Hi Williams,
> +/* binary, returns a chain certificate in a binary chunk (der/raw).
> + * The 5th keyword char is used to support only peer cert
> + */
> +static int
> +smp_fetch_ssl_x_chain_der(const struct arg *args, struct sample *smp, const
> char *kw, void *private)
> +{
> + struct
On Wed, Aug 05, 2020 at 03:07:19PM +0200, William Dauchy wrote:
> On Wed, Aug 5, 2020 at 2:41 PM William Lallemand
> wrote:
> > I don't know if this is possible to fix it, but I think must of the SSL
> > fetches have
> > the problem.
>
> ok makes sense in that case. So for now I assume there
On Wed, Aug 5, 2020 at 3:20 PM Emeric Brun wrote:
> I think this code could be useful to declare also a "ssl_s_chain_der" using
> minor changes as this is done on ssl_c_serial:
true, I can do a v3 to handle this.
--
William
I too am seeing this issue with with haproxy 1.8.26-1ppa1~bionic on Ubuntu
18.04.4 LTS.
On Chrome (84.0.4147.105), this results in the
'net::ERR_HTTP2_PROTOCOL_ERROR 200' console error, either on the primary
page load or on load of other page resources. In Firefox (79.0), no console
errors are
trivial commit, does not change the code behaviour
Signed-off-by: William Dauchy
---
src/ssl_utils.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 510b5da80..0a12fea5b 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@
Following work from Arjen and Mathilde, it adds ssl_c_chain_der method;
it returns DER encoded certs from SSL_get_peer_cert_chain
Also update existing vtc tests to add random intermediate certificates
When getting the result through this header:
http-response add-header x-ssl-chain-der
Hello William,
Thanks for your quick answer.
On Wed, Aug 5, 2020 at 2:41 PM William Lallemand wrote:
> I don't know if this is possible to fix it, but I think must of the SSL
> fetches have
> the problem.
ok makes sense in that case. So for now I assume there is no easy way
to get the
Following work from Arjen and Mathilde, it adds ssl_c_chain_der method;
it returns DER encoded certs from SSL_get_peer_cert_chain
Also update existing vtc tests to add random intermediate certificates
When getting the result through this header:
http-response add-header x-ssl-chain-der
trivial commit, does not change the code behaviour
Signed-off-by: William Dauchy
---
src/ssl_utils.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 510b5da80..0a12fea5b 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@
Hi,
Here is a patch to add a new fetcher for cert chain.
It follows discussion after thread
https://www.mail-archive.com/haproxy@formilux.org/msg35607.html
It currently does not support session reuse, but I was looking for
inputs about it, whether I could make use of `reused_sess` objects in
I upgraded the server to the 2.2 LTS version and i have the same behaviour in
that version.
If needed i can provide a testing environment.
Kind Regards,
Bram Gillemon
> On 5 Aug 2020, at 11:28, Oliver Kelly wrote:
>
> I too am seeing this issue with with haproxy 1.8.26-1ppa1~bionic on
I've opened https://github.com/haproxy/haproxy/issues/798
On Wed, Aug 5, 2020 at 7:51 PM Bram Gillemon wrote:
> I upgraded the server to the 2.2 LTS version and i have the same behaviour
> in that version.
>
> If needed i can provide a testing environment.
>
> Kind Regards,
> Bram Gillemon
>
>
On Wed, Aug 05, 2020 at 11:42:15AM +0200, William Dauchy wrote:
> Hi,
>
> Here is a patch to add a new fetcher for cert chain.
> It follows discussion after thread
> https://www.mail-archive.com/haproxy@formilux.org/msg35607.html
>
> It currently does not support session reuse, but I was looking
Le 05/08/2020 à 12:22, Oliver Kelly a écrit :
I've opened https://github.com/haproxy/haproxy/issues/798
Here is a patch for the 1.8. Could you validate it fixes your issue ?
It fixes a bug introduced in 2.0 by the commit 6ad7cd981 ("BUG/MEDIUM: mux-h2:
Emit an error if the response chunk
Le 04/08/2020 à 11:18, Baptiste a écrit :
Hi,
A couple of patches for the DNS runtime resolver:
#1 is just a typo cleanup
#2 fixes a "regression" introduced with the parsing of the Additional section
from the SRV record responses. Basically, when HAProxy uses SRV records and
Additional
Le 05/08/2020 à 22:37, Bram Gillemon a écrit :
Hi,
i was just setting up the 2.2 version again and i think i did something wrong
this morning because i can't reproduce it anymore.
Sorry for the extra work i caused.
No problem. I always prefer a false bug report than a long fix session :)
Le 05/08/2020 à 14:52, Christopher Faulet a écrit :
Le 05/08/2020 à 12:22, Oliver Kelly a écrit :
I've opened https://github.com/haproxy/haproxy/issues/798
Here is a patch for the 1.8. Could you validate it fixes your issue ?
It fixes a bug introduced in 2.0 by the commit 6ad7cd981
Le 01/08/2020 à 16:28, William Dauchy a écrit :
From https://www.python.org/dev/peps/pep-0353/
"A new type Py_ssize_t is introduced, which has the same size as the
compiler's size_t type, but is signed. It will be a typedef for ssize_t
where available."
For integer types, causes printf to
Hi,
i was just setting up the 2.2 version again and i think i did something wrong
this morning because i can't reproduce it anymore.
Sorry for the extra work i caused.
Kind Regards,
Bram Gillemon
> On 5 Aug 2020, at 22:05, Christopher Faulet wrote:
>
> Le 05/08/2020 à 14:52, Christopher
19 matches
Mail list logo