Just found out that AnyEvent::TLS does not support SNI *at all*, so I am
considering scrapping these VHOST tests. All in all, I am not very happy with
Protocol::HTTP2::Client. I think I would rather call nghttp and curl from our
Perl framework directly. But that would mean that people build nghttp2 with
apps and have nghttp in the $PATH...
//Stefan
> Am 17.11.2015 um 18:08 schrieb Jim Jagielski <j...@jagunet.com>:
>
> No issues under CentOS...
>
>> On Nov 17, 2015, at 11:28 AM, Stefan Eissing <stefan.eiss...@greenbytes.de>
>> wrote:
>>
>> That's cheating...
>>
>> I'll let you know when it works for me in such a configuration.
>>
>>> Am 17.11.2015 um 16:51 schrieb Jim Jagielski <j...@jagunet.com>:
>>>
>>> My perl is built against openssl 1.0.2...
>>>
>>>> On Nov 17, 2015, at 10:43 AM, Stefan Eissing
>>>> <stefan.eiss...@greenbytes.de> wrote:
>>>>
>>>> OK, the problem on OS X is that the default openssl is 0.98 which does not
>>>> do SNI.
>>>>
>>>> I try to detect this in lines 14-17 by:
>>>> my $alpn_available = exists &Net::SSLeay::CTX_set_alpn_protos;
>>>> if ($alpn_available) {
>>>> $total_tests += $vhost_suite;
>>>> }
>>>>
>>>> and change the test case expectations accordingly. That seems to fail on
>>>> your system. The test case thinks ALPN+SNI are available and wants to see
>>>> "localhost" in the response, but it is not used.
>>>>
>>>> Unnecessary to say that the detection (and therefore the tests) work on my
>>>> OS X installation - also before 10.11.
>>>>
>>>> Hmmm....are there SNI test cases for mod_ssl where I could see how it
>>>> detects it?
>>>>
>>>>
>>>>> Am 17.11.2015 um 16:30 schrieb Jim Jagielski <j...@jagunet.com>:
>>>>>
>>>>> Still:
>>>>>
>>>>> t/modules/http2.t .. 26/51
>>>>> # Failed test 34 in t/modules/http2.t at line 242 fail #4
>>>>> # testing : content comparision
>>>>> # expected: '<html><body>
>>>>> # <h2>Hello World!</h2>
>>>>> # TLS_SNI="localhost"
>>>>> # </body></html>
>>>>> # '
>>>>> # received: '<html><body>
>>>>> # <h2>Hello World!</h2>
>>>>> # TLS_SNI=""
>>>>> # </body></html>
>>>>> # '
>>>>> not ok 34
>>>>>
>>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6
>>>>> test case: VHOST001, expect 404 or 421 (using Host:): GET
>>>>> https://localhost:8544/misdirected
>>>>> # testing : GET https://localhost:8544/misdirected
>>>>> # expected: 421
>>>>> # received: '404'
>>>>> not ok 50
>>>>>
>>>>> # Failed test 51 in t/modules/http2.t at line 194 fail #7
>>>>> test case: VHOST002, expect 404 or 421 (using :authority): GET
>>>>> https://localhost:8544/misdirected
>>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6
>>>>> # testing : GET https://localhost:8544/misdirected
>>>>> # expected: 421
>>>>> # received: '404'
>>>>> not ok 51
>>>>>
>>>>> t/modules/http2.t .. Failed 3/51 subtests
>>>>>
>>>>>
>>>>>> On Nov 17, 2015, at 10:17 AM, Stefan Eissing
>>>>>> <stefan.eiss...@greenbytes.de> wrote:
>>>>>>
>>>>>> OK, the change is from October 19th by me. I changed the test suite to
>>>>>> have
>>>>>> the test run in deterministic order. $r is a references to an array of
>>>>>> tests
>>>>>> and, depending on module availability, I push more elements to $r.
>>>>>>
>>>>>> I just changed it to push @$r, { ... }
>>>>>>
>>>>>> Please give it a try.
