subject:"ab"

What I did was force the ab from the test framework to bind
itself to 127.0.0.1 and all is now working OK.

> On Apr 10, 2018, at 1:33 PM, Joe Orton <jor...@redhat.com> wrote:
> 
> On Tue, Apr 10, 2018 at 08:47:03AM -0400, Jim Jagielski wrote:
>> My understanding is that this patch was specifically designed
>> to address this exact situation, so I am confused why it
>> seems to be causing the problem... It's like ab tries ::1,
>> doesn't connect and then fails immediately instead of
>> then trying 127.0.0.1...
> 
> Can you run ab under something strace-like to see what it's trying to 
> do?
> 
> Since the test suite defaults to v4-only, possibly we should switch the 
> test suite to run against http://127.0.0.1:N/ rather than relying on 
> localhost resolving properly, though exposing these bugs is a good 
> thing.
> 
> Regardsm Joe

Re: ab issues (just on macOS?)

2018-04-10 Thread Joe Orton

On Tue, Apr 10, 2018 at 08:47:03AM -0400, Jim Jagielski wrote:
> My understanding is that this patch was specifically designed
> to address this exact situation, so I am confused why it
> seems to be causing the problem... It's like ab tries ::1,
> doesn't connect and then fails immediately instead of
> then trying 127.0.0.1...

Can you run ab under something strace-like to see what it's trying to 
do?

Since the test suite defaults to v4-only, possibly we should switch the 
test suite to run against http://127.0.0.1:N/ rather than relying on 
localhost resolving properly, though exposing these bugs is a good 
thing.

Regardsm Joe

Re: ab issues (just on macOS?)

My understanding is that this patch was specifically designed
to address this exact situation, so I am confused why it
seems to be causing the problem... It's like ab tries ::1,
doesn't connect and then fails immediately instead of
then trying 127.0.0.1...

> On Apr 10, 2018, at 7:14 AM, Jim Jagielski <j...@jagunet.com> wrote:
> 
> Yeah... this seems related to
> 
>http://svn.apache.org/viewvc?view=revision=1826891
> 
>> On Apr 10, 2018, at 7:06 AM, Jim Jagielski <j...@jagunet.com> wrote:
>> 
>> % host localhost.
>> localhost has address 127.0.0.1
>> localhost has IPv6 address ::1
>> 
>> What I think is going on is that ab is using ::1 but httpd is just bound on 
>> 127.0.0.1
>> 
>> 
>>> On Apr 9, 2018, at 7:19 PM, Daniel Ruggeri <drugg...@primary.net> wrote:
>>> 
>>> That's interesting. Does your machine bind on both IPv6 and IPv4? I would 
>>> assume just v4 and you have a localhost as ::1 in your hosts file. Is that 
>>> the case?
>>> -- 
>>> Daniel Ruggeri
>>> 
>>> On April 9, 2018 4:43:42 PM CDT, Jim Jagielski <j...@jagunet.com> wrote:
>>>> OK... if I change the test to use 127.0.0.1 instead of localhost, all
>>>> is well. So I'm guessing it is an IPv6 issue... ?
>> 
>

Re: ab issues (just on macOS?)

My test and build system is IPv4 w/ IPv6 Local Link Only.

> On Apr 10, 2018, at 7:19 AM, Eric Covener  wrote:
> 
> On Tue, Apr 10, 2018 at 7:14 AM, Jim Jagielski  wrote:
>> Yeah... this seems related to
>> 
>>http://svn.apache.org/viewvc?view=revision=1826891
> 
> Hrm -- My test config is all ipv4-only on linux (Listen 0.0.0.0:*) so
> w/o that patch if localhost returned ::1 first you'd get the same
> symptom.
> 
> -- 
> Eric Covener
> cove...@gmail.com

Re: ab issues (just on macOS?)

2018-04-10 Thread Stefan Eissing

Some Linux setups mention ::1 for localhost first in /etc/hosts. I vaguely 
remember once having been bitten by that.

> Am 10.04.2018 um 13:19 schrieb Eric Covener :
> 
> On Tue, Apr 10, 2018 at 7:14 AM, Jim Jagielski  wrote:
>> Yeah... this seems related to
>> 
>>http://svn.apache.org/viewvc?view=revision=1826891
> 
> Hrm -- My test config is all ipv4-only on linux (Listen 0.0.0.0:*) so
> w/o that patch if localhost returned ::1 first you'd get the same
> symptom.
> 
> -- 
> Eric Covener
> cove...@gmail.com

Re: ab issues (just on macOS?)

