Re: Buffer limits when adding a large number of CA certs into one ca-file via socket

2022-07-29 Thread William Lallemand
how to use the CLI > for creating ca-files? > You are indeed reaching a limitation of the current system, I'll reply directly on your feature request. Thanks, -- William Lallemand

Re: "Success" logs in HTTP frontends

2022-07-29 Thread William Lallemand
e "Success" message is the string for CO_ER_NONE in the fc_err_str fetch. (The default error string) Maybe we lack some intermediate state, or we could just change the string ? It is only the string for the handshake status so this is confusing when used as an error. -- William Lallemand

Re: Thoughts on QUIC/HTTP3

2022-07-09 Thread William Lallemand
x.php/Compilation_and_Installation#Using_RPATHs > My install does quic/http3 correctly, so I know it is finding and using > quictls. > Ok, you can always check with ldd if you have some doubts. -- William Lallemand

Re: Thoughts on QUIC/HTTP3

2022-07-08 Thread William Lallemand
nssldir to the real path of your ca-certificates ( /etc/ssl/certs ? ) This warning is emitted when trying to load the ca-certificates into the httpclient at startup with an empty directory. (Which is not supposed to happen on the openssl build of your distribution) -- William Lallemand

Re: running SECLEVEL=2 for OpenSSL-3.0 tests ?

2022-07-05 Thread William Lallemand
On Tue, Jul 05, 2022 at 12:06:14PM +0500, Илья Шипицин wrote: > вт, 5 июл. 2022 г. в 11:56, William Lallemand : > > > On Tue, Jul 05, 2022 at 11:15:25AM +0500, Илья Шипицин wrote: > > > I tried to run on Ubuntu 22.04, it is shipped with OpenSSL-3.0 and > > > S

Re: running SECLEVEL=2 for OpenSSL-3.0 tests ?

2022-07-05 Thread William Lallemand
L=2 to CI. > shall we run *only* SECLEVEL=2 or shall we expand build matrix ? > That's not a good idea, this is supposed to be the default in a lot of distribution and this could hide a lot of problems. HAProxy must works with this default settings, the failing reg-test must be fixed instead. -- William Lallemand

Re: lua: Add missed lua 5.4 references

2022-07-04 Thread William Lallemand
E -STATIC_PCRE -STATIC_PCRE2 +TPROXY > +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -ENGINE +GETADDRINFO > +OPENSSL +LUA +ACCEPT4 -CLOSEFROM -ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL > +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL > -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING > Built with Lua version : Lua 5.4.2 > Thanks, applied! -- William Lallemand

Re: [PATCH] CI: enable gcc asan builds

2022-07-04 Thread William Lallemand
On Sat, Jul 02, 2022 at 01:40:30PM +0200, Tim Düsterhus wrote: > Hi > > On 7/2/22 08:03, Илья Шипицин wrote: > > let us run asan for gcc as well. > > This patch appears reasonable to me. > > Best regards > Tim Düsterhus > Thanks, applied! -- William Lallemand

rhel+quic packages available

2022-06-30 Thread William Lallemand
On Wed, Jun 08, 2022 at 03:01:05PM +0200, William Lallemand wrote: > On Wed, Jun 01, 2022 at 07:17:33PM +0500, Илья Шипицин wrote: > > spec files work under centos 8 as well, but IUS currently builds only > > centos 7, I haven't figured out how to add centous 8 yet > > &

Re: HttpClient in Lua

2022-06-21 Thread William Lallemand
iguration so there is no reason it will block. -- William Lallemand

Re: HttpClient in Lua

2022-06-20 Thread William Lallemand
gt; If you want to take the hackish road, you can just simply create a proxy in your haproxy which does this, with an SSL server and a crt. This way you can still use the httpclient or the socket API directly with this proxy. -- William Lallemand

Re: HttpClient in Lua

2022-06-20 Thread William Lallemand
ight now. This should evolve in the future but the current architecture is not able to do it. -- William Lallemand

