Re: mod_deflate was Re: [VOTE] Release Apache httpd 2.4.13 as GA
On Fri, Jun 5, 2015 at 1:05 AM, William A Rowe Jr wr...@rowe-clan.net wrote: On Fri, Jun 5, 2015 at 12:42 AM, Christophe JAILLET christophe.jail...@wanadoo.fr wrote: This has been fixed in trunk in r1619453. ( APLOGNO(02805) ) Would you propose the backport? TIA! And... I see you did :) Thanks again.
Re: mod_deflate was Re: [VOTE] Release Apache httpd 2.4.13 as GA
On Fri, Jun 5, 2015 at 12:42 AM, Christophe JAILLET christophe.jail...@wanadoo.fr wrote: This has been fixed in trunk in r1619453. ( APLOGNO(02805) ) Would you propose the backport? TIA!
Re: mod_deflate was Re: [VOTE] Release Apache httpd 2.4.13 as GA
I'm not compiling -Wall... so /opt/apr15/build-1/libtool --silent --mode=compile gcc -std=gnu99 -I/usr/include/libxml2 -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I. -I/home/wrowe/dev/httpd-2.4/os/unix -I/home/wrowe/dev/httpd-2.4/include -I/opt/apr15/include/apr-1 -I/usr/local/ssl/include -I/usr/local/include -I/home/wrowe/dev/httpd-2.4/modules/aaa -I/home/wrowe/dev/httpd-2.4/modules/cache -I/home/wrowe/dev/httpd-2.4/modules/core -I/home/wrowe/dev/httpd-2.4/modules/database -I/home/wrowe/dev/httpd-2.4/modules/filters -I/home/wrowe/dev/httpd-2.4/modules/ldap -I/home/wrowe/dev/httpd-2.4/server -I/home/wrowe/dev/httpd-2.4/modules/loggers -I/home/wrowe/dev/httpd-2.4/modules/lua -I/home/wrowe/dev/httpd-2.4/modules/proxy -I/home/wrowe/dev/httpd-2.4/modules/session -I/home/wrowe/dev/httpd-2.4/modules/ssl -I/home/wrowe/dev/httpd-2.4/modules/test -I/home/wrowe/dev/httpd-2.4/server -I/home/wrowe/dev/httpd-2.4/modules/arch/unix -I/home/wrowe/dev/httpd-2.4/modules/dav/main -I/home/wrowe/dev/httpd-2.4/modules/generators -I/home/wrowe/dev/httpd-2.4/modules/mappers -prefer-pic -c mod_deflate.c touch mod_deflate.slo /opt/apr15/build-1/libtool --silent --mode=link gcc -std=gnu99 -I/usr/include/libxml2 -g -O2 -pthread -L/usr/local/ssl/lib -o mod_deflate.la -rpath /opt/apache24/modules -module -avoid-version mod_deflate.lo -lz no noise on compilation. I'm not debating it isn't there, just that my compiler settings did not throw it at me. On Fri, Jun 5, 2015 at 12:11 AM, Gregg Smith g...@gknw.net wrote: On 6/4/2015 10:01 PM, William A Rowe Jr wrote: On Thu, Jun 4, 2015 at 10:47 PM, Gregg Smithg...@gknw.net wrote: This is new, not quite sure how I didn't see it a few weeks ago as it's 9 weeks old. Who forgot to fill in the number? mod_deflate.c(1283) : warning C4003: not enough actual parameters for macro 'APLOGNO' I just rechecked my compilation from near-trunk 6 hours ago, I don't see this. More background, please? gcc or other compiler rev? OS? Revision? It avoids a lot of needless speculation. It's not a compiler thing, doesn't matter what OS. Sorry I didn't mention it's r1669555, my bad! You have the line number in the posted compiler output. However, it's pretty hard to miss as it's in the first stanza of the merge and practically hops in your lap. http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/filters/mod_deflate.c?r1=1661845r2=1669555
Re: httpd and OpenSSL 1.0.2
Along the lines of to be continued - IMHO httpd should be one of the early adopters of not allowing linkage to versions of openssl that cannot support TLS1.2. I have built (on AIX) against libreSSL (v2.1.6) with some private additions for AIX (that will be verified and improved upon by openbsd in the soon to be released libreSSL 2.2 version). Basically, there are only two defines that were 'missing'. One was rather 'obscure' it what it is suppossed to be doing (i.e., looking in the openssl code) - the other was downright 'dangerous because it permits 'any external so-called enthrophy generator' to be added and used for randomness - because it is, or at least was, part of the openSSL libraries. (the approach of libreSSL was to completely remove it, hence a missing #define). Again - to be continued. and asap - in a separate post I will post the differences to get it to link against libreSSL (p.s. only mod_ssl needs this afaik). On Wed, May 27, 2015 at 3:29 PM, Tom Browder tom.brow...