2018-04-10 Thread Eric Covener

On Tue, Apr 10, 2018 at 7:14 AM, Jim Jagielski  wrote:
> Yeah... this seems related to
>
> http://svn.apache.org/viewvc?view=revision=1826891

Hrm -- My test config is all ipv4-only on linux (Listen 0.0.0.0:*) so
w/o that patch if localhost returned ::1 first you'd get the same
symptom.

-- 
Eric Covener
cove...@gmail.com

Re: ab issues (just on macOS?)

Yeah... this seems related to

http://svn.apache.org/viewvc?view=revision=1826891

> On Apr 10, 2018, at 7:06 AM, Jim Jagielski <j...@jagunet.com> wrote:
> 
> % host localhost.
> localhost has address 127.0.0.1
> localhost has IPv6 address ::1
> 
> What I think is going on is that ab is using ::1 but httpd is just bound on 
> 127.0.0.1
> 
> 
>> On Apr 9, 2018, at 7:19 PM, Daniel Ruggeri <drugg...@primary.net> wrote:
>> 
>> That's interesting. Does your machine bind on both IPv6 and IPv4? I would 
>> assume just v4 and you have a localhost as ::1 in your hosts file. Is that 
>> the case?
>> -- 
>> Daniel Ruggeri
>> 
>> On April 9, 2018 4:43:42 PM CDT, Jim Jagielski <j...@jagunet.com> wrote:
>>> OK... if I change the test to use 127.0.0.1 instead of localhost, all
>>> is well. So I'm guessing it is an IPv6 issue... ?
>

Re: ab issues (just on macOS?)

% host localhost.
localhost has address 127.0.0.1
localhost has IPv6 address ::1

What I think is going on is that ab is using ::1 but httpd is just bound on 
127.0.0.1


> On Apr 9, 2018, at 7:19 PM, Daniel Ruggeri <drugg...@primary.net> wrote:
> 
> That's interesting. Does your machine bind on both IPv6 and IPv4? I would 
> assume just v4 and you have a localhost as ::1 in your hosts file. Is that 
> the case?
> -- 
> Daniel Ruggeri
> 
> On April 9, 2018 4:43:42 PM CDT, Jim Jagielski <j...@jagunet.com> wrote:
>> OK... if I change the test to use 127.0.0.1 instead of localhost, all
>> is well. So I'm guessing it is an IPv6 issue... ?

Re: ab issues (just on macOS?)

2018-04-09 Thread Daniel Ruggeri

That's interesting. Does your machine bind on both IPv6 and IPv4? I would 
assume just v4 and you have a localhost as ::1 in your hosts file. Is that the 
case?
-- 
Daniel Ruggeri

On April 9, 2018 4:43:42 PM CDT, Jim Jagielski  wrote:
>OK... if I change the test to use 127.0.0.1 instead of localhost, all
>is well. So I'm guessing it is an IPv6 issue... ?

Re: ab issues (just on macOS?)

2018-04-09 Thread Jim Jagielski

OK... if I change the test to use 127.0.0.1 instead of localhost, all
is well. So I'm guessing it is an IPv6 issue... ?

Re: ab issues (just on macOS?)

2018-04-09 Thread Jim Jagielski

No problem w/ the script:

/opt/perl5/bin/perl ./scr.pl
Result was Hello there


> On Apr 9, 2018, at 2:14 PM, Daniel Ruggeri  wrote:
> 
> use strict;
> use IPC::Open3;
> use Symbol;
> 
> my $results = run_and_gather_output("echo 'Hello there'");
> print "Result was " . join("", @{$results->{stdout}}) . "\n";
> 
> sub run_and_gather_output {
>my $command = shift;
>my ($cin, $cout, $cerr);
>$cerr = gensym();
>my $pid = open3($cin, $cout, $cerr, $command);
>waitpid( $pid, 0 );
>my $status = $? >> 8;
>my @cstdout = <$cout>;
>my @cstderr = <$cerr>;
>return { status => $status, stdout => \@cstdout, stderr => \@cstderr };
> }

Re: ab issues (just on macOS?)

2018-04-09 Thread Daniel Ruggeri


On 2018-04-09 11:00, Jim Jagielski wrote:

Anyone else seeing issues w/ the Perl test framework's ab test...

t/ab/base.t ..
1..5
# Running under perl version 5.020003 for darwin
# Current time local: Mon Apr  9 11:59:20 2018
# Current time GMT:   Mon Apr  9 15:59:20 2018
# Using Test.pm version 1.26
# Using Apache/Test.pm version 1.41
# # running:
# /usr/local2/apache2/bin/ab -q -n 10 http://localhost:8529/
not ok 1
not ok 2
# # running:
# /usr/local2/apache2/bin/ab -q -n 10 https://localhost:8532/
# Failed test 1 in t/ab/base.t at line 33
# Failed test 2 in t/ab/base.t at line 34
not ok 3
# Failed test 3 in t/ab/base.t at line 39
not ok 4
# Test 4 got: "4" (t/ab/base.t at line 40)
#   Expected: "0" (https had stderr output:$VAR1 = [
#  '
#',
#  'Test aborted after 10 failures
#',
#  '
#',
#  'apr_socket_connect(): Connection refused (61)
#'
#];
#)
ok 5
Failed 4/5 subtests