Re: To upgrade from 2.5 to 2.6 on ubuntu

2022-06-20 Thread William Lallemand
thms you might want to reenable them. -- William Lallemand

Re: grooming IUS haproxy packages

2022-06-08 Thread William Lallemand
netys.com which are haproxy users for a long time and they told us that they are maintaining packages for RHEL 6/7/8. https://packages.zenetys.com/latest/redhat/ https://github.com/zenetys/rpm-haproxy I added the links on https://github.com/haproxy/wiki/wiki/Packages . -- William Lallemand

Re: grooming IUS haproxy packages

2022-06-01 Thread William Lallemand
ges do have READMEs in github, I'm looking for ideas > what to put to README. > I have no clue, that's probably not important. -- William Lallemand

Re: how to install on RHEL7 and 8

2022-05-31 Thread William Lallemand
en times I did special, > unsupported builds in COPR for others to use. > > Hope this helps. > > Ryan Thanks! -- William Lallemand

Re: how to install on RHEL7 and 8

2022-05-26 Thread William Lallemand
ple of weeks, that means I did not find > a time. > Well be careful then, because I'm talking about long-term maintenance, not just another package not being updated after a few months like all haproxy RPM that we can find out there. It really takes time and dedication. Regards, -- William Lallemand

Re: how to install on RHEL7 and 8

2022-05-25 Thread William Lallemand
could be done with IUS, its as simple as a pull request on their github for each new release, but someone need to be involve. I'm not a redhat user, but from time to time someone is asking for a redhat package and nothing is really available and maintained outside of the official redhat one. Regards, -- William Lallemand

Re: Backporting "MEDIUM: mworker: reexec in waitpid mode after successful loading" to 2.4

2022-05-13 Thread William Lallemand
On Tue, May 10, 2022 at 02:21:42PM +0200, William Lallemand wrote: > On Tue, May 10, 2022 at 12:09:59PM +0200, Christian Ruppert wrote: > > > > It even just happened when running with gdb, without a reload. > > > > What the patch does is re-executing the master in

Re: Backporting "MEDIUM: mworker: reexec in waitpid mode after successful loading" to 2.4

2022-05-10 Thread William Lallemand
t; else. Or do you want a dump? I'd share it off-list then. That does help indeed, but I will need a full coredump with the binaries to analyze what provoked this watchdog in the master! Is it a problem you have since a while or did it happens with an update? It's not impossible that a fix provoked this. -- William Lallemand

Re: Backporting "MEDIUM: mworker: reexec in waitpid mode after successful loading" to 2.4

2022-05-10 Thread William Lallemand
his architecture for a while in some places which make it more robust but it was not easy to get there. Also the next LTS version which is 2.6 is almost there! What kind of crashes are you experimenting? It's supposed to help with the possible OOM on reload when too much memory was consumed by the master. -- William Lallemand

Re: [PATCH] move missing function definition to openssl-compat.h

2022-04-25 Thread William Lallemand
previous versions or in the forks. The ssl_sock functions must rest in ssl_sock.c. As you can see in this file there is a openssl counterpart to that function above. Cheers, -- William Lallemand

Re: [ANNOUNCE] haproxy-2.6-dev6

2022-04-19 Thread William Lallemand
| | | | | + Date of the day | | | + Number of commits after the tag | + Latest tag I hope this will be useful for users that want to deploy the development version for testing purposes. Regards, -- William Lallemand

Re: [PATCH]: BUILD/MINOR: ssl openssl 3 warning fix

2022-04-07 Thread William Lallemand
On Thu, Apr 07, 2022 at 11:07:41AM +0500, Илья Шипицин wrote: > ср, 6 апр. 2022 г. в 14:08, William Lallemand : > > > On Wed, Apr 06, 2022 at 09:45:02AM +0100, David CARLIER wrote: > > > > I recall there is a openssl3 port ongoing perhaps ? > > > > > > I

