Re: Some compilation SSL errors/warnings on debian testing

Hi Willy, > Le 14 mars 2017 à 17:24, Willy Tarreau a écrit : > > Hi Pavlos, > > On Tue, Mar 14, 2017 at 04:43:26PM +0100, Pavlos Parissis wrote: >> Hi, >> >> On Debian testing with openssl 1.1.0e, I get the following warnings when I >> compile 1.7 and 1.8: >>

Re: Some compilation SSL errors/warnings on debian testing

On 14/03/2017 05:24 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Tue, Mar 14, 2017 at 04:43:26PM +0100, Pavlos Parissis wrote: >> Hi, >> >> On Debian testing with openssl 1.1.0e, I get the following warnings when I >> compile 1.7 and 1.8: >>

Dynamic cookies support

Hi guys, You'll find attached patches to add support for dynamically-generated session cookies for each server, the said cookies will be a hash of the IP, the TCP port, and a secret key provided. This adds 2 keywords to the config file, a "dynamic" keyword in the cookie line, which just enables

Re: Some compilation SSL errors/warnings on debian testing

Hi Manu, [ccing Emeric] On Tue, Mar 14, 2017 at 05:39:58PM +0100, Emmanuel Hocdet wrote: > Hi Pavlos > > > Le 14 mars 2017 à 16:43, Pavlos Parissis a > > écrit : > > > > Hi, > > > > On Debian testing with openssl 1.1.0e, I get the following warnings when I > >

Possible regression on HAProxy 1.6, related to ACLs and dynamic payload buffers

Hi all, After upgrading from 1.5 to 1.6 I noticed some ACLs stopped working. All of them looked like: acl some_name req.payload(0,0) <> I did some digging and found that the ability to handle dynamic buffers was added in 00f0084752eab236af80e61291d672e835790cff

Re: Some compilation SSL errors/warnings on debian testing

On 14/03/2017 10:20 μμ, Willy Tarreau wrote: > On Tue, Mar 14, 2017 at 08:18:27PM +0100, Pavlos Parissis wrote: On Debian testing with openssl 1.1.0e, I get the following warnings when I compile 1.7 and 1.8:

Only two weeks left before 1.8-dev1

Hi guys, just a reminder, if you have pending code that you'd like to get merged in 1.8 and which you didn't explicitly mention, try to be quick, as 03/31 is approaching (two weeks left), and it is the deadline for unscheduled code submissions. After this date we'll only accept the already

Re: Dynamic cookies support

Hi Olivier, On Tue, Mar 14, 2017 at 08:23:56PM +0100, Olivier Houchard wrote: > Hi guys, > > You'll find attached patches to add support for dynamically-generated session > cookies for each server, the said cookies will be a hash of the IP, the > TCP port, and a secret key provided. > This adds

Re: Problems with haproxy 1.7.3 on FreeBSD 11.0-p8

> On 15 Mar 2017, at 00:17, Willy Tarreau wrote: > > Matthias, > > I could finally track the problem down to a 5-year old bug in the > connection handler. It already used to affect Unix sockets but it > requires so rare a set of options and even then its occurrence rate > is so

Re: Some compilation SSL errors/warnings on debian testing

On Tue, Mar 14, 2017 at 10:55:34PM +0100, Pavlos Parissis wrote: > > Just out of curiosity, are there some features of 1.7 that you've > > already got used to and that prevent you from using 1.6, or is this just a > > matter of staying on something modern ? > > > > The latter, I prefer to use

Re: Problems with haproxy 1.7.3 on FreeBSD 11.0-p8

Matthias, I could finally track the problem down to a 5-year old bug in the connection handler. It already used to affect Unix sockets but it requires so rare a set of options and even then its occurrence rate is so low that probably nobody noticed it yet. I'm attaching the patch to be applied

Re: Some compilation SSL errors/warnings on debian testing

On Tue, Mar 14, 2017 at 08:18:27PM +0100, Pavlos Parissis wrote: > >> On Debian testing with openssl 1.1.0e, I get the following warnings when I > >> compile 1.7 and 1.8: > >>

Re: Force connection close after a haproxy reload

Hi Robinho, On Tue, Mar 14, 2017 at 01:12:45AM +, Robson Roberto Souza Peixoto wrote: > Hi! > > I'm using HaProxy as a reverse proxy to my applications running on Marathon. > > The Marathon-lb(https://github.com/mesosphere/marathon-lb) is the > responsabel to create the configuration file