I just recently added this test to start getting coverage on ab. It uses 
IPC::Open3 which is a potential hiccup. Would you mind running this 
script like so: `perl ./script.pl`?


use strict;
use IPC::Open3;
use Symbol;

my $results = run_and_gather_output("echo 'Hello there'");
print "Result was " . join("", @{$results->{stdout}}) . "\n";

sub run_and_gather_output {
my $command = shift;
my ($cin, $cout, $cerr);
$cerr = gensym();
my $pid = open3($cin, $cout, $cerr, $command);
waitpid( $pid, 0 );
my $status = $? >> 8;
my @cstdout = <$cout>;
my @cstderr = <$cerr>;
return { status => $status, stdout => \@cstdout, stderr => \@cstderr 
};

}


Depending on if/where this fails, it should point out why your machine 
may be having problems (I don't have a way to test this on macOS). I 
*DID* see some strange behavior on my Linux box in that open3 munged 
both STDERR and STDOUT into a single stream... which is very unexpected.


--
Daniel Ruggeri

ab issues (just on macOS?)

2018-04-09 Thread Jim Jagielski

Anyone else seeing issues w/ the Perl test framework's ab test...

t/ab/base.t ..
1..5
# Running under perl version 5.020003 for darwin
# Current time local: Mon Apr  9 11:59:20 2018
# Current time GMT:   Mon Apr  9 15:59:20 2018
# Using Test.pm version 1.26
# Using Apache/Test.pm version 1.41
# # running:
# /usr/local2/apache2/bin/ab -q -n 10 http://localhost:8529/
not ok 1
not ok 2
# # running:
# /usr/local2/apache2/bin/ab -q -n 10 https://localhost:8532/
# Failed test 1 in t/ab/base.t at line 33
# Failed test 2 in t/ab/base.t at line 34
not ok 3
# Failed test 3 in t/ab/base.t at line 39
not ok 4
# Test 4 got: "4" (t/ab/base.t at line 40)
#   Expected: "0" (https had stderr output:$VAR1 = [
#  '
#',
#  'Test aborted after 10 failures
#',
#  '
#',
#  'apr_socket_connect(): Connection refused (61)
#'
#];
#)
ok 5
Failed 4/5 subtests

Re: svn commit: r1827303 - /httpd/test/framework/trunk/t/ab/base.t

2018-03-20 Thread Eric Covener

>> +"https stdout had some error strong " .  Dumper 
>> $https_results->{stdout} );
>
>
> had some error string ?
>
Thanks, took the oppty to more fully reword. 1827314.

Re: svn commit: r1827303 - /httpd/test/framework/trunk/t/ab/base.t

2018-03-20 Thread Ruediger Pluem



On 03/20/2018 01:42 PM, cove...@apache.org wrote:
> Author: covener
> Date: Tue Mar 20 12:42:07 2018
> New Revision: 1827303
> 
> URL: http://svn.apache.org/viewvc?rev=1827303=rev
> Log:
> dump stderr on ok() failure
> 
> also convert a print to t_debug
> 
> 
> 
> Modified:
> httpd/test/framework/trunk/t/ab/base.t
> 
> Modified: httpd/test/framework/trunk/t/ab/base.t
> URL: 
> http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ab/base.t?rev=1827303=1827302=1827303=diff
> ======
> --- httpd/test/framework/trunk/t/ab/base.t (original)
> +++ httpd/test/framework/trunk/t/ab/base.t Tue Mar 20 12:42:07 2018
> @@ -3,9 +3,11 @@ use warnings FATAL => 'all';
>  
>  use Apache::Test;
>  use Apache::TestConfig;
> +use Apache::TestUtil qw(t_debug);
>  use IPC::Open3;
>  use Symbol;
>  use File::Spec::Functions qw(catfile);
> +use Data::Dumper;
>  
>  my $vars = Apache::Test::vars();
>  
> @@ -13,7 +15,7 @@ plan tests => ($vars->{ssl_module_name}
>  
>  sub run_and_gather_output {
>  my $command = shift;
> -print "# running: ", $command, "\n";
> +t_debug "# running: ", $command, "\n";
>  my ($cin, $cout, $cerr);
>  $cerr = gensym();
>  my $pid = open3($cin, $cout, $cerr, $command);
> @@ -35,8 +37,10 @@ if ($vars->{ssl_module_name}) {
>  my $https_url = 
> Apache::TestRequest::module2url($vars->{ssl_module_name}, {scheme => 'https', 
> path => '/'});
>  my $https_results = run_and_gather_output("$ab_path -q -n 10 
> $https_url");
>  ok ($https_results->{status} == 0);
> -ok (scalar(@{$https_results->{stderr}}) == 0);
> +ok (scalar(@{$https_results->{stderr}}), 0, 
> +"https stderr was scary " . Dumper $https_results->{stderr});
>  
>  #XXX: For some reason, stderr is getting pushed into stdout. This test 
> will at least catch known SSL failures
> -ok (scalar(grep(/SSL.*(fail|err)/i, @{$https_results->{stdout}}) == 0) );
> +ok (scalar(grep(/SSL.*(fail|err)/i, @{$https_results->{stdout}})), 0, 
> +"https stdout had some error strong " .  Dumper 
> $https_results->{stdout} );