Re: [PATCH]: BUILD/MINOR: ssl openssl 3 warning fix

2022-04-06 Thread William Lallemand
T=0x1010L -DOPENSSL_NO_DEPRECATED" > Regards, -- William Lallemand

Re: [PATCH]: BUILD/MINOR: ssl openssl 3 warning fix

2022-04-06 Thread William Lallemand
That is not a good idea in my opinion, the goal is a real portage to the 3.0 API, once it's done it is supposed to compile with OPENSSL_NO_DEPRECATED defined. -- William Lallemand

Re: Re: CI caching improvement

2022-03-22 Thread William Lallemand
e to display the quictls commit ID somewehere in the log to be certain of the version we are linking with. -- William Lallemand

Re: [PATCH] CI: switch to LibreSSL-3.5.1

2022-03-18 Thread William Lallemand
On Wed, Mar 16, 2022 at 12:29:41PM +0500, Илья Шипицин wrote: > Hello, > > as LibreSSL-3.5.1 is released, let us switch to the most recent release. > > thanks, > Ilya Thanks, applied. -- William Lallemand

Re: CI caching improvement

2022-03-18 Thread William Lallemand
by hand. We also try to avoid the dependencies to other projects and its much simplier to have few shell scripts and a CI configuration in the repository. And typescript is not a language we would want to depend on if we need to debug it for example. Giving that github is offering the job restart feature, we could skip the VTest caching, since it's a little bit ugly. Only the quictls cache need to be fixed. Regards, -- William Lallemand

Re: [EXTERNAL] Re: CI caching improvement

2022-03-08 Thread William Lallemand
already downloading all the SSL libraries, should we stop doing it this way? What could be the problems with this? It seems like you want to do this in a strict github way, which is probably convenient for a lot of usecase, but it just look really more complicated that my first proposal. -- William Lallemand

Re: CI caching improvement

2022-03-08 Thread William Lallemand
On Tue, Mar 08, 2022 at 04:17:00PM +0100, Tim Düsterhus wrote: > William > > On 3/8/22 16:06, William Lallemand wrote: > > Also, I'm wondering if we could also cache the build of HAProxy, you > > could think that weird, but in fact it will help relaunch the tests when > &

Re: CI caching improvement

2022-03-08 Thread William Lallemand
ent cache key is not job dependent > (but the rest looks fine) > I don't think I get that, the key is a combination of the VTest commit + the hash per job. key: vtest-${{ steps.vtest-id.outputs.key }}-${{ steps.generate-cache-key.outputs.key }} Thanks, -- William Lallemand

CI caching improvement

2022-03-08 Thread William Lallemand
that weird, but in fact it will help relaunch the tests when one is failing, without rebuilding the whole thing. Let me know if we can improve the attached patch, otherwise I'll merge it. Regards, -- William Lallemand >From 34649ae5549a73d0f43530794f47861fb679510e Mon Sep 17 00:00:00 2001 From: Will

Re: [PATCH] BUILD ssl: another build warning on LIBRESSL_VERSION_NUMBER

2022-03-01 Thread William Lallemand
ks Julien, I just pushed it into master. -- William Lallemand

[ANNOUNCE] haproxy-2.5.3

2022-02-18 Thread William Lallemand
in ssl_ocsp_response_print BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print William Lallemand (3): BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload BUG/MINOR: httpclient: re

Re: [ANNOUNCE] haproxy-2.5.2

2022-02-17 Thread William Lallemand
> to rush on new packages yet ;-) I'll keep you updated whatever the > outcome. > I'll probably emit a 2.5.3 this evening or tomorrow, some of the forgotten fixes could be bothersome for people trying to migrate in 2.5. -- William Lallemand

Re: [PATCH] fix guarding when OPENSSL_NO_DH is set

2022-02-14 Thread William Lallemand
Lv3 port, could you check if this is still relevant? Thanks, -- William Lallemand

Re: [EXTERNAL] Re: Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 11:54:05PM +0500, Илья Шипицин wrote: > > as you already suggested "best effort" support policy, it should not > require your time. > am I correct ? > Don't worry I will still review and merge patches :-) -- William Lallemand

Re: Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 07:46:44PM +0100, William Lallemand wrote: > > On Fri, Feb 04, 2022 at 11:02:24PM +0500, Илья Шипицин wrote: > > пт, 4 февр. 2022 г. в 19:16, William Lallemand : > > > > > On Fri, Feb 04, 2022 at 11:52:06AM +0100, William Lallemand wrote: &

Re: Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 11:02:24PM +0500, Илья Шипицин wrote: > пт, 4 февр. 2022 г. в 19:16, William Lallemand : > > > On Fri, Feb 04, 2022 at 11:52:06AM +0100, William Lallemand wrote: > > > > > > I just tried to build with the latest boringSSL version, th

Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 11:52:06AM +0100, William Lallemand wrote: > > I just tried to build with the latest boringSSL version, the problem is > on our side: > > We are defining X509_OBJECT_get0_X509_CRL() because it does not exist in > boringSSL, and inside it we are acc

Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 11:18:50AM +0100, William Lallemand wrote: > On Fri, Feb 04, 2022 at 09:57:25AM +0100, Remi Tricot-Le Breton wrote: > > > > > > On 02/02/2022 17:49, William Lallemand wrote: > > > > > >> Subject: [PATCH 2/7] BU

Re: Re: [PATCH] get BoringSSL back to the game

2022-02-04 Thread William Lallemand
On Fri, Feb 04, 2022 at 09:57:25AM +0100, Remi Tricot-Le Breton wrote: > > > On 02/02/2022 17:49, William Lallemand wrote: > > > >> Subject: [PATCH 2/7] BUILD: SSL: define X509_OBJECT for BoringSSL > >> > >> X509_OBJECT is opaque in Bonr

Re: [PATCH] get BoringSSL back to the game

2022-02-02 Thread William Lallemand
BKEY(x) > > BoringSSL defines that function since > https://boringssl.googlesource.com/boringssl/+/33f8d33af0dcb083610e978baad5a8b6e1cfee82 Merged. -- William Lallemand

Re: [ANNOUNCE] haproxy-2.6-dev1

2022-02-01 Thread William Lallemand
/haproxy -W -f haproxy.cfg 68703 pts/14 Sl+0:00 ./haproxy -sf 68686 -x sockpair@3 -W -f haproxy.cfg The biggest benefit is that you don't have to configure anything anymore to do a hitless reload. -- William Lallemand

Re: [PATCH] get BoringSSL back to the game

2022-02-01 Thread William Lallemand
ecides, but the development of QUIC in HAProxy is made with quictls currently. -- William Lallemand

Re: [PATCH] BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl

2022-01-19 Thread William Lallemand
On Wed, Jan 19, 2022 at 03:32:35PM +0100, Willy Tarreau wrote: > Subject: Re: [PATCH] BUG/MEDIUM: server: avoid changing healthcheck ctx with > set server ssl > > On Wed, Jan 19, 2022 at 03:24:44PM +0100, William Lallemand wrote: > > On Tue, Jan 18, 2022 at 12:07:21PM +0100, W

Re: [PATCH] BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl

2022-01-19 Thread William Lallemand
; > > - remove the implicit behavior > > > - then work on the missing commands for the health checks > > > > Do you think we can conclude on it? > > Just merged after our discussion on it :-) > Can we also mark it as deprecated in 2.5? patch attached -- William Lallemand

Re: changes in 2.5

2022-01-18 Thread William Lallemand
.10, 2.3.17, 2.2.20, in the master of the soon to be released 2.0.27. The change in `show proc` was made to remove the relative PID because HAProxy is not multi-process anymore. But if you parse the output by splitting the spaces and keeping the right field with the header you shouldn't have a parsing problem. -- William Lallemand

Re: [EXTERNAL] Re: [PATCH] BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time

2021-12-28 Thread William Lallemand
On Tue, Dec 28, 2021 at 12:14:37PM +0100, Miroslav Zagorac wrote: > > Hello William, > > I think that this commit can be applied to branches 2.5 and 2.6-dev. > > > Best regards. > Thanks, I added the information about the backport in the patch and I pushed it

