Just found out that AnyEvent::TLS does not support SNI *at all*, so I am considering scrapping these VHOST tests. All in all, I am not very happy with Protocol::HTTP2::Client. I think I would rather call nghttp and curl from our Perl framework directly. But that would mean that people build nghttp2 with apps and have nghttp in the $PATH...
//Stefan > Am 17.11.2015 um 18:08 schrieb Jim Jagielski <j...@jagunet.com>: > > No issues under CentOS... > >> On Nov 17, 2015, at 11:28 AM, Stefan Eissing <stefan.eiss...@greenbytes.de> >> wrote: >> >> That's cheating... >> >> I'll let you know when it works for me in such a configuration. >> >>> Am 17.11.2015 um 16:51 schrieb Jim Jagielski <j...@jagunet.com>: >>> >>> My perl is built against openssl 1.0.2... >>> >>>> On Nov 17, 2015, at 10:43 AM, Stefan Eissing >>>> <stefan.eiss...@greenbytes.de> wrote: >>>> >>>> OK, the problem on OS X is that the default openssl is 0.98 which does not >>>> do SNI. >>>> >>>> I try to detect this in lines 14-17 by: >>>> my $alpn_available = exists &Net::SSLeay::CTX_set_alpn_protos; >>>> if ($alpn_available) { >>>> $total_tests += $vhost_suite; >>>> } >>>> >>>> and change the test case expectations accordingly. That seems to fail on >>>> your system. The test case thinks ALPN+SNI are available and wants to see >>>> "localhost" in the response, but it is not used. >>>> >>>> Unnecessary to say that the detection (and therefore the tests) work on my >>>> OS X installation - also before 10.11. >>>> >>>> Hmmm....are there SNI test cases for mod_ssl where I could see how it >>>> detects it? >>>> >>>> >>>>> Am 17.11.2015 um 16:30 schrieb Jim Jagielski <j...@jagunet.com>: >>>>> >>>>> Still: >>>>> >>>>> t/modules/http2.t .. 26/51 >>>>> # Failed test 34 in t/modules/http2.t at line 242 fail #4 >>>>> # testing : content comparision >>>>> # expected: '<html><body> >>>>> # <h2>Hello World!</h2> >>>>> # TLS_SNI="localhost" >>>>> # </body></html> >>>>> # ' >>>>> # received: '<html><body> >>>>> # <h2>Hello World!</h2> >>>>> # TLS_SNI="" >>>>> # </body></html> >>>>> # ' >>>>> not ok 34 >>>>> >>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6 >>>>> test case: VHOST001, expect 404 or 421 (using Host:): GET >>>>> https://localhost:8544/misdirected >>>>> # testing : GET https://localhost:8544/misdirected >>>>> # expected: 421 >>>>> # received: '404' >>>>> not ok 50 >>>>> >>>>> # Failed test 51 in t/modules/http2.t at line 194 fail #7 >>>>> test case: VHOST002, expect 404 or 421 (using :authority): GET >>>>> https://localhost:8544/misdirected >>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6 >>>>> # testing : GET https://localhost:8544/misdirected >>>>> # expected: 421 >>>>> # received: '404' >>>>> not ok 51 >>>>> >>>>> t/modules/http2.t .. Failed 3/51 subtests >>>>> >>>>> >>>>>> On Nov 17, 2015, at 10:17 AM, Stefan Eissing >>>>>> <stefan.eiss...@greenbytes.de> wrote: >>>>>> >>>>>> OK, the change is from October 19th by me. I changed the test suite to >>>>>> have >>>>>> the test run in deterministic order. $r is a references to an array of >>>>>> tests >>>>>> and, depending on module availability, I push more elements to $r. >>>>>> >>>>>> I just changed it to push @$r, { ... } >>>>>> >>>>>> Please give it a try. >>>>>> >>>>>>> Am 17.11.2015 um 16:06 schrieb Jim Jagielski <j...@jagunet.com>: >>>>>>> >>>>>>> I am still 10.10 but w/ Xcode 7.1.1 >>>>>>> >>>>>>> >>>>>>> <jimsys:stable/httpd-test/framework> % perl -V >>>>>>> Summary of my perl5 (revision 5 version 20 subversion 2) configuration: >>>>>>> >>>>>>> Platform: >>>>>>> osname=darwin, osvers=14.4.0, archname=darwin-thread-multi-2level >>>>>>> uname='darwin jimsys.local 14.4.0 darwin kernel version 14.4.0: thu may >>>>>>> 28 11:35:04 pdt 2015; root:xnu-2782.30.5~1release_x86_64 x86_64 ' >>>>>>> config_args='-des -Duseithreads -Dusemultiplicity=y -Duseshrplib >>>>>>> -Dprefix=/usr/local2 -Dvendorprefix=/usr/local2' >>>>>>> hint=recommended, useposix=true, d_sigaction=define >>>>>>> useithreads=define, usemultiplicity=define >>>>>>> use64bitint=define, use64bitall=define, uselongdouble=undef >>>>>>> usemymalloc=n, bincompat5005=undef >>>>>>> Compiler: >>>>>>> cc='cc', ccflags ='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe >>>>>>> -fstack-protector -I/usr/local/include -I/opt/local/include', >>>>>>> optimize='-O3', >>>>>>> cppflags='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe >>>>>>> -fstack-protector -I/usr/local/include -I/opt/local/include' >>>>>>> ccversion='', gccversion='4.2.1 Compatible Apple LLVM 6.1.0 >>>>>>> (clang-602.0.53)', gccosandvers='' >>>>>>> intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 >>>>>>> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 >>>>>>> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', >>>>>>> lseeksize=8 >>>>>>> alignbytes=8, prototype=define >>>>>>> Linker and Libraries: >>>>>>> ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector >>>>>>> -L/usr/local/lib -L/opt/local/lib' >>>>>>> libpth=/usr/local/lib >>>>>>> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib >>>>>>> >>>>>>> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib >>>>>>> /usr/lib /opt/local/lib >>>>>>> libs=-lgdbm -ldbm -ldl -lm -lutil -lc >>>>>>> perllibs=-ldl -lm -lutil -lc >>>>>>> libc=, so=dylib, useshrplib=true, libperl=libperl.dylib >>>>>>> gnulibc_version='' >>>>>>> Dynamic Linking: >>>>>>> dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' ' >>>>>>> cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup >>>>>>> -L/usr/local/lib -L/opt/local/lib -fstack-protector' >>>>>>> >>>>>>>> On Nov 17, 2015, at 9:59 AM, Stefan Eissing >>>>>>>> <stefan.eiss...@greenbytes.de> wrote: >>>>>>>> >>>>>>>> Hmm, what perl version is that? Works on my OS X (El 10.11) with perl >>>>>>>> -v: >>>>>>>> >>>>>>>> This is perl 5, version 18, subversion 2 (v5.18.2) built for >>>>>>>> darwin-thread-multi-2level >>>>>>>> (with 2 registered patches, see perl -V for more detail) >>>>>>>> >>>>>>>> //Stefan >>>>>>>> >>>>>>>>> Am 17.11.2015 um 15:44 schrieb Jim Jagielski <j...@jagunet.com>: >>>>>>>>> >>>>>>>>> Doing a quick tst I get: >>>>>>>>> >>>>>>>>> t/modules/http2.t .. push on reference is experimental at >>>>>>>>> t/modules/http2.t line 319. >>>>>>>>> Dubious, test returned 255 (wstat 65280, 0xff00) >>>>>>>>> No subtests run >>>>>>>>> >>>>>>>>> Test Summary Report >>>>>>>>> ------------------- >>>>>>>>> t/modules/http2.t (Wstat: 65280 Tests: 0 Failed: 0) >>>>>>>>> Non-zero exit status: 255 >>>>>>>>> Parse errors: No plan found in TAP output >>>>>>>>> Files=1, Tests=0, 1 wallclock secs ( 0.02 usr 0.01 sys + 0.31 cusr >>>>>>>>> 0.06 csys = 0.40 CPU) >>>>>>>>> Result: FAIL >>>>>>>>> Failed 1/1 test programs. 0/0 subtests failed. >>>>>>>>> >>>>>>>>> This is on OSX >>>>>>>>> >>>>>>>>>> On Nov 17, 2015, at 8:12 AM, Jim Jagielski <j...@jagunet.com> wrote: >>>>>>>>>> >>>>>>>>>> I will. >>>>>>>>>> >>>>>>>>>>> On Nov 17, 2015, at 7:47 AM, Stefan Eissing >>>>>>>>>>> <stefan.eiss...@greenbytes.de> wrote: >>>>>>>>>>> >>>>>>>>>>> For the 2.4.18 backporting, can I find people here willing to look >>>>>>>>>>> at: >>>>>>>>>>> >>>>>>>>>>> *) core/mod_ssl: >>>>>>>>>>> - master conn_rec* addition to conn_rec >>>>>>>>>>> - minor mmn bump >>>>>>>>>>> - improved ALPN and Upgrade handling >>>>>>>>>>> - allowing requests for servers whose TLS configuration is >>>>>>>>>>> compatible >>>>>>>>>>> to the SNI server ones >>>>>>>>>>> - disabling TLS renegotiation for slave connections >>>>>>>>>>> changes are necessary for update modules/http2 >>>>>>>>>>> trunk patch: http://svn.apache.org/r1708107 >>>>>>>>>>> http://svn.apache.org/r1709587 >>>>>>>>>>> http://svn.apache.org/r1709602 >>>>>>>>>>> http://svn.apache.org/r1709995 >>>>>>>>>>> http://svn.apache.org/r1710231 >>>>>>>>>>> http://svn.apache.org/r1710419 >>>>>>>>>>> http://svn.apache.org/r1710572 >>>>>>>>>>> http://svn.apache.org/r1710583 >>>>>>>>>>> + manual addition of "conn_rec *master;" >>>>>>>>>>> 2.4.x patch: >>>>>>>>>>> https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/2.4.17-protocols.patch >>>>>>>>>>> branch mergeable to 2.4.x: >>>>>>>>>>> ^/httpd/httpd/branches/2.4.17-protocols-changes >>>>>>>>>>> +1: icing >>>>>>>>>>> >>>>>>>>>>> ? This is needed to backport the current mod_http2. If someone >>>>>>>>>>> could find the time to look at this, please? Thanks! >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> >>>>>>>>>>> Stefan >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >