 дек. 2022 г. в 16:57, Willy Tarreau : > On Thu, Dec 22, 2022 at 04:47:09PM +0600, ??? wrote: > > what if I make

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
what if I make it conditional, i.e. if github token is defined via env, make non anonymous api call, чт, 22 дек. 2022 г. в 16:27, Willy Tarreau : > On Thu, Dec 22, 2022 at 03:49:34PM +0600, ??? wrote: > > it is something I was afraid of "HTTP Error 403: rate limit exceeded". > > ok,

Re: Failures on "Generate Build Matrix"

2022-12-22 Thread Илья Шипицин
it is something I was afraid of "HTTP Error 403: rate limit exceeded". ok, I'll try to deal with that чт, 22 дек. 2022 г. в 15:41, William Lallemand : > Hi Guys, > > Since a few days I'm seeing some failure on the "Generate Build Matrix" > part of > the CI, the request.urlopen() seems to fail

Re: Followup on openssl 3.0 note seen in another thread

2022-12-14 Thread Илья Шипицин
Can you try to bisect? I suspect that it won't help, browsers tend to remember things in their own way On Thu, Dec 15, 2022, 9:09 AM Shawn Heisey wrote: > On 12/14/22 19:33, Shawn Heisey wrote: > > With quictls 3.0.7 it was working. I will try rebuilding and see > > whether it still does.

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-14 Thread Илья Шипицин
as for reporting "what is ubuntu-latest" and "what is ssl=stock", I did not have much success yet. github does not expose that information in easy way. actually, there's build step where image version is reported, but it is collapsed [image: image.png] ср, 14 дек. 2022 г. в

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-14 Thread Илья Шипицин
ср, 14 дек. 2022 г. в 19:23, William Lallemand : > On Wed, Dec 14, 2022 at 06:34:26PM +0500, Илья Шипицин wrote: > > I am attaching another patch, i.e. using "ubuntu-latest" and > "macos-latest" > > for development branches and fixed images for stable branch

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-14 Thread Илья Шипицин
I am attaching another patch, i.e. using "ubuntu-latest" and "macos-latest" for development branches and fixed images for stable branches. пн, 12 дек. 2022 г. в 19:57, William Lallemand : > On Mon, Dec 12, 2022 at 07:27:59PM +0500, Илья Шипицин wrote: > > I att

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-12 Thread Илья Шипицин
ote: > > Hi Ilya ! > > > > On Mon, Dec 12, 2022 at 10:56:11AM +0500, Илья Шипицин wrote: > > > hello, > > > > > > I made some prototype of I meant: > > > > > > > https://github.com/chipitsine/haproxy/commit/c95955ecfd1a5b514c235b0f155b

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-11 Thread Илья Шипицин
OK, I will send v2 today (I may also reintroduce 1.1.1) On Mon, Dec 12, 2022, 1:48 PM William Lallemand wrote: > Hi Ilya ! > > On Mon, Dec 12, 2022 at 10:56:11AM +0500, Илья Шипицин wrote: > > hello, > > > > I made some prototype of I meant: > > > >

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-11 Thread Илья Шипицин
cheers, Ilya ср, 7 дек. 2022 г. в 09:16, Илья Шипицин : > > > вт, 6 дек. 2022 г. в 23:29, Willy Tarreau : > >> On Tue, Dec 06, 2022 at 06:59:30PM +0100, Tim Düsterhus wrote: >> > William, >> > >> > On 12/6/22 15:37, William Lallemand wrote: >>

[PATCH] spelling fixes

2022-12-06 Thread Илья Шипицин
Hello, yet another spelling fix. Ilya From b3eeb7f08e1904825571406f5f4bbd7892ac2983 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 7 Dec 2022 09:46:19 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 34th iteration of typo fixes ---