@gmail.com wrote: On May 27, 2015 5:26 AM, Mario Brandt jbl...@gmail.com wrote: Hi Tom, I saw you on the httpd dev mailing list about that topic. How did you manage to build apache against 1.0.2? Cause if I try that I get in my VM /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_finish or on my real server /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_free OpenSSL ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared no-ssl2 make depend make sudo make install apache ./configure --prefix=/opt/apache2 --enable-pie --enable-mods-shared=all --enable-so --disable-include --enable-lua --enable-deflate --enable-headers --enable-expires --enable-ssl=shared --enable-mpms-shared=all --with-mpm=event --enable-rewrite --with-z=$HOME/apache24/httpd-2.4.12/srclib/zlib --enable-module=ssl --enable-fcgid --with-included-apr --with-openssl=$HOME/apache24/openssl-1.0.2a --enable-ssl-staticlib-deps with the 1.0.1m it works all fine seehttps:// github.com/JBlond/debian_build_apache24/blob/master/build_apache.sh Please tell me how you got it working. Mario, I did get it working, but I did have a bit more effort to make the latest openssl work. Taking a quick look at your blog I believe I can help, but I'll explain my solution in a follow-up message so this thread is on the public mailing lists. I feel I must explain that I'm using a Debian 7, 64-bit server. It might help if we could know your server info as other architectures may require more or other tweaks. Finally, the best I can probably do is show you my configure options which may conflict with yours. TO BE CONTINUED Best regards, -Tom
Re: ALPN patch comments
Am 05.06.2015 um 01:37 schrieb Yann Ylavic ylavic@gmail.com: On Fri, Jun 5, 2015 at 1:03 AM, Roy T. Fielding field...@gbiv.com wrote: Hence, we might need a configurable way to ignore a client's ALPN, though I doubt that SSLalpn off is the right way to express that. Likewise, neither is SSLAlpnPreference. The server protocol(s) preference should be independent of the session/connection protocol. Our internal configuration and use of ALPN should be based on the overall configuration, not a configuration specific to the SSL code. Many configurations won't include ALPN. Maybe we can reuse the Protocol directive then... Something like the one below maybe. But this is 2.6/3.0 music. What do we do for 2.4? cheers, Stefan —— # Listen directives define which transport protocols are active Listen 443 Listen 1234 ssh # Protocols lists the ALPN identifiers allowed on connections in preferred order # ProtocolTransports defaults to the union of transports the server listens to Protocols h2 spdy/3.1 http/1.1 ProtocolTransports tls ssh clear # vhosts may limit this down or change order (but not extend it?) vhost * ServerName test1.example.org Protocols h2 http/1.1 ProtocolTransports tls /vhost vhost * ServerName test2.example.org Protocols * ProtocolTransports ssh /vhost Modules with protocol support need to register the ALPN ids plus a callback at core where they become available at the base server? Callbacks are invoked for selected protocol with selected protocol id. green/bytes GmbH Hafenweg 16, 48155 Münster, Germany Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
Re: SO_REUSEPORT
On Fri, Jun 5, 2015 at 5:11 PM, Eric Covener cove...@gmail.com wrote: I'm trying to review understand how this affects process management for things like MinSpareThreads/MaxSpareThreads e.g. -else if (idle_thread_count min_spare_threads) { +else if (idle_thread_count min_spare_threads / num_buckets) { /* terminate the free list */ if (free_length == 0) { /* scoreboard is f -if (idle_thread_count max_spare_threads) { +if (idle_thread_count max_spare_threads / num_buckets) { /* Kill off one child */ If I wanted between 100 and 200 spare threads available to do some slow stuff like proxy or CGI, would we really scale it back by the # of buckets or am I misunderstanding? perform_idle_server_maintenance() is now called for each bucket in the main loop, so this won't change the number of threads maintained per loop.