Re: [PATCH 0/2] MEDIUM: stats: Add JSON output option to show (info|stat)

Hi Simon, On Mon, Mar 13, 2017 at 02:36:28PM +0100, Simon Horman wrote: > Hi Willy, > > this patchset seems to have stalled. > I'd like to find a way to revive it. Good news now, I've just merged it! It looked good enough. I've run a few tests on it and validated that I didn't observerve any

Re: Force connection close after a haproxy reload

On Tue, Mar 14, 2017 at 6:39 AM Willy Tarreau wrote: > Hi Robinho, > > On Tue, Mar 14, 2017 at 01:12:45AM +, Robson Roberto Souza Peixoto > wrote: > > Hi! > > > > I'm using HaProxy as a reverse proxy to my applications running on > Marathon. > > > > The

Re: HTTP 429 Too Many Requests (tarpit deny_status)

Hi Jarno, On Mon, Mar 06, 2017 at 04:15:00PM +0200, Jarno Huuskonen wrote: > Hi Willy, > > On Fri, Feb 10, Willy Tarreau wrote: > > > How should I send the patches ? One commit for > > > http_server_error/http_get_status_idx changes and tarpit deny_status > > > parser / doc in another commit ? >

Re: Force connection close after a haproxy reload

On Tue, Mar 14, 2017 at 11:16:26AM +, Robson Roberto Souza Peixoto wrote: > But will `-st` mode wait for current http requests finish? Or will > interrupt all connections without waiting for the responses? It will interrupt them all but you said you were running TCP and not HTTP so with TCP

Re: Force connection close after a haproxy reload

On Tue, 14 Mar 2017 at 09:20 Willy Tarreau wrote: > On Tue, Mar 14, 2017 at 11:16:26AM +, Robson Roberto Souza Peixoto > wrote: > > But will `-st` mode wait for current http requests finish? Or will > > interrupt all connections without waiting for the responses? > > It will

Re: [PATCHES] Add support for LibreSSL 2.5.1

I have reworked the patches, so that they don't cause any warning to appear. -- _ / In real love you want the other \ | person's good. In romantic love you | | want the other person. | | | \ -- Margaret

Re: [PATCHES] Add support for LibreSSL 2.5.1

There seems to be some error when doing a clean compilation, so I'm sending corrected patches. -- / Any stone in your boot always migrates \ | against the pressure gradient to | | exactly the point of most pressure.| |

Re: [PATCHES] Add support for LibreSSL 2.5.1

And it seems like the previously attached patches do compile, but the warning is there again so now I'm finally including patches that make Haproxy both compile and not throw additional warnings. -- __ / What good is having someone who can \ | walk on

Some compilation SSL errors/warnings on debian testing

Hi, On Debian testing with openssl 1.1.0e, I get the following warnings when I compile 1.7 and 1.8: https://gist.githubusercontent.com/unixsurfer/9c42361822f23cfe36f3b2169133b551/raw/4665476fdfb2a94d287814a2c8a36215cbebb465/gistfile1.txt When I compile 1.6 I get errors and compilation fails:

Re: Some compilation SSL errors/warnings on debian testing

Hi Pavlos, On Tue, Mar 14, 2017 at 04:43:26PM +0100, Pavlos Parissis wrote: > Hi, > > On Debian testing with openssl 1.1.0e, I get the following warnings when I > compile 1.7 and 1.8: >

Re: [PATCHES] Add support for LibreSSL 2.5.1

Hi Piotr > Le 14 mars 2017 à 16:04, Piotr Kubaj a écrit : > > And it seems like the previously attached patches do compile, but the warning > is there again so now I'm finally including patches that make Haproxy both > compile and not throw additional warnings. > first

Re: Problems with haproxy 1.7.3 on FreeBSD 11.0-p8

Hi Matthias, I do have some good news. I could reproduce your issue on a FreeBSD machine (thanks Olivier!). This issue isn't FreeBSD specific, it's a bug in haproxy. It just happens that FreeBSD *sometimes* manages to get connect() to immediately succeed over the loopback, that you're indeed

Re: Some compilation SSL errors/warnings on debian testing

Hi Pavlos > Le 14 mars 2017 à 16:43, Pavlos Parissis a écrit : > > Hi, > > On Debian testing with openssl 1.1.0e, I get the following warnings when I > compile 1.7 and 1.8: >