Re: SPOE and modsecurity contrib Failed to decode HELLO frame

2018-08-17 Thread Aleksandar Lazic
Hi. Am 16.08.2018 um 11:00 schrieb Павел.: > > HI all! I'm compile modsec as described in the instructions > contib/modsec/README, but have the next errors: Which version of haproxy and this contib do you use? There was some changes recently. http://www.haproxy.org/download/1.8/src/CHANGELOG

Re: 100% cpu usage 1.9-dev0-48d92ee 2018/07/30, task.?. but keeps working.. (nbthread 1)

2018-08-17 Thread Olivier Houchard
On Thu, Aug 16, 2018 at 07:31:17PM +0200, Willy Tarreau wrote: > Both patches applied, thanks guys! > > Olivier, I have a suggestion for this one : > On Thu, Aug 16, 2018 at 07:17:07PM +0200, Olivier Houchard wrote: > > From 90fc92f72c6b47d88769bb73680702d7b8e6 Mon Sep 17 00:00:00 2001 > >

Option "verify" incompatible avec "crt-list"

2018-08-17 Thread Jean-Baptiste Berthelin
Bonjour, Depuis les dernières versions de Chrome, nous avons désormais un message de sélection du certificat client en accédant à un frontend HAProxy, du fait d'avoir un certificat en place dans mon navigateur associé à l'instruction de bind : verify optional (ou required). Il semble possible de

Re: 100% cpu usage 1.9-dev0-48d92ee 2018/07/30, task.?. but keeps working.. (nbthread 1)

2018-08-17 Thread Willy Tarreau
On Fri, Aug 17, 2018 at 01:41:54PM +0200, Olivier Houchard wrote: > That is true, this one is not a bug, but a pessimization, by using the global > update_list which is more costly than the local one. > > Patches attached to do as suggest. Applied, thank you! willy

[PATCH] BUG/MEDIUM: lua: socket timeouts are not applied

2018-08-17 Thread Cyril Bonté
Sachin Shetty reported that socket timeouts set in LUA code have no effect. Indeed, connect timeout is never modified and is always set to its default, set to 5 seconds. Currently, this patch will apply the specified timeout value to the connect timeout. For the read and write timeouts, the issue

Re: [PATCH] BUG/MEDIUM: lua: socket timeouts are not applied

2018-08-17 Thread Willy Tarreau
On Fri, Aug 17, 2018 at 11:51:02PM +0200, Cyril Bonté wrote: > Sachin Shetty reported that socket timeouts set in LUA code have no effect. > Indeed, connect timeout is never modified and is always set to its default, > set to 5 seconds. Currently, this patch will apply the specified timeout >

Re: Option "verify" incompatible avec "crt-list"

2018-08-17 Thread Aleksandar Lazic
Bonjour. Sorry but I don't understand french so I will try to interpret you question. Am 17.08.2018 um 17:40 schrieb Jean-Baptiste Berthelin: > Bonjour, > > Depuis les dernières versions de Chrome, nous avons désormais un message de > sélection du certificat client en accédant à un frontend