Re: [PATCH] BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time

2021-12-28 Thread William Lallemand
, a warning has been > > added if the OT_USE_VARS variable is used. > > > > If appropriate, please apply this commit. > > > > Best regards. > > > > sorry, i forgot the patch. :( > Hi Miroslav, In which versions this patch should be backported? Thanks -- William Lallemand

Re: [PATCH] BUILD: unbreak the build with newer libressl

2021-12-15 Thread William Lallemand
a6232b5b0ce5c9cb5c0 Mon Sep 17 00:00:00 2001 Thanks Daniel, I merged it into master. -- William Lallemand

Re: [ANNOUNCE] haproxy-2.5.0

2021-12-14 Thread William Lallemand
SSL cache). > Hi Thierry, Could you update the lua documentation at http://www.arpalert.org/haproxy-api.html? It looks like neither the 2.4 version nor the 2.5 were published. Also the 2.4-dev link seems to be the master, maybe you could rename "2.4dev" into "master" directly? Thanks, -- William Lallemand

Re: [PATC H] adjust vtc for cert revocation check

2021-12-10 Thread William Lallemand
t, currently vtc expects 21, but some openssl variations return 20 > > X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21 > X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20 > > cheers, > Ilya Thanks, applied. -- William Lallemand

Re: OCSP with dynamic SSL storage

2021-11-22 Thread William Lallemand
lly it is recommended to update its .ocsp at the same time before committing, so it could add again the Certificate ID in the OCSP tree. It's the only HAProxy can know that OCSP was activated. Once its done, you can use the "set ssl ocsp-response", like you were using before. Look at the example in the documentation: https://cbonte.github.io/haproxy-dconv/2.4/management.html#9.3-set%20ssl%20cert Regards, -- William Lallemand

Re: [ANNOUNCE] haproxy-2.5-dev15

2021-11-20 Thread William Lallemand
allback because openSSL couldn't finish the handshake. However, in the case of a resume, no error was reported, but openSSL didn't had any handshake to do, so the connection was still accepted even though the SNI wasn't matching. -- William Lallemand

Re: [ANNOUNCE] haproxy-2.5-dev10

2021-10-18 Thread William Lallemand
dded a new config predicate "ssllib_name_startswith" to > detect the type of SSL library in "-cc" rules. Actually it's Rémi's patches. It completes the "openssl_version_atleast" predicate that was previously done and allow us to be very precise in the test selection, which was not the case before. -- William Lallemand

Re: question: ExecStartPre removal from systemd unit file

2021-08-19 Thread William Lallemand
during a reload, because kill can't achieve that. It's not really a problem to be in "wait" mode, if you do a reload again with a working configuration it will be in a normal state. The wait mode is just a state where the master only supervise the previous workers and couldn't fork

question: ExecStartPre removal from systemd unit file

2021-08-19 Thread William Lallemand
to remove this line. Is there anyone against it, or did I miss a particular usecase? Thanks, -- William Lallemand

Re: [ANNOUNCE] haproxy-2.5-dev3

2021-08-02 Thread William Lallemand
still active, and any feedback is welcome if that helps to > further improve the situation for users. > We need feedback about this, it will probably change in the future, the github thread is available here: https://github.com/haproxy/haproxy/issues/693 Don't hesitate to report your problems or needs in the ticket. -- William Lallemand

Re: no-stop keyword proposal

2021-07-27 Thread William Lallemand
n the master and the workers, if we expose this to users we will probably have a lot of corner cases to handle. This keyword is only meant to say to a worker that it must keep the communication with the master even if it's trying to exit, so we could do some maintenance or debugging over the master CLI. -- William Lallemand

Re: Proposal about new default SSL log format

2021-07-08 Thread William Lallemand
On Thu, Jul 08, 2021 at 02:48:32PM +0200, Willy Tarreau wrote: > On Thu, Jul 08, 2021 at 02:18:32PM +0200, William Lallemand wrote: > > I saw that you hesitated between "conn_status" and "conn_err_code", the > > "conn_" prefix could be confusing

Re: Proposal about new default SSL log format

2021-07-08 Thread William Lallemand
; *%sslv/%sslc* > I saw that you hesitated between "conn_status" and "conn_err_code", the "conn_" prefix could be confusing at some point once you try to have errors on the frontend and the backend side in the same log-format, I think something starting by "fc_conn_" would be more understandable. That seems good to me, we only need frontend info IMHO. People who need the SSL backend connection are not the most common case so they could make their own log-format with it. -- William Lallemand

Re: Speeding up opentracing build in CI ?

2021-06-17 Thread William Lallemand
; > > Let's wait for the remaining tests to conclude. > > OK that's a net win, openssl-3.0.0-alpha17 dropped from 8'29 to 2'55. > I've just excluded versions 1.x from both the parallel build and the > build_sw target and that's good now. > > Willy Great improvement, thanks! -- William Lallemand

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-14 Thread William Lallemand
https://github.com/haproxy/haproxy/commit/1b095cac9468d0c3eeb157e9b1a2947487bd3c83 I thought it disappeared completely from the interface, good to know! Thanks -- William Lallemand

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-14 Thread William Lallemand
Looks like a good idea imho, it could even be used to provide several kind of regex depending of which regex library you use for example. -- William Lallemand

Re: [PATCH 0/4] Use 'feature cmd' in regtests

2021-06-14 Thread William Lallemand
en skipped: > > 0 tests failed, 4 tests skipped, 105 tests passed > > I don't think this is going to be an issue. But if it is, please complain! > Hm the only problem I have with this, is that we won't be able to see why a test was excluded. -- William Lallemand

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-14 Thread William Lallemand
According to their documentation they are running the CI on the actual CPU not a emulated one, so still beter than qemu. -- William Lallemand

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-11 Thread William Lallemand
could do it with the alpine image. I you want to build with the musl-gcc wrapper you will need to link the linux headers in the musl headers directory otherwise it won't work the way their package is done. -- William Lallemand

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-11 Thread William Lallemand
t on the docker hub. > also, there's small caveat, github actions runs agent inside docker > container, it might have issues with older libc (or musl). > but it worth a try > Let's hope it works in this case. -- William Lallemand

Re: [PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-11 Thread William Lallemand
e to make this work I prefer to run it from github actions, otherwise we'll go with cirrus. Thanks, -- William Lallemand

[PATCH] CI: cirrus: add alpine linux to the jobs

2021-06-11 Thread William Lallemand
This commit adds a CI job to cirrus-ci which builds HAProxy on Alpine Linux, allowing to build and test HAProxy with musl. OpenSSL, PCRE2, Lua 5.3 as well as the prometheus exporter are enabled. GNU grep was purposely installed to run the reg-test script. --- .cirrus.yml | 13 + 1

add alpine linux to the CI

2021-06-11 Thread William Lallemand
Hello guys, I couldn't find a way to launch an alpine job easily with github actions so instead I wrote one for cirrus-ci, It will help debugging Docker images and musl problems. Example of the run here: https://cirrus-ci.com/task/5985082050609152 I'll push it in the master if that's fine with

Re: Speeding up opentracing build in CI ?

2021-06-10 Thread William Lallemand
ted on macos to be certain it's > OK there as well, and I don't know how to get the CPU count there (or > maybe we could just force it to a low value like 2 or 4). > > Willy > Looks fine to me, but from what I remember when debugging some reg-tests there was only one CPU available, I hope I'm wrong. -- William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand
On Mon, Jun 07, 2021 at 02:17:24PM +0200, William Lallemand wrote: > > On Mon, Jun 07, 2021 at 02:09:33PM +0200, Tim Düsterhus wrote: > > > > William, > > > > On 6/7/21 1:30 PM, William Lallemand wrote: > > > On Mon, Jun 07, 2021 at 04:02:00PM +0500,

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand
On Mon, Jun 07, 2021 at 02:09:33PM +0200, Tim Düsterhus wrote: > Subject: Re: [PATCH] CI: enable openssl-3.0.0 builds > > William, > > On 6/7/21 1:30 PM, William Lallemand wrote: > > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote: > >> sorry,

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand
On Mon, Jun 07, 2021 at 05:08:32PM +0500, Илья Шипицин wrote: > пн, 7 июн. 2021 г. в 16:31, William Lallemand : > > > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote: > > > sorry, I do not have much spare time to implement that in short time > > > per

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand
mething like: make DEBUG_CFLAGS="-g -Wno-deprecated-declarations" -- William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand
relevant at some point, not only for OpenSSL, but for the other libs that are linked with haproxy. In my opinion we should only disable them for this specific build of OpenSSL 3.0.0 on the CI, not for everyone in the Makefile. -- William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread William Lallemand
nd build without -Werror in order to see the -Wdeprecated-declarations warnings. * port haproxy to the new API (long term goal) to be able to build with openssl 3.0.0 with -Werror. > > @William Lallemand has an appetite to make it > green ;) > I'll fix what I can to be able to buil

Re: [PATCH] CI: switch to the latest stable LibreSSL-3.3.3

2021-05-05 Thread William Lallemand
On Wed, May 05, 2021 at 09:11:08AM +0500, Илья Шипицин wrote: > Hello, > > LibreSSL-3.3.3 just released. patch attached. > > thanks, > Ilya Thanks, pushed in master. -- William Lallemand

Re: Proposal about libslz integration into haproxy

2021-04-21 Thread William Lallemand
it's for a new major release so it's fine in my opinion. -- William Lallemand

[ANNOUNCE] haproxy-2.2.13

2021-04-02 Thread William Lallemand
=haproxy-2.2.git Changelog: http://www.haproxy.org/download/2.2/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : William Lallemand (2): BUG/MEDIUM: ssl: ckch_inst->ctx not assigned with multi-bundle certificates REGTESTS:

Re: 2.2.12 and rsa/ecdsa cert regression (crash on startup) ?

2021-04-01 Thread William Lallemand
On Thu, Apr 01, 2021 at 02:26:07PM +0200, William Lallemand wrote: > On Thu, Apr 01, 2021 at 10:19:31AM +, Jarno Huuskonen wrote: > > Hello, > > > > I'm seeing a regression with 2.2.12 and using rsa and ecdsa certs on bind. > > (cert1.pem.ecdsa > > cert1.

Re: 2.2.12 and rsa/ecdsa cert regression (crash on startup) ?

2021-04-01 Thread William Lallemand
or the report, I can reproduce the problem, I'm investigating. -- William Lallemand

Re: [PATCH] BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of HA_OPENSSL_VERSION

2021-03-26 Thread William Lallemand
On Fri, Mar 26, 2021 at 11:47:48PM +0500, Илья Шипицин wrote: > Hello, > > yet another patch that removes few HA_OPENSSL_VERSION usage. > > Ilya Pushed in master, thanks. -- William Lallemand

Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread William Lallemand
On Thu, Mar 25, 2021 at 12:52:42AM +0500, Илья Шипицин wrote: > Hello, > > yet another patch that removes several occurrences of HA_OPENSSL_VERSION > also, fetches enabled for BoringSSL and LibreSSL-2.7.0 and higher > > Ilya Looks good, pushed in master, thanks! -- William Lallemand

Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread William Lallemand
ou please have a look ? > I'll take a look. -- William Lallemand

Re: Fwd: [PATCH] cleanup unused definitions

2021-03-24 Thread William Lallemand
sl: use feature guard instead of openssl > > version for ecdh functions > > To: HAProxy , Willy Tarreau > > Delivered-To: haproxy@formilux.org > > List-Id: Haproxy > > > > ping > > > > ??, 21 ???. 2021 ?. ? 13:02, ??? : > > > > > Hello, > > > > > > yet another patch that reduces number of HA_OPENSSL_VERSION use > > > > > > Ilya > > > > > > > > > > > - End forwarded message - > Thanks, both merged. -- William Lallemand

