Am 24.01.2019 um 15:09 schrieb Aleksandar Lazic:
> Am 24.01.2019 um 03:49 schrieb Willy Tarreau:
>> On Wed, Jan 23, 2019 at 09:37:46PM +0100, Aleksandar Lazic wrote:
>>>
>>> Am 23.01.2019 um 21:27 schrieb Willy Tarreau:
On Wed, Jan 23, 2019 at 09:08:00PM +0100, Aleksandar Lazic wrote:
> Sh
Am 24.01.2019 um 03:49 schrieb Willy Tarreau:
> On Wed, Jan 23, 2019 at 09:37:46PM +0100, Aleksandar Lazic wrote:
>>
>> Am 23.01.2019 um 21:27 schrieb Willy Tarreau:
>>> On Wed, Jan 23, 2019 at 09:08:00PM +0100, Aleksandar Lazic wrote:
Should it be possible to have fe with h1 and be server h2(
On Wed, Jan 23, 2019 at 09:37:46PM +0100, Aleksandar Lazic wrote:
>
> Am 23.01.2019 um 21:27 schrieb Willy Tarreau:
> > On Wed, Jan 23, 2019 at 09:08:00PM +0100, Aleksandar Lazic wrote:
> >> Should it be possible to have fe with h1 and be server h2(alpn h2), as I
> >> expect this or similar return
Am 23.01.2019 um 21:27 schrieb Willy Tarreau:
> On Wed, Jan 23, 2019 at 09:08:00PM +0100, Aleksandar Lazic wrote:
>> Should it be possible to have fe with h1 and be server h2(alpn h2), as I
>> expect this or similar return value when I go thru haproxy?
>
> Yes absolutely. That's even what I'm do
On Wed, Jan 23, 2019 at 09:08:00PM +0100, Aleksandar Lazic wrote:
> Should it be possible to have fe with h1 and be server h2(alpn h2), as I
> expect this or similar return value when I go thru haproxy?
Yes absolutely. That's even what I'm doing on my tests to try to fix
the issues reported by Luk
Hi Willy.
Am 23.01.2019 um 19:50 schrieb Willy Tarreau:
> Hi Aleks,
>
> On Wed, Jan 23, 2019 at 06:58:25PM +0100, Aleksandar Lazic wrote:
>> backend be_generic_tcp
>> mode http
>> balance source
>> timeout check 5s
>> option tcp-check
>>
>> server "${SERVICE_NAME}" ${SERVICE_DEST_IP}:${
Hi Aleks,
On Wed, Jan 23, 2019 at 06:58:25PM +0100, Aleksandar Lazic wrote:
> backend be_generic_tcp
> mode http
> balance source
> timeout check 5s
> option tcp-check
>
> server "${SERVICE_NAME}" ${SERVICE_DEST_IP}:${SERVICE_DEST_PORT} check
> inter 5s proto h2 ssl ssl-min-ver TLSv1.3
Hi.
After some tricky stuff with centos I switched to debian as base image and was
now able to build haproxy with boringssl.
/usr/local/sbin/haproxy -vv
HA-Proxy version 1.9.2 2019/01/16 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAG
Hi Aleksandar,
Just FYI.
Op 22-1-2019 om 22:08 schreef Aleksandar Lazic:
But this could be a know bug and is fixed in the current git
-
## Starting vtest ##
Testing with haproxy version: 1.9.2
#top TEST ./reg-
Am 22.01.2019 um 21:45 schrieb Adam Langley:
> On Tue, Jan 22, 2019 at 12:13 PM Aleksandar Lazic wrote:
>> Sorry for my dump question, I just want to be save not to break something.
>>
>> It would be nice to have the option '-key-update' in client.cc and server.cc
>> where can I put this feature r
Tim.
Am 22.01.2019 um 20:57 schrieb Tim Düsterhus:
> Aleks,
>
> Am 22.01.19 um 20:50 schrieb Aleksandar Lazic:
>> This means that the function in haproxy works but the check should be
>> adopted to
>> match both cases, right?
>
> At least one should investigate what exactly is happening here (
On Tue, Jan 22, 2019 at 12:13 PM Aleksandar Lazic wrote:
> Sorry for my dump question, I just want to be save not to break something.
>
> It would be nice to have the option '-key-update' in client.cc and server.cc
> where can I put this feature request for boringssl?