had some error string ?

Regards

Rüdiger

Re: Fix for ab defect

2018-03-05 Thread li...@rhsoft.net




Am 05.03.2018 um 15:48 schrieb Yann Ylavic:

I meant that before the patch, "ab" already succeeded for (e.g.)
https://localhost/ or https://192.168.x.x/ that is if the connect is
quick enough to not trigger the bug (though it's not necessarily the
case in local networks either).
This is probably why we didn't notice it on manual testing, "ab"-ing
external/wan/google servers is not that usual...


FWIW - i noticed the bug on every single https request on the local 
machine, google.com was only for a reproducer


Concurrency Level:  1
Requests per second:311.85 [#/sec] (mean)

Re: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)

2018-03-05 Thread Yann Ylavic

On Mon, Mar 5, 2018 at 3:16 AM, Daniel Ruggeri <drugg...@primary.net> wrote:
>
>> -Original Message-
>> From: Yann Ylavic [mailto:ylavic@gmail.com]
>> Sent: Sunday, March 04, 2018 5:09 PM
[]
>> In this case though, this is not exactly "100% failure" in any
>> circonstances, for instance on localhost (or fast enough local
>> network) it won't fail since the errorneous path is not taken when
>> non-blocking connect succeeds.
>> It might not be easy/wise to launch/automate "ab" on an external
>> server in a test suite...
>
> I just added r1825841 to stub out some very basic ab tests (and
> r1825842 now that I noticed a shortcoming). I'm not sure about the
> statement above. Maybe I misunderstand, but with my tests
> before/after the patch, the new test can detect this particular
> failure and should at least also protect us from trying to ship an ab
> build that returns non-zero and has anything in STDERR under normal
> circumstances. Review much appreciated, of course.

I meant that before the patch, "ab" already succeeded for (e.g.)
https://localhost/ or https://192.168.x.x/ that is if the connect is
quick enough to not trigger the bug (though it's not necessarily the
case in local networks either).
This is probably why we didn't notice it on manual testing, "ab"-ing
external/wan/google servers is not that usual...
So I wonder which server is used by r1825841, and if everyone can run
the test from home with being banned by gg.com or a.o ;)

Thanks for the test anyway (no idea about perl/pipe things :/ ).

Regards,
Yann.

RE: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)

2018-03-04 Thread Daniel Ruggeri

> -Original Message-
> From: Yann Ylavic [mailto:ylavic@gmail.com]
> Sent: Sunday, March 04, 2018 5:09 PM
> To: httpd-dev <dev@httpd.apache.org>
> Subject: Re: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)
> 
> On Sun, Mar 4, 2018 at 11:48 PM, Daniel Ruggeri <drugg...@primary.net>
> wrote:
> >
> > I'd like to ask a followup question... how do we catch this in the
> > test suite? With this (100% failure), ab still returns a 0 exit code.
> > It *does* at least give the error message to STDERR. Perhaps we
> > should add to the test suite that `ab -q` completed against the http
> > and https vshosts with no lines printed to STDERR and has a 0 exit
> > code?
> 
> The best way is probably to capture stderr...
> In this case though, this is not exactly "100% failure" in any
> circonstances, for instance on localhost (or fast enough local
> network) it won't fail since the errorneous path is not taken when
> non-blocking connect succeeds.
> It might not be easy/wise to launch/automate "ab" on an external
> server in a test suite...

I just added r1825841 to stub out some very basic ab tests (and r1825842 now 
that I noticed a shortcoming). I'm not sure about the statement above. Maybe I 
misunderstand, but with my tests before/after the patch, the new test can 
detect this particular failure and should at least also protect us from trying 
to ship an ab build that returns non-zero and has anything in STDERR under 
normal circumstances. Review much appreciated, of course.

What I greatly dislike about the above commit is that (at least on my tests), 
the STDERR and STDOUT from the child process appears to be folded into STDOUT. 
Thus, I added a failsafe check that STDOUT doesn't contain what looks to be an 
SSL error. This may be a side effect of the test suite because when running the 
same command in a standard shell the SSL complaint is on STDERR.

I'm wondering if anyone can explain that behavior since IPC::Open3 has always 
segregated these streams?

> 
> Regards,
> Yann.

-- 
Daniel Ruggeri

Re: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)

2018-03-04 Thread Yann Ylavic

On Sun, Mar 4, 2018 at 11:48 PM, Daniel Ruggeri <drugg...@primary.net> wrote:
>
> I'd like to ask a followup question... how do we catch this in the
> test suite? With this (100% failure), ab still returns a 0 exit code.
> It *does* at least give the error message to STDERR. Perhaps we
> should add to the test suite that `ab -q` completed against the http
> and https vshosts with no lines printed to STDERR and has a 0 exit
> code?

The best way is probably to capture stderr...
In this case though, this is not exactly "100% failure" in any
circonstances, for instance on localhost (or fast enough local
network) it won't fail since the errorneous path is not taken when
non-blocking connect succeeds.
It might not be easy/wise to launch/automate "ab" on an external
server in a test suite...

Regards,
Yann.

RE: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)

2018-03-04 Thread Daniel Ruggeri

I've tested the patch against 2.4.31 as provided in STATUS and confirmed it 
fixes the issue. Thanks for the very fast turnaround.

I'd like to ask a followup question... how do we catch this in the test suite? 
With this (100% failure), ab still returns a 0 exit code. It *does* at least 
give the error message to STDERR. Perhaps we should add to the test suite that 
`ab -q` completed against the http and https vshosts with no lines printed to 
STDERR and has a 0 exit code?

-- 
Daniel Ruggeri

> -Original Message-
> From: Yann Ylavic [mailto:ylavic@gmail.com]
> Sent: Sunday, March 04, 2018 1:25 PM
> To: li...@rhsoft.net
> Cc: httpd-dev <dev@httpd.apache.org>
> Subject: Fix for ab defect (was: [VOTE] Release httpd-2.4.31)
> 
> On Sat, Mar 3, 2018 at 10:51 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> > On Sat, Mar 3, 2018 at 6:40 PM, li...@rhsoft.net <li...@rhsoft.net> wrote:
> >>
> >> -1
> >>
> >> "ab" no longer can benchmark https urls, same build-spec and
> environment
> >> (Fedora 26 and 27)
> >
> > Hmm, looks like 2.4 is missing http://svn.apache.org/r1580928 (second
> hunk).
> 
> Does it work for you with this patch (on top of 2.4.31):
>   http://home.apache.org/~ylavic/patches/httpd-2.4.x-ab-
> nonblock_length.patch
> ?
> 
> Thanks for testing (if possible).
> 
> Regards,
> Yann.

Fix for ab defect (was: [VOTE] Release httpd-2.4.31)

2018-03-04 Thread Yann Ylavic

On Sat, Mar 3, 2018 at 10:51 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Sat, Mar 3, 2018 at 6:40 PM, li...@rhsoft.net <li...@rhsoft.net> wrote:
>>
>> -1
>>
>> "ab" no longer can benchmark https urls, same build-spec and environment
>> (Fedora 26 and 27)
>
> Hmm, looks like 2.4 is missing http://svn.apache.org/r1580928 (second hunk).

Does it work for you with this patch (on top of 2.4.31):
  http://home.apache.org/~ylavic/patches/httpd-2.4.x-ab-nonblock_length.patch
?

Thanks for testing (if possible).

Regards,
Yann.

[PATCH] ab: fix various memory leaks

2016-05-30 Thread Ilya V. Matveychikov

This fixes memory leakage while running a big number of iterations.

Signed-off-by: Ilya V. Matveychikov <matvejchi...@gmail.com>
---
 support/ab.c | 30 +-
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/support/ab.c b/support/ab.c
index 46fa3b8..cbc428e 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -333,7 +333,7 @@ int err_response = 0;  /* requests with invalid or 
non-200 response */
 int is_ssl;
 SSL_CTX *ssl_ctx;
 char *ssl_cipher = NULL;
-char *ssl_info = NULL;
+char ssl_info[128] = { 0 };
 BIO *bio_out,*bio_err;
 #endif
 