Re: [PATCH] BUILD: ssl: use feature guard instead of openssl version for ecdh functions

2021-03-24 Thread William Lallemand
On Wed, Mar 24, 2021 at 11:29:19AM +0500, Илья Шипицин wrote: > ping > > вс, 21 мар. 2021 г. в 13:02, Илья Шипицин : > > > Hello, > > > > yet another patch that reduces number of HA_OPENSSL_VERSION use > > > > Ilya > > > > > > Thanks, merged. -- William Lallemand

Re: [PATCH] cleanup unused definitions

2021-03-24 Thread William Lallemand
On Wed, Mar 24, 2021 at 11:29:03AM +0500, Илья Шипицин wrote: > ping > > сб, 20 мар. 2021 г. в 22:43, Илья Шипицин : > > > while refactoring HA_OPENSSL_VERSION usage, > > I've found unused definitions. nice. > > > > > > Ilya > > Thanks, merged. -- William Lallemand

Re: is it possible to rotate TLS keys in scheduled way ?

2021-03-23 Thread William Lallemand
to be pushed each time a ticket expired. -- William Lallemand

Re: [PATCH] BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID

2021-03-10 Thread William Lallemand
g56.html > > > > > > > > > > > > > > > > Thanks, > > > > -- Daniel > > > > > > > > Hi, > > Thank you Daniel for reporting / fixing this. > The patch looks correct and may be applied. > > Baptiste Thanks, applied. -- William Lallemand

Re: [PATCH] BUILD: SSL: introduce fine guard for openssl specific "RAND_keep_random_devices_open"

2021-02-22 Thread William Lallemand
aproxy/openssl-compat.h > That guard does not depend anymore on HA_OPENSSL_VERSION Thanks, merged! -- William Lallemand

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-18 Thread William Lallemand
On Thu, Feb 18, 2021 at 07:06:14PM +0500, Илья Шипицин wrote: > ping :) > > On Sat, Feb 13, 2021, 11:48 AM Илья Шипицин wrote: > > > I changed macro name, new patch attached > > Merged, thanks. -- William Lallemand

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-12 Thread William Lallemand
On Sat, Feb 13, 2021 at 12:21:56AM +0500, Илья Шипицин wrote: > Hello, > > let as switch to feature macro instead of HA_OPENSSL_VERSION. > > Ilya Hello Ilya, For more concistency with the other macros I'd rather use "HAVE_SSL_SCTL" instead of "HAVE_OPENSSL

Re: Should server crt be consider as crt-list and handled via the runtime API?

2021-02-08 Thread William Lallemand
h, I think you meant "show ssl cert"? The crt-list are only useful to manage multiple certificates and SNIs on a bind line, in the case of a server line you only need one certicate. -- William Lallemand

Re: [PATCH] BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro

2021-02-08 Thread William Lallemand
On Mon, Feb 08, 2021 at 05:17:32PM +0500, Илья Шипицин wrote: > usually I do such a stupid mistakes on friday. > I wonder about next friday :( > > new patch attached. > > Ilya > Don't worry it happens to me quite a lot :-) Applied, thanks. -- William Lallemand

Re: [PATCH] BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro

2021-02-08 Thread William Lallemand
SL_CTRL_SET_MSG_CALLBACK > SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); > #endif > #ifdef HAVE_OPENSSL_KEYLOG > -- > 2.29.2 > It looks like you sent the exact same patch by mistake. -- William Lallemand

Re: [PATCH} improve ssl guarding

2021-02-07 Thread William Lallemand
On Sat, Feb 06, 2021 at 09:18:30PM +0500, Илья Шипицин wrote: > you are right. > I've fixed it. > Thanks, both pushed in master. -- William Lallemand

  1   2   3   4   5   6   >