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-06 Thread Илья Шипицин
вт, 6 дек. 2022 г. в 23:29, Willy Tarreau : > On Tue, Dec 06, 2022 at 06:59:30PM +0100, Tim Düsterhus wrote: > > William, > > > > On 12/6/22 15:37, William Lallemand wrote: > > > As I already mentionned, I don't really like the "latest" keyword for > > > the OpenSSL version as it prevent us to

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-06 Thread Илья Шипицин
вт, 6 дек. 2022 г. в 21:22, William Lallemand : > On Tue, Dec 06, 2022 at 07:54:33PM +0500, Илья Шипицин wrote: > > I recall I even promised to do something, but I did not :-) > > > > automatically determine "which is latest 3.0.x" does not make much sense

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-06 Thread Илья Шипицин
I think I got the idea. looks like you use the same github actions for stable branches. either I will manage to make them different or I will stick to 3.0.something. hopefully tomorrow вт, 6 дек. 2022 г. в 19:54, Илья Шипицин : > I recall I even promised to do something, but I

Re: Reproducible CI build with OpenSSL and "latest" keyword

2022-12-06 Thread Илья Шипицин
I recall I even promised to do something, but I did not :-) automatically determine "which is latest 3.0.x" does not make much sense, it is stable branch, very conservative. we can stick to 3.0.7, for example. I do not expect any breaking change between 3.0.7 and 3.0.8 we can move "latest" to

[PATCH] spelling fixes

2022-11-30 Thread Илья Шипицин
hello, yet another spelling patch. cheers, Ilya From c12cd6be4bc937b5d708e1bd646d732b5aae2cd6 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 30 Nov 2022 16:22:42 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 33rd iteration of typo fixes ---

Re: [ANNOUNCE] haproxy-2.7-dev9

2022-11-21 Thread Илья Шипицин
as release is getting close, I've performed cppcheck analysis https://github.com/haproxy/haproxy/issues/1939 https://github.com/haproxy/haproxy/issues/1940 https://github.com/haproxy/haproxy/issues/1941 let me know, if it is noisy/useless, I'm fine with cdiscarding cppcheck issues (however, it

Re: [PATCH] fix spelling "choosen" --> "chosen"

2022-11-19 Thread Илья Шипицин
Hello, can we settle it before 2.7 ? пн, 7 нояб. 2022 г. в 11:50, Willy Tarreau : > On Wed, Nov 02, 2022 at 10:43:49AM +0100, William Lallemand wrote: > > > > - if (!tp->choosen) > > > > + if (!tp->chosen) > > > > return; > > > > > > > > - chunk_appendf(b,

Re: [PATCH] CI: switch to LibreSSL-3.6.1, enable QUIC

2022-11-04 Thread Илья Шипицин
gentle ping ср, 2 нояб. 2022 г. в 12:12, Илья Шипицин : > Hello, > > after LibreSSL-3.6.1 we can switch back the latest and enable QUIC. > > Ilya >

[PATCH] CI: switch to LibreSSL-3.6.1, enable QUIC

2022-11-02 Thread Илья Шипицин
Hello, after LibreSSL-3.6.1 we can switch back the latest and enable QUIC. Ilya From 7f1940350856f078978f7d43ffd54c143484111a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Wed, 2 Nov 2022 11:59:37 +0500 Subject: [PATCH 2/2] CI: enable QUIC for LibreSSL builds since LibreSSL-3.6.x

[PATCH] fix spelling "choosen" --> "chosen"

2022-11-01 Thread Илья Шипицин
Hello, I'm not sure how good is idea to fix variable names. if we want to keep as is, I'd setup spelling exclusion. Ilya From ac321fef557fac0b29073084ddd39071b8f4277b Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Tue, 1 Nov 2022 15:46:39 +0500 Subject: [PATCH] CLEANUP: replace "choosen"

[PATCH] spelling fixes

2022-10-28 Thread Илья Шипицин
Hello, yet another spelling fix. Ilya From d6a14fe0c224e083a6226a985078f7e1acf11d03 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 29 Oct 2022 09:34:32 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 32nd iteration of typo fixes ---