@@ -403,6 +403,11 @@ static void *xmalloc(size_t size)
 return ret;
 }
 
+static void xfree(void *ptr)
+{
+   free(ptr);
+}
+
 static void *xcalloc(size_t num, size_t size)
 {
 void *ret = calloc(num, size);
@@ -654,7 +659,7 @@ static void ssl_proceed_handshake(struct connection *c)
 case SSL_ERROR_NONE:
 if (verbosity >= 2)
 ssl_print_info(c);
-if (ssl_info == NULL) {
+if (!ssl_info[0]) {
 AB_SSL_CIPHER_CONST SSL_CIPHER *ci;
 X509 *cert;
 int sk_bits, pk_bits, swork;
@@ -667,8 +672,7 @@ static void ssl_proceed_handshake(struct connection *c)
 else
 pk_bits = 0;  /* Anon DH */
 
-ssl_info = xmalloc(128);
-apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
+apr_snprintf(ssl_info, sizeof(ssl_info), "%s,%s,%d,%d",
  SSL_get_version(c->ssl),
  SSL_CIPHER_get_name(ci),
  pk_bits, sk_bits);
@@ -818,7 +822,7 @@ static void output_results(int sig)
 printf("Server Hostname:%s\n", hostname);
 printf("Server Port:%hu\n", port);
 #ifdef USE_SSL
-if (is_ssl && ssl_info) {
+if (is_ssl && ssl_info[0]) {
 printf("SSL/TLS Protocol:   %s\n", ssl_info);
 }
 #endif
@@ -1733,6 +1737,8 @@ static void test(void)
 char *buff = xmalloc(postlen + reqlen + 1);
 strcpy(buff, request);
 memcpy(buff + reqlen, postdata, postlen);
+if (request != _request)
+xfree(request);
 request = buff;
 }
 
@@ -1882,6 +1888,9 @@ static void test(void)
 output_html_results();
 else
 output_results(0);
+
+xfree(stats);
+xfree(con);
 }
 
 /* --- */
@@ -2077,6 +2086,7 @@ static apr_status_t open_postfile(const char *pfile)
 postlen = (apr_size_t)finfo.size;
 postdata = xmalloc(postlen);
 rv = apr_file_read_full(postfd, postdata, postlen, NULL);
+    xfree(postdata);
 if (rv != APR_SUCCESS) {
 fprintf(stderr, "ab: Could not read POST data file: %s\n",
 apr_strerror(rv, errmsg, sizeof errmsg));
@@ -2413,5 +2423,15 @@ int main(int argc, const char * const argv[])
 test();
 apr_pool_destroy(cntxt);
 
+#ifdef USE_SSL
+ERR_remove_state(0);
+SSL_CTX_free(ssl_ctx);
+BIO_free(bio_out);
+BIO_free(bio_err);
+ERR_free_strings();
+CRYPTO_cleanup_all_ex_data();
+SSL_COMP_free_compression_methods();
+EVP_cleanup();
+#endif
 return 0;
 }
-- 
2.8.3

patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds

2015-09-10 Thread Stuart Henderson

I've opened a ticket for this already (bz 58349) but it was suggested
that I send mail here as well.

Currently httpd builds fail with libressl as SSLv3 has been disabled
(OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally use SSLv3_method()
functions.

ab.c fails at build time, mod_ssl is slightly nastier as this isn't
picked up until trying to start a server with ssl enabled.

Thanks,
Stuart

--- support/ab.c.orig   Fri Jul 17 22:55:57 2015
+++ support/ab.cFri Jul 17 22:56:13 2015
@@ -2314,8 +2314,10 @@ int main(int argc, const char * const argv[])
 } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
 meth = SSLv2_client_method();
 #endif
+#ifndef OPENSSL_NO_SSL3
 } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
 meth = SSLv3_client_method();
+#endif
 #ifdef HAVE_TLSV1_X
 } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
 meth = TLSv1_1_client_method();

--- modules/ssl/ssl_engine_init.c.orig  Sun Sep  6 15:23:52 2015
+++ modules/ssl/ssl_engine_init.c   Sun Sep  6 15:57:35 2015
@@ -484,9 +484,15 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *
  "Creating new SSL context (protocols: %s)", cp);
 
 if (protocol == SSL_PROTOCOL_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
 method = mctx->pkp ?
 SSLv3_client_method() : /* proxy */
 SSLv3_server_method();  /* server */
+#else
+ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+"SSLv3 protocol not available");
+return ssl_die(s);
+#endif
 }
 else if (protocol == SSL_PROTOCOL_TLSV1) {
 method = mctx->pkp ?

Re: patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds

2015-09-10 Thread Stefan Sperling

On Thu, Sep 10, 2015 at 10:37:44AM +, Stuart Henderson wrote:
> I've opened a ticket for this already (bz 58349) but it was suggested
> that I send mail here as well.
> 
> Currently httpd builds fail with libressl as SSLv3 has been disabled
> (OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally use SSLv3_method()
> functions.
> 
> ab.c fails at build time, mod_ssl is slightly nastier as this isn't
> picked up until trying to start a server with ssl enabled.
> 
> Thanks,
> Stuart

Does OpenSSL use the name OPENSSL_NO_SSL3 too?
Or is this macro defined by LibreSSL only?

> --- support/ab.c.orig Fri Jul 17 22:55:57 2015
> +++ support/ab.c  Fri Jul 17 22:56:13 2015
> @@ -2314,8 +2314,10 @@ int main(int argc, const char * const argv[])
>  } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
>  meth = SSLv2_client_method();
>  #endif
> +#ifndef OPENSSL_NO_SSL3
>  } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
>  meth = SSLv3_client_method();
> +#endif
>  #ifdef HAVE_TLSV1_X
>  } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
>  meth = TLSv1_1_client_method();
> 
> --- modules/ssl/ssl_engine_init.c.origSun Sep  6 15:23:52 2015
> +++ modules/ssl/ssl_engine_init.c Sun Sep  6 15:57:35 2015
> @@ -484,9 +484,15 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *
>   "Creating new SSL context (protocols: %s)", cp);
>  
>  if (protocol == SSL_PROTOCOL_SSLV3) {
> +#ifndef OPENSSL_NO_SSL3
>  method = mctx->pkp ?
>  SSLv3_client_method() : /* proxy */
>  SSLv3_server_method();  /* server */
> +#else
> +ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
> +"SSLv3 protocol not available");
> +return ssl_die(s);
> +#endif
>  }
>  else if (protocol == SSL_PROTOCOL_TLSV1) {
>  method = mctx->pkp ?
>

Re: patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds

2015-09-10 Thread Stuart Henderson

On 2015/09/10 13:40, Stefan Sperling wrote:
> On Thu, Sep 10, 2015 at 10:37:44AM +, Stuart Henderson wrote:
> > I've opened a ticket for this already (bz 58349) but it was suggested
> > that I send mail here as well.
> > 
> > Currently httpd builds fail with libressl as SSLv3 has been disabled
> > (OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally use SSLv3_method()
> > functions.
> > 
> > ab.c fails at build time, mod_ssl is slightly nastier as this isn't
> > picked up until trying to start a server with ssl enabled.
> > 
> > Thanks,
> > Stuart
> 
> Does OpenSSL use the name OPENSSL_NO_SSL3 too?
> Or is this macro defined by LibreSSL only?

With OpenSSL this is defined when it's built with the no-ssl3 option, it
works the same as building with no-rc5, no-ssl2, etc. This patch is
similar to previous patches which were added to various projects when
various OS (e.g. Debian, OpenBSD) disabled ssl2 in their standard builds
of OpenSSL.

For LibreSSL the functions have just been removed completely, it's no
longer a build option, but the effect is exactly the same as an OpenSSL
build with no-ssl3.

Re: silly ab patch for SNI and OCSP stapling

2015-05-16 Thread Jeff Trawick

On Sat, May 16, 2015 at 10:39 AM, Daniel Ruggeri drugg...@primary.net
wrote:

 +1, but I would also propose a command line flag to override the SNI host
 name supplied in case one is testing directly by IP address.


in that case shouldn't you also be overriding Host:, so the SNI host name
can use the same override?  I think this may lead the user into a more
helpful scenario, if indeed they don't already know when to override Host:,
and I don't know how useful it is to have different values for Host: and
SNI.



 --
 Daniel Ruggeri

 --
 *From:* Jeff Trawick traw...@gmail.com
 *Sent:* May 12, 2015 2:31:37 PM CDT
 *To:* Apache HTTP Server Development List dev@httpd.apache.org
 *Subject:* silly ab patch for SNI and OCSP stapling

 ... where OCSP stapling means get the server to do the related work
 but don't care what you get back.

 Perhaps this doesn't save any time for anybody that would want to test
 such a thing, but who knows?

 Index: support/ab.c
 --

 --- support/ab.c(revision 1679028)
 +++ support/ab.c(working copy)
 @@ -1287,6 +1287,8 @@
   bio = BIO_new_socket(fd, BIO_NOCLOSE);
   SSL_set_bio(c-ssl, bio, bio);
   SSL_set_connect_state(c-ssl);
 +SSL_set_tlsext_host_name(c-ssl, hostname);
 +SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
   if (verbosity = 4) {
   BIO_set_callback(bio, ssl_print_cb);
   BIO_set_callback_arg(bio, (void *)bio_err);

 The lack of SNI is a pretty big hole now; it probably doesn't need much
 extra in the way of #if/if to do the right thing.