>
> That would be make the te
Am 22.01.2019 um 20:54 schrieb Adam Langley:
> On Tue, Jan 22, 2019 at 11:45 AM Aleksandar Lazic wrote:
>> Can it be reused to test a specific server like?
>>
>> ssl/test/runner/runner -test "KeyUpdate-ToServer" 127.0.0.1:8443
>
> Not easily: it drives the implementation under test by forking a
>
Aleks,
Am 22.01.19 um 20:50 schrieb Aleksandar Lazic:
> This means that the function in haproxy works but the check should be adopted
> to
> match both cases, right?
At least one should investigate what exactly is happening here (the
differences between the libc is a guess) and possibly file a b
On Tue, Jan 22, 2019 at 11:45 AM Aleksandar Lazic wrote:
> Can it be reused to test a specific server like?
>
> ssl/test/runner/runner -test "KeyUpdate-ToServer" 127.0.0.1:8443
Not easily: it drives the implementation under test by forking a
process and has quite a complex interface via command-l
Tim.
Am 22.01.2019 um 20:26 schrieb Tim Düsterhus:
> Aleks,
>
> Am 22.01.19 um 19:38 schrieb Aleksandar Lazic:
>> ## test results in:
>> "/tmp/haregtests-2019-01-22_18-28-24.aBghMD/vtc.3398.76167f9e"
>> s10.0 EXPECT req.http.test3maskff (2001:db8:c001:c01a:::10:0) ==
>> "2001:db8:c0
Am 22.01.2019 um 20:30 schrieb Adam Langley:
> On Tue, Jan 22, 2019 at 11:16 AM Aleksandar Lazic wrote:
>> Agree that I get a 400 with this command.
>>
>> `echo 'K' | ./tool/bssl s_client -connect mail.google.com:443`
>
> (Note that "K" on its own line does not send a KeyUpdate message with
> Bor
On Tue, Jan 22, 2019 at 11:16 AM Aleksandar Lazic wrote:
> Agree that I get a 400 with this command.
>
> `echo 'K' | ./tool/bssl s_client -connect mail.google.com:443`
(Note that "K" on its own line does not send a KeyUpdate message with
BoringSSL's bssl tool. It just sends "K\n".)
> How does bo
Aleks,
Am 22.01.19 um 19:38 schrieb Aleksandar Lazic:
> ## test results in:
> "/tmp/haregtests-2019-01-22_18-28-24.aBghMD/vtc.3398.76167f9e"
> s10.0 EXPECT req.http.test3maskff (2001:db8:c001:c01a:::10:0) ==
> "2001:db8:c001:c01a:0::10:0" failed
The difference here is that the t
Am 22.01.2019 um 20:04 schrieb Adam Langley:
> On Tue, Jan 22, 2019 at 10:54 AM Aleksandar Lazic wrote:
>> Do have boringssl a similar tool like s_client?
>
> BoringSSL builds tool/bssl (in the build directory), which is similar.
> However it doesn't have any magic inputs that can trigger a KeyUp
On Tue, Jan 22, 2019 at 10:54 AM Aleksandar Lazic wrote:
> Do have boringssl a similar tool like s_client?
BoringSSL builds tool/bssl (in the build directory), which is similar.
However it doesn't have any magic inputs that can trigger a KeyUpdate
message like OpenSSL's s_client.
Cheers
AGL
s fails in container?
> Regards
> Aleks
>
>
> Ursprüngliche Nachricht
> Von: Janusz Dziemidowicz
> Gesendet: 22. Jänner 2019 19:49:15 MEZ
> An: Aleksandar Lazic
> CC: HAProxy
> Betreff: Re: haproxy 1.9.2 with boringssl
>
> wt., 22 sty 2019
f: Re: haproxy 1.9.2 with boringssl
wt., 22 sty 2019 o 19:40 Aleksandar Lazic napisał(a):
>
> Hi.
>
> I have now build haproxy with boringssl and it looks quite good.
>
> Is it the recommended way to simply make a git clone without any branch or
> tag?
> Does anyone know ho
wt., 22 sty 2019 o 19:40 Aleksandar Lazic napisał(a):
>
> Hi.
>
> I have now build haproxy with boringssl and it looks quite good.
>
> Is it the recommended way to simply make a git clone without any branch or
> tag?
> Does anyone know how the KeyUpdate can be tested?
openssl s_client -connect H
24 matches
Mail list logo