Re: [PATCH] CI: monthly scheduled cross compile jobs

2022-10-28 Thread Илья Шипицин
gentle ping вт, 18 окт. 2022 г. в 19:16, Илья Шипицин : > Hello, > > hope this will help to catch some regression. > > Ilya >

Re: coredump and traceback on the CI

2022-10-20 Thread Илья Шипицин
чт, 20 окт. 2022 г. в 23:09, William Lallemand : > On Thu, Oct 20, 2022 at 10:51:23PM +0500, Илья Шипицин wrote: > > I would suggest to display vtest result failure only if vtest failed, > > haproxy/vtest.yml at master · haproxy/haproxy (github.com) > > < > https://gith

Re: coredump and traceback on the CI

2022-10-20 Thread Илья Шипицин
I would suggest to display vtest result failure only if vtest failed, haproxy/vtest.yml at master · haproxy/haproxy (github.com) I doubt if there could be coredump together with successful vtest just curious,

[PATCH] CI: monthly scheduled cross compile jobs

2022-10-18 Thread Илья Шипицин
Hello, hope this will help to catch some regression. Ilya From 90c8a08f627e62fb501ef214d4c1c6eccfef3c64 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Tue, 18 Oct 2022 19:13:45 +0500 Subject: [PATCH] CI: add monthly gcc cross compile jobs Build only gcc cross compile jobs are added with

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-18 Thread Илья Шипицин
There's an interesting case for OpenSSL-3.0, we do test it, but we run it in "relaxed" mode, while Ubuntu 22.04 and Fedora run it in SECLEVEL=2 mode. that will definitely change when "ubuntu-latest" become 22.04, but we should test it before вт, 18 окт. 2022 г. в 18:28, Илья

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-18 Thread Илья Шипицин
вт, 18 окт. 2022 г. в 17:40, William Lallemand : > On Tue, Oct 18, 2022 at 03:10:07PM +0500, Илья Шипицин wrote: > > > Sorry I didn't see the first commit that introduced this behavior. I'm > > > not sure we would want to replace the version automatically in the

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-18 Thread Илья Шипицин
вт, 18 окт. 2022 г. в 14:46, William Lallemand : > On Thu, Oct 13, 2022 at 08:54:38AM +0200, Willy Tarreau wrote: > > Hi Ilya, > > > > On Tue, Oct 11, 2022 at 12:18:40PM +0500, ??? wrote: > > > split patches attached. > > > > Sorry for the delay. Both applied now, thank you! > > Willy >

[PATCH] improve quictls build time

2022-10-14 Thread Илья Шипицин
Hello, currently QuicTLS takes 3m40s disabling "tests" saves 40sec per build. cheers, Ilya From ab0b26d299c143a69ca32834f5044b498cc602d0 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 15 Oct 2022 09:55:49 +0500 Subject: [PATCH] BUILD: scripts: disable tests build on QuicTLS build

Re: HAProxy version is generated in bad way for forks

2022-10-13 Thread Илья Шипицин
I bet that Tim builds haproxy as 2.5 :) [ilia@fedora .git]$ git describe --tags --match 'v*' --abbrev=0 | cut -c 2- 2.5-dev11 [ilia@fedora .git]$ чт, 13 окт. 2022 г. в 14:33, Илья Шипицин : > Hello, > > I'm running github fork https://github.com/chipitsine/haproxy > but only m

HAProxy version is generated in bad way for forks

2022-10-13 Thread Илья Шипицин
Hello, I'm running github fork https://github.com/chipitsine/haproxy but only master branch is kept in sync (no tags) because of that, HAProxy version is generated in wrong way: HAProxy version 2.0-dev2-91b230-9208 2022/10/13 - https://haproxy.org/ that behaviour due to