>>>>>>
>>>>>>> Am 17.11.2015 um 16:06 schrieb Jim Jagielski <j...@jagunet.com>:
>>>>>>>
>>>>>>> I am still 10.10 but w/ Xcode 7.1.1
>>>>>>>
>>>>>>>
>>>>>>> <jimsys:stable/httpd-test/framework> % perl -V
>>>>>>> Summary of my perl5 (revision 5 version 20 subversion 2) configuration:
>>>>>>>
>>>>>>> Platform:
>>>>>>> osname=darwin, osvers=14.4.0, archname=darwin-thread-multi-2level
>>>>>>> uname='darwin jimsys.local 14.4.0 darwin kernel version 14.4.0: thu may
>>>>>>> 28 11:35:04 pdt 2015; root:xnu-2782.30.5~1release_x86_64 x86_64 '
>>>>>>> config_args='-des -Duseithreads -Dusemultiplicity=y -Duseshrplib
>>>>>>> -Dprefix=/usr/local2 -Dvendorprefix=/usr/local2'
>>>>>>> hint=recommended, useposix=true, d_sigaction=define
>>>>>>> useithreads=define, usemultiplicity=define
>>>>>>> use64bitint=define, use64bitall=define, uselongdouble=undef
>>>>>>> usemymalloc=n, bincompat5005=undef
>>>>>>> Compiler:
>>>>>>> cc='cc', ccflags ='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe
>>>>>>> -fstack-protector -I/usr/local/include -I/opt/local/include',
>>>>>>> optimize='-O3',
>>>>>>> cppflags='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe
>>>>>>> -fstack-protector -I/usr/local/include -I/opt/local/include'
>>>>>>> ccversion='', gccversion='4.2.1 Compatible Apple LLVM 6.1.0
>>>>>>> (clang-602.0.53)', gccosandvers=''
>>>>>>> intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
>>>>>>> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
>>>>>>> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
>>>>>>> lseeksize=8
>>>>>>> alignbytes=8, prototype=define
>>>>>>> Linker and Libraries:
>>>>>>> ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector
>>>>>>> -L/usr/local/lib -L/opt/local/lib'
>>>>>>> libpth=/usr/local/lib
>>>>>>> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib
>>>>>>>
>>>>>>> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib
>>>>>>> /usr/lib /opt/local/lib
>>>>>>> libs=-lgdbm -ldbm -ldl -lm -lutil -lc
>>>>>>> perllibs=-ldl -lm -lutil -lc
>>>>>>> libc=, so=dylib, useshrplib=true, libperl=libperl.dylib
>>>>>>> gnulibc_version=''
>>>>>>> Dynamic Linking:
>>>>>>> dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
>>>>>>> cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup
>>>>>>> -L/usr/local/lib -L/opt/local/lib -fstack-protector'
>>>>>>>
>>>>>>>> On Nov 17, 2015, at 9:59 AM, Stefan Eissing
>>>>>>>> <stefan.eiss...@greenbytes.de> wrote:
>>>>>>>>
>>>>>>>> Hmm, what perl version is that? Works on my OS X (El 10.11) with perl
>>>>>>>> -v:
>>>>>>>>
>>>>>>>> This is perl 5, version 18, subversion 2 (v5.18.2) built for
>>>>>>>> darwin-thread-multi-2level
>>>>>>>> (with 2 registered patches, see perl -V for more detail)
>>>>>>>>
>>>>>>>> //Stefan
>>>>>>>>
>>>>>>>>> Am 17.11.2015 um 15:44 schrieb Jim Jagielski <j...@jagunet.com>:
>>>>>>>>>
>>>>>>>>> Doing a quick tst I get:
>>>>>>>>>
>>>>>>>>> t/modules/http2.t .. push on reference is experimental at
>>>>>>>>> t/modules/http2.t line 319.
>>>>>>>>> Dubious, test returned 255 (wstat 65280, 0xff00)
>>>>>>>>> No subtests run
>>>>>>>>>
>>>>>>>>> Test Summary Report
>>>>>>>>> -------------------
>>>>>>>>> t/modules/http2.t (Wstat: 65280 Tests: 0 Failed: 0)
>>>>>>>>> Non-zero exit status: 255
>>>>>>>>> Parse errors: No plan found in TAP output
>>>>>>>>> Files=1, Tests=0, 1 wallclock secs ( 0.02 usr 0.01 sys + 0.31 cusr
>>>>>>>>> 0.06 csys = 0.40 CPU)
>>>>>>>>> Result: FAIL
>>>>>>>>> Failed 1/1 test programs. 0/0 subtests failed.
>>>>>>>>>
>>>>>>>>> This is on OSX
>>>>>>>>>
>>>>>>>>>> On Nov 17, 2015, at 8:12 AM, Jim Jagielski <j...@jagunet.com> wrote:
>>>>>>>>>>
>>>>>>>>>> I will.
>>>>>>>>>>
>>>>>>>>>>> On Nov 17, 2015, at 7:47 AM, Stefan Eissing
>>>>>>>>>>> <stefan.eiss...@greenbytes.de> wrote:
>>>>>>>>>>>
>>>>>>>>>>> For the 2.4.18 backporting, can I find people here willing to look
>>>>>>>>>>> at:
>>>>>>>>>>>
>>>>>>>>>>> *) core/mod_ssl:
>>>>>>>>>>> - master conn_rec* addition to conn_rec
>>>>>>>>>>> - minor mmn bump
>>>>>>>>>>> - improved ALPN and Upgrade handling
>>>>>>>>>>> - allowing requests for servers whose TLS configuration is
>>>>>>>>>>> compatible
>>>>>>>>>>> to the SNI server ones
>>>>>>>>>>> - disabling TLS renegotiation for slave connections
>>>>>>>>>>> changes are necessary for update modules/http2
>>>>>>>>>>> trunk patch: http://svn.apache.org/r1708107
>>>>>>>>>>> http://svn.apache.org/r1709587
>>>>>>>>>>> http://svn.apache.org/r1709602
>>>>>>>>>>> http://svn.apache.org/r1709995
>>>>>>>>>>> http://svn.apache.org/r1710231
>>>>>>>>>>> http://svn.apache.org/r1710419
>>>>>>>>>>> http://svn.apache.org/r1710572
>>>>>>>>>>> http://svn.apache.org/r1710583
>>>>>>>>>>> + manual addition of "conn_rec *master;"
>>>>>>>>>>> 2.4.x patch:
>>>>>>>>>>> https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/2.4.17-protocols.patch
>>>>>>>>>>> branch mergeable to 2.4.x:
>>>>>>>>>>> ^/httpd/httpd/branches/2.4.17-protocols-changes
>>>>>>>>>>> +1: icing
>>>>>>>>>>>
>>>>>>>>>>> ? This is needed to backport the current mod_http2. If someone
>>>>>>>>>>> could find the time to look at this, please? Thanks!
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>>
>>>>>>>>>>> Stefan
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