Re: ALPN patch comments
On Fri, Jun 5, 2015 at 8:39 AM Stefan Eissing stefan.eiss...@greenbytes.de wrote: Am 05.06.2015 um 01:37 schrieb Yann Ylavic ylavic@gmail.com: On Fri, Jun 5, 2015 at 1:03 AM, Roy T. Fielding field...@gbiv.com wrote: Hence, we might need a configurable way to ignore a client's ALPN, though I doubt that SSLalpn off is the right way to express that. Likewise, neither is SSLAlpnPreference. The server protocol(s) preference should be independent of the session/connection protocol. Our internal configuration and use of ALPN should be based on the overall configuration, not a configuration specific to the SSL code. Many configurations won't include ALPN. Maybe we can reuse the Protocol directive then... Something like the one below maybe. But this is 2.6/3.0 music. What do we do for 2.4? cheers, Stefan —— # Listen directives define which transport protocols are active Listen 443 Listen 1234 ssh # Protocols lists the ALPN identifiers allowed on connections in preferred order # ProtocolTransports defaults to the union of transports the server listens to Protocols h2 spdy/3.1 http/1.1 ProtocolTransports tls ssh clear # vhosts may limit this down or change order (but not extend it?) vhost * ServerName test1.example.org Protocols h2 http/1.1 ProtocolTransports tls /vhost vhost * ServerName test2.example.org Protocols * ProtocolTransports ssh /vhost Modules with protocol support need to register the ALPN ids plus a callback at core where they become available at the base server? Callbacks are invoked for selected protocol with selected protocol id. I think Protocols and moving the registration in the patch to the core is a good compromise. If the requirement anyone has interest in working on is h2 over tls, then at the moment the only effect will be driving the ALPN negotiation.
Re: SO_REUSEPORT
I'm trying to review understand how this affects process management for things like MinSpareThreads/MaxSpareThreads e.g. -else if (idle_thread_count min_spare_threads) { +else if (idle_thread_count min_spare_threads / num_buckets) { /* terminate the free list */ if (free_length == 0) { /* scoreboard is f -if (idle_thread_count max_spare_threads) { +if (idle_thread_count max_spare_threads / num_buckets) { /* Kill off one child */ If I wanted between 100 and 200 spare threads available to do some slow stuff like proxy or CGI, would we really scale it back by the # of buckets or am I misunderstanding? On Sun, May 17, 2015 at 4:31 PM Lu, Yingqi yingqi...@intel.com wrote: Hi Yann, Thank you very much for your help! Yingqi -Original Message- From: Yann Ylavic [mailto:ylavic@gmail.com] Sent: Saturday, May 16, 2015 3:37 AM To: httpd Subject: Re: SO_REUSEPORT On Fri, May 15, 2015 at 5:12 PM, Jeff Trawick traw...@gmail.com wrote: On Fri, May 15, 2015 at 11:02 AM, William A Rowe Jr wr...@rowe-clan.net wrote: My chief concern was that the phrase Common Log has a specific meaning to us. ap_mpm_common_log_startup() or something else descriptive would be a better name, but our crew is famous for not being terrific namers of things :) Did this compile with no warnings? It seems statics were used without being explicitly initialized, and I don't have my copy of KR to check that these are always NULL, but guessing that's so. yes; but ISTR that NetWare is the reason for explicit initialization in some of our multi-platform code; I dunno the rhyme s/ap_log_common/ap_log_mpm_common/ in r1679714 and added to backport proposal. Regarding globals/statics explicit initializations (implicit initialization to {0} is required by the C standard), I don't think it is necessary/suitable since and it may move these variables from the .bss to the .data section, the former being quicker to initialize (as a whole) at load time (though explicit initializations to {0} usually go to .bss too but it depends on the compiler and/or flags, and we don't explicitely need .data for those). So I did not change the code wrt this...