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-11 Thread Илья Шипицин
split patches attached. Ilya вт, 11 окт. 2022 г. в 11:08, Willy Tarreau : > On Tue, Oct 11, 2022 at 10:27:20AM +0500, ??? wrote: > > I was in doubt whether to split it into 2 patches (because they touch > > single file), > > The principle to keep in mind is that you may want to change

Re: [PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-10 Thread Илья Шипицин
I was in doubt whether to split it into 2 patches (because they touch single file), ok, I'll do that вт, 11 окт. 2022 г. в 10:19, Willy Tarreau : > Hi Ilya, > > On Sat, Oct 08, 2022 at 08:17:26PM +0500, ??? wrote: > > Hello, > > > > when OPENSSL_VERSION=latest (same for

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

2022-10-08 Thread Илья Шипицин
I sent patch to the list and reported libressl regression: https://github.com/libressl-portable/portable/issues/792 сб, 8 окт. 2022 г. в 10:26, Илья Шипицин : > unfortunately, we have a bug. I'll fix it today > > [image: image.png] > > > чт, 6 окт. 2022 г. в 14:07, Илья Шипиц

[PATCH] CI: use proper version generating when {OPENSSL,LIBRESSL}_VERSION=latest semantic is used

2022-10-08 Thread Илья Шипицин
Hello, when OPENSSL_VERSION=latest (same for LIBRESSL_VERSION=latest) was introduced, I made a mistake, and resolved version was generated as OPENSSL=3.0.5 which makes no sense to build-ssl.sh, proper version should have been OPENSSL_VERSION=3.0.5 temporarily we stick to LIBRESSL=3.5.3, because

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

2022-10-07 Thread Илья Шипицин
unfortunately, we have a bug. I'll fix it today [image: image.png] чт, 6 окт. 2022 г. в 14:07, Илья Шипицин : > > > чт, 6 окт. 2022 г. в 14:03, William Lallemand : > >> On Thu, Oct 06, 2022 at 08:46:08AM +0500, Илья Шипицин wrote: >> > libressl-3.6.0 was released

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

2022-10-06 Thread Илья Шипицин
чт, 6 окт. 2022 г. в 14:03, William Lallemand : > On Thu, Oct 06, 2022 at 08:46:08AM +0500, Илья Шипицин wrote: > > libressl-3.6.0 was released yesterday > > > > [image: image.png] > > > > > > hopefully, github pipeline will pick it on the next build (

Re: LibreSSL 3.6.0 QUIC support with HAProxy 2.7

2022-10-05 Thread Илья Шипицин
libressl-3.6.0 was released yesterday [image: image.png] hopefully, github pipeline will pick it on the next build (it tries to pick latest available). we can modify github pipeline to use quic for libressl builds чт, 15 сент. 2022 г. в 13:54, William Lallemand : > On Thu, Sep 15, 2022 at

Re: Health Checks and DNS lookups in stopping processes

2022-09-19 Thread Илья Шипицин
пн, 19 сент. 2022 г. в 20:47, Tim Düsterhus : > Hi > > recently our HAProxy nodes started handling long-running HTTP > connections (similar to WebSockets). This causes old workers to stay > around for several days after a reload. > > This isn't too bad from a memory perspective, we have

[PATCH] cirrus-ci: bump FreeBSD image to 13.1

2022-09-08 Thread Илья Шипицин
Hello, as we install freebsd binary packages, we need to bump image from time to time to match prebuilt packages. Ilya From 2692f43317e6c2812cfeb9dc9ddf9414700dfe79 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 8 Sep 2022 21:45:16 +0500 Subject: [PATCH] CI: cirrus-ci: bump FreeBSD

Re: Warnings with gcc 12.2.0 ... is the community interested in those, or already aware?

