Re: [PATCH] BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
On 11/18/19 2:40 PM, William Lallemand wrote: > On Fri, Nov 15, 2019 at 06:49:10PM +0100, Willy Tarreau wrote: >> On Wed, Nov 06, 2019 at 06:47:50PM +0100, Emmanuel Hocdet wrote: >>> Hi, >>> >>> Very difficult to trigger the bug, except with spécific test configuration >>> like: >>> crt-list: >>> cert.pem !www.dom.tld >>> cert.pem *.dom.tld >>> >>> If you can consider the patch. >> >> Guys, I know that everyone has been very busy lately but at least giving >> me indications like "yes", "no", "let me check", "do as you want" or >> whatever could help. Letting candidate fixes rot for 9 days with no >> response is not cool, and while it will always happen once in a while >> anywhere, it systematically happens in the SSL subsystem. We definitely >> need to improve this situation :-( >> >> Now it's too late for 2.0.9 and 2.1-dev5 anyway. >> > > Hi, > > I did not see this patch, you should probably ask directly the SSL maintainer > before issuing a release if there is a pending patch. > > In my opinion we can integrate it. > Seems to be a bug fix done by the initiator of the feature. So I think there is no reason to dig and my response will be "do as you want". I spent recently several days fixing SSL/peers bugs or helping co-workers to find them and my time window allocated for this is largely exploded since I didn't find time to work on what I'm supposed to do which also have deadlines and require to be focused (but this does not concern the opensource's software mailing list). R, Emeric
Re: [PATCH] BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
On Wed, Nov 06, 2019 at 06:47:50PM +0100, Emmanuel Hocdet wrote: > Hi, > > Very difficult to trigger the bug, except with spécific test configuration > like: > crt-list: > cert.pem !www.dom.tld > cert.pem *.dom.tld > > If you can consider the patch. > > Thank's > Manu > > Pushed in master, thanks! -- William Lallemand
Re: [PATCH] BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
On Fri, Nov 15, 2019 at 06:49:10PM +0100, Willy Tarreau wrote: > On Wed, Nov 06, 2019 at 06:47:50PM +0100, Emmanuel Hocdet wrote: > > Hi, > > > > Very difficult to trigger the bug, except with spécific test configuration > > like: > > crt-list: > > cert.pem !www.dom.tld > > cert.pem *.dom.tld > > > > If you can consider the patch. > > Guys, I know that everyone has been very busy lately but at least giving > me indications like "yes", "no", "let me check", "do as you want" or > whatever could help. Letting candidate fixes rot for 9 days with no > response is not cool, and while it will always happen once in a while > anywhere, it systematically happens in the SSL subsystem. We definitely > need to improve this situation :-( > > Now it's too late for 2.0.9 and 2.1-dev5 anyway. > Hi, I did not see this patch, you should probably ask directly the SSL maintainer before issuing a release if there is a pending patch. In my opinion we can integrate it. -- William Lallemand
Re: [PATCH] BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
On Wed, Nov 06, 2019 at 06:47:50PM +0100, Emmanuel Hocdet wrote: > Hi, > > Very difficult to trigger the bug, except with spécific test configuration > like: > crt-list: > cert.pem !www.dom.tld > cert.pem *.dom.tld > > If you can consider the patch. Guys, I know that everyone has been very busy lately but at least giving me indications like "yes", "no", "let me check", "do as you want" or whatever could help. Letting candidate fixes rot for 9 days with no response is not cool, and while it will always happen once in a while anywhere, it systematically happens in the SSL subsystem. We definitely need to improve this situation :-( Now it's too late for 2.0.9 and 2.1-dev5 anyway. Thanks, Willy
[PATCH] BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
Hi, Very difficult to trigger the bug, except with spécific test configuration like: crt-list: cert.pem !www.dom.tld cert.pem *.dom.tld If you can consider the patch. Thank's Manu 0001-BUG-MINOR-ssl-fix-crt-list-neg-filter-for-openssl-1..patch Description: Binary data