2022-09-05 Thread Илья Шипицин
пн, 5 сент. 2022 г. в 13:48, Tim Düsterhus : > Shawn, > > On 9/5/22 06:04, Shawn Heisey wrote: > > I have a secondary system running Ubuntu 22.10 (kinetic). It has gcc > > 12.2.0 installed. Building haproxy on that system results in a small > > number of warnings. It does build. > > > > Is

Re: SSL Certificate

2022-09-01 Thread Илья Шипицин
Dear Vahe, that website provides some non confidential documentation. neither it asks you for login/password or payment details. there's nothing wrong with http on such websites. Ilya чт, 1 сент. 2022 г. в 19:33, V N : > Hi, My name is Vahe, > I'm DevOps Egnineer security researcher, your

most probably next LibreSSL release will come with ... QUIC

2022-08-29 Thread Илья Шипицин
Hello, Provide the remaining QUIC API. · libressl-portable/openbsd@635aa39 (github.com) Ilya

Re: [PATCH] CI: enable weekly "m32" builds

2022-08-06 Thread Илья Шипицин
пн, 1 авг. 2022 г. в 22:40, Tim Düsterhus : > Ilya, > > On 7/29/22 20:25, Илья Шипицин wrote: > > not sure. it is not 32 bit, it is 32 bit built on x86_64. > > but I'm fine with "32 Bits" > > > > My understanding is that the primary thing that this t

[PATCH] spell fixes

2022-08-06 Thread Илья Шипицин
Hello, yet another spell fixes. Ilya From ce1dc66eeb1ab7e73426c0fa41dbb6e7655ce951 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 6 Aug 2022 23:01:00 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 32nd iteration of typo fixes ---

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

2022-08-06 Thread Илья Шипицин
I accidently lost "-E' flag on grep. follow up patch attached. сб, 6 авг. 2022 г. в 21:50, Илья Шипицин : > > > сб, 6 авг. 2022 г. в 20:59, Willy Tarreau : > >> On Sat, Aug 06, 2022 at 05:48:56PM +0200, Willy Tarreau wrote: >> > On Fri, Jul 29, 2022 at 09:3

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

2022-08-06 Thread Илья Шипицин
сб, 6 авг. 2022 г. в 20:59, Willy Tarreau : > On Sat, Aug 06, 2022 at 05:48:56PM +0200, Willy Tarreau wrote: > > On Fri, Jul 29, 2022 at 09:37:46PM +0500, ??? wrote: > > > gentle ping > > > > Sorry Ilya, but William is in vacation right now. Since I don't think > > there's any risk with

Re: [PATCH] CI: enable weekly "m32" builds

2022-07-29 Thread Илья Шипицин
пт, 29 июл. 2022 г. в 22:48, Tim Düsterhus : > Ilya, > > On 7/29/22 18:53, Илья Шипицин wrote: > > another exotic (but hopefully useful) CI job. > > > > In the first patch you have an indentation mixup. The script uses > spaces, but the modified line now uses ta

[PATCH] speling fixes

2022-07-29 Thread Илья Шипицин
Hello, yet another spell check fiexs. Ilya From fa2f99b1b2e5b30987db9eba77e1a59479610915 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 29 Jul 2022 22:26:53 +0500 Subject: [PATCH] CLEANUP: assorted typo fixes in the code and comments This is 31st iteration of typo fixes ---

[PATCH] CI: enable weekly "m32" builds

2022-07-29 Thread Илья Шипицин
Hello, another exotic (but hopefully useful) CI job. Ilya From d6185a3e972c0e04d86e8b7ddc075a08d115031a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 29 Jul 2022 21:42:12 +0500 Subject: [PATCH 1/2] BUILD: SSL: allow to pass additional configure args to QUICTLS this allows to pass

Re: [PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

2022-07-29 Thread Илья Шипицин
gentle ping вс, 24 июл. 2022 г. в 00:12, Илья Шипицин : > Hello, > > Ubuntu 22.04 is shipped with "openssl" command line 3.0.5, also SECLEVEL=2 > is set by default. > > "SECLEVEL=2" has uncovered an interesting issue with DH length, which was > set t

Re: Docker image 2.5.8

2022-07-25 Thread Илья Шипицин
Bob, there are several haproxy images, for example "haproxytech": haproxytech's Profile | Docker Hub (and many others) please tell us which image are you talking about? вт, 26 июл. 2022 г. в 01:48, Tim Düsterhus : > Bob, > > On 7/25/22 22:40, Stevenson,

[PATCH] ubuntu-22.04 related ssl fixes (SECLEVEL related and ec curves renamed)

2022-07-23 Thread Илья Шипицин
Hello, Ubuntu 22.04 is shipped with "openssl" command line 3.0.5, also SECLEVEL=2 is set by default. "SECLEVEL=2" has uncovered an interesting issue with DH length, which was set to 1024 for EC keys. While better strategy for DH on EC keys needs to be discussed, let us set it to configured dh

Re: [PR] Fix -v flag usage with install(1) on OpenBSD/NetBSD/Solaris/AIX

2022-07-14 Thread Илья Шипицин
I wonder how do NetBSD/OpenBSD ports work, do they use their own "install" invocation instead of "make install" ? shouldn't they switch to "make install" ? пт, 15 июл. 2022 г. в 10:25, PR Bot : > Dear list! > > Author: Brad Smith > Number of patches: 1 > > This is an automated relay of the

Re: Thoughts on QUIC/HTTP3

2022-07-06 Thread Илья Шипицин
ср, 6 июл. 2022 г. в 19:11, Shawn Heisey : > On 5/31/22 08:16, Amaury Denoyelle wrote: > > Thanks for your continuing your journey on HTTP/3 :) > > Yesterday I pulled down the haproxy 2.6 and quictls git repos. The > branch for quictls was openssl-3.0.4+quic. I built and installed > quictls and

Re: running SECLEVEL=2 for OpenSSL-3.0 tests ?

2022-07-05 Thread Илья Шипицин
вт, 5 июл. 2022 г. в 11:56, William Lallemand : > On Tue, Jul 05, 2022 at 11:15:25AM +0500, Илья Шипицин wrote: > > I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and > > SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) > > > >

running SECLEVEL=2 for OpenSSL-3.0 tests ?

2022-07-05 Thread Илья Шипицин
I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and SECLEVEL=2 by default (probably it is correct for RedHat 9 as well ?) test · chipitsine/haproxy@1d69992 (github.com) ssl - What could

[PATCH] CI: enable gcc asan builds

2022-07-02 Thread Илья Шипицин
Hello, let us run asan for gcc as well. Ilya From 51912b2f8e28b1906a0016283b59311d1dda2da1 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 2 Jul 2022 10:30:28 +0500 Subject: [PATCH] CI: re-enable gcc asan builds for some unclear reasons asan builds were limited to clang only. let us

Re: Configuration in a database

2022-06-15 Thread Илья Шипицин
there are few external tools for config provisioning, what comes to mind ... (*) consul templates consul-template/haproxy.md at main · hashicorp/consul-template (github.com) (*) dataplane api haproxytech/dataplaneapi:

QUIC / Chrome sudden timeouts

2022-06-14 Thread Илья Шипицин
there were interesting investigation on nginx mailing list Re: nginxQuic: медленный ответ от сервера. my translation: *What was found so far. Issue is located on Chrome/QUICHE side when EarlyData + HelloRetryRequest are bundled.

Re: grooming IUS haproxy packages

2022-06-01 Thread Илья Шипицин
ср, 1 июн. 2022 г. в 18:17, William Lallemand : > On Wed, Jun 01, 2022 at 09:50:20AM +0500, Илья Шипицин wrote: > > Hello, > > > > I created couple of PRs > > > > HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20 > > (github.com) <ht

Re: What does HAProxy do?

2022-06-01 Thread Илья Шипицин
< tdtemc...@gmail.com>: > Dear Ilya, > > We have a Software BOM list. > > HAProxy is among many commercial and open source software in the list. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individual in Singapore > > On Wed, 25 May 2022 at

grooming IUS haproxy packages

2022-05-31 Thread Илья Шипицин
Hello, I created couple of PRs HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20 (github.com) HAProxy 2.2.24 by chipitsine · Pull Request #21 · iusrepo/haproxy22 (github.com) 2.0 and

Re: how to install on RHEL7 and 8

2022-05-31 Thread Илья Шипицин
вт, 31 мая 2022 г. в 13:09, William Lallemand : > Hello Ryan, > > On Thu, May 26, 2022 at 01:28:58PM -0500, Ryan O'Hara wrote: > > > > I am the maintainer for all the Red Hat and Fedora packages. Feel free to > > ask questions here on the mailing list or email me directly. > > > > I try to keep

Re: Thoughts on QUIC/HTTP3

2022-05-29 Thread Илья Шипицин
пн, 30 мая 2022 г. в 00:56, Shawn Heisey : > On 5/29/2022 12:49 PM, Илья Шипицин wrote: > > roundcube runs automatic browser tests > > > > > https://github.com/roundcube/roundcubemail/runs/6642129873?check_suite_focus=true > > > > I think we can try to run thos

Re: Thoughts on QUIC/HTTP3

2022-05-29 Thread Илья Шипицин
вс, 29 мая 2022 г. в 23:40, Shawn Heisey : > On 4/29/2022 10:10 AM, Shawn Heisey wrote: > > I did a build and install this morning, a bunch of quic-related > > changes in that. Now everything seems to be working on my paste > > site. Large pastes work, and I can reload the page a ton of times >

Re: how to install on RHEL7 and 8

2022-05-27 Thread Илья Шипицин
3:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't think OBS is relevant for this case, the documentation is poor > and it's complicated to contribute to a

Re: how to install on RHEL7 and 8

2022-05-26 Thread Илья Шипицин
чт, 26 мая 2022 г. в 16:08, William Lallemand : > Ilya, > > On Thu, May 26, 2022 at 03:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't th

Re: how to install on RHEL7 and 8

2022-05-26 Thread Илья Шипицин
чт, 26 мая 2022 г. в 16:08, William Lallemand : > Ilya, > > On Thu, May 26, 2022 at 03:13:54PM +0500, Илья Шипицин wrote: > > I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora > > COPR, and I can try OBS). > > > > I don't th

Re: how to install on RHEL7 and 8

2022-05-26 Thread Илья Шипицин
I'll try to focus on redhat packaging (I'm somewhat familiar with Fedora COPR, and I can try OBS). if I will not come back in next couple of weeks, that means I did not find a time. ср, 25 мая 2022 г. в 20:52, William Lallemand : > On Tue, May 24, 2022 at 08:56:14PM +, Alford, Mark wrote: >

Re: What does HAProxy do?

2022-05-24 Thread Илья Шипицин
Hello, Turritopsis! Please tell us how you found that your organization is using HAProxy. Ilya вт, 24 мая 2022 г. в 18:04, Turritopsis Dohrnii Teo En Ming < tdtemc...@gmail.com>: > Subject: What does HAProxy do? > > Good day from Singapore, > > I notice that my company/organization uses

Re: [PR] chore: Included githubactions in the dependabot config

2022-05-24 Thread Илья Шипицин
in theory, this flow might be evolved 1) currently there's automation which closes every PR. automation is hidden somewhere and only few people can modify it 2) the same automation might be implemented using Github Actions (closing PR, sending email to list, etc), and there's a space for

Re: [ANNOUNCE] haproxy-2.6-dev11

2022-05-23 Thread Илья Шипицин
вт, 24 мая 2022 г. в 10:47, Willy Tarreau : > Hi Ilya, > > On Tue, May 24, 2022 at 09:53:01AM +0500, ??? wrote: > > Hello, > > > > can we please address https://github.com/haproxy/haproxy/issues/1585 > before > > final 2.6 ? > > I thought it was since I replied it was an FP but OK, I

Re: [ANNOUNCE] haproxy-2.6-dev11

2022-05-23 Thread Илья Шипицин
Hello, can we please address https://github.com/haproxy/haproxy/issues/1585 before final 2.6 ? Ilya сб, 21 мая 2022 г. в 13:11, Willy Tarreau : > Hi, > > HAProxy 2.6-dev11 was released on 2022/05/20. It added 106 new commits > after version 2.6-dev10. > > Yes, there were still too many changes

[PATCH] CI: determine actual OpenSSL version dynamically

2022-05-20 Thread Илья Шипицин
Hello, another small improvement, this change introduce "OPENSSL_VERSION=latest" semantic. Ilya From 0ba9b1a7791f8894b1d2061914f7e2b613785775 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 20 May 2022 23:02:38 +0500 Subject: [PATCH] CI: determine actual OpenSSL version dynamically

Re: Paid feature development: TCP stream compression

2022-05-20 Thread Илья Шипицин
> Mark > On 20/05/2022 10:12, Илья Шипицин wrote: > > in theory, you can try OpenVPN with compression enabled. > or maybe stunnel with compression stunnel TLS Proxy > <https://www.stunnel.org/static/stunnel.html> > > пт, 20 мая 2022 г. в 13:59, Mark Zealey : >

Re: Paid feature development: TCP stream compression

2022-05-20 Thread Илья Шипицин
CP to backend servers > > We don't have any other implementation of this, at the moment it is just > an idea we would like to implement. > > Mark > > > On 20/05/2022 09:54, Илья Шипицин wrote: > > isn't it SSL encapsulated ? how is compression is supposed to work in >

Re: Paid feature development: TCP stream compression

2022-05-20 Thread Илья Шипицин
isn't it SSL encapsulated ? how is compression is supposed to work in details ? any other implementation to look at ? чт, 19 мая 2022 г. в 21:32, Mark Zealey : > Hi there, > > We are using HAProxy to terminate and balance TCP streams (XMPP) between > our apps and our service infrastructure. We

Re: Observing low test-suite coverage

2022-05-17 Thread Илья Шипицин
k, can we review this sometimes ? )) I'd like to set automatic coverage after that. ср, 23 февр. 2022 г. в 15:44, Tim Düsterhus : > Willy, > > On 2/23/22 11:43, Илья Шипицин wrote: > > Willy, can you please apply patch from Tim (below) ? > > No, please don't. This p

[PATCH] CI: determine actual LibreSSL version dynamically

2022-05-13 Thread Илья Шипицин
Hello, let us introduce "LIBRESSL_VERSION=latest" semantic. Ilya From da2b295f45ecc6d99559ef147569514816ad6f7c Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 13 May 2022 21:59:38 +0500 Subject: [PATCH] CI: determine actual LibreSSL version dynamically this change introduce

[PATCH] CI: dynamically determine actual h2spec version

2022-05-05 Thread Илья Шипицин
Hi, small improvement, no need to use hardcoded version. Ilya From e3e4f129c7d7a56955133a29bedced021bf624a6 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Thu, 5 May 2022 15:15:12 +0500 Subject: [PATCH] CI: dynamically determine actual version of h2spec previously we used hardcoded h2spec

Re: valgrind follow up

2022-04-29 Thread Илья Шипицин
пт, 29 апр. 2022 г. в 17:39, Willy Tarreau : > Hi Ilya, > > On Fri, Apr 29, 2022 at 04:35:03PM +0500, ??? wrote: > > Hello, > > > > I added sample in my branch: CI: github actions: add valgrind smoke > tests · > > chipitsine/haproxy@7cd7f4a > > < >

valgrind follow up

2022-04-29 Thread Илья Шипицин
Hello, I added sample in my branch: CI: github actions: add valgrind smoke tests · chipitsine/haproxy@7cd7f4a here's its run: VTest · chipitsine/haproxy@7cd7f4a (github.com)

  1   2   3   4   5   6   7   8   9   10   >