-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: silly ab patch for SNI and OCSP stapling

2015-05-16 Thread Daniel Ruggeri

Yep, my mistake. I thought there was a command line switch to change the
host header. You're correct - it wouldn't make much sense to override
one and not the other.

-- 
Daniel Ruggeri

On 5/16/2015 11:25 AM, Jeff Trawick wrote:
 in that case shouldn't you also be overriding Host:, so the SNI host
 name can use the same override?  I think this may lead the user into a
 more helpful scenario, if indeed they don't already know when to
 override Host:, and I don't know how useful it is to have different
 values for Host: and SNI.

Re: silly ab patch for SNI and OCSP stapling

2015-05-16 Thread Daniel Ruggeri

+1, but I would also propose a command line flag to override the SNI host name 
supplied in case one is testing directly by IP address.
-- 
Daniel Ruggeri


 Original Message 
From: Jeff Trawick traw...@gmail.com
Sent: May 12, 2015 2:31:37 PM CDT
To: Apache HTTP Server Development List dev@httpd.apache.org
Subject: silly ab patch for SNI and OCSP stapling

... where OCSP stapling means get the server to do the related work 
but don't care what you get back.

Perhaps this doesn't save any time for anybody that would want to test 
such a thing, but who knows?

Index: support/ab.c
===
--- support/ab.c(revision 1679028)
+++ support/ab.c(working copy)
@@ -1287,6 +1287,8 @@
  bio = BIO_new_socket(fd, BIO_NOCLOSE);
  SSL_set_bio(c-ssl, bio, bio);
  SSL_set_connect_state(c-ssl);
+SSL_set_tlsext_host_name(c-ssl, hostname);
+SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
  if (verbosity = 4) {
  BIO_set_callback(bio, ssl_print_cb);
  BIO_set_callback_arg(bio, (void *)bio_err);

The lack of SNI is a pretty big hole now; it probably doesn't need much 
extra in the way of #if/if to do the right thing.

Re: silly ab patch for SNI and OCSP stapling

2015-05-12 Thread Yann Ylavic

+1, to both! Thanks.

On Tue, May 12, 2015 at 9:31 PM, Jeff Trawick traw...@gmail.com wrote:
 ... where OCSP stapling means get the server to do the related work but
 don't care what you get back.

 Perhaps this doesn't save any time for anybody that would want to test such
 a thing, but who knows?

 Index: support/ab.c
 ===
 --- support/ab.c(revision 1679028)
 +++ support/ab.c(working copy)
 @@ -1287,6 +1287,8 @@
  bio = BIO_new_socket(fd, BIO_NOCLOSE);
  SSL_set_bio(c-ssl, bio, bio);
  SSL_set_connect_state(c-ssl);
 +SSL_set_tlsext_host_name(c-ssl, hostname);
 +SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
  if (verbosity = 4) {
  BIO_set_callback(bio, ssl_print_cb);
  BIO_set_callback_arg(bio, (void *)bio_err);

 The lack of SNI is a pretty big hole now; it probably doesn't need much
 extra in the way of #if/if to do the right thing.

silly ab patch for SNI and OCSP stapling

2015-05-12 Thread Jeff Trawick

... where OCSP stapling means get the server to do the related work 
but don't care what you get back.


Perhaps this doesn't save any time for anybody that would want to test 
such a thing, but who knows?


Index: support/ab.c
===
--- support/ab.c(revision 1679028)
+++ support/ab.c(working copy)
@@ -1287,6 +1287,8 @@
 bio = BIO_new_socket(fd, BIO_NOCLOSE);
 SSL_set_bio(c-ssl, bio, bio);
 SSL_set_connect_state(c-ssl);
+SSL_set_tlsext_host_name(c-ssl, hostname);
+SSL_set_tlsext_status_type(c-ssl, TLSEXT_STATUSTYPE_ocsp);
 if (verbosity = 4) {
 BIO_set_callback(bio, ssl_print_cb);
 BIO_set_callback_arg(bio, (void *)bio_err);

The lack of SNI is a pretty big hole now; it probably doesn't need much 
extra in the way of #if/if to do the right thing.

ab and SNI

Hi

is there something wrong with these patches or why does ab not send SNI 
headers?
https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

for each https-request fro ab the target servers floods one line into log

[Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No hostname 
was provided via SNI for a name
based virtual host
[Sat Nov 23 14:00:33.594877 2013] [ssl:error] [pid 27315] AH02033: No hostname 
was provided via SNI for a name
based virtual host
[Sat Nov 23 14:00:33.598552 2013] [ssl:error] [pid 27317] AH02033: No hostname 
was provided via SNI for a name
based virtual host




signature.asc
Description: OpenPGP digital signature

Re: ab and SNI

On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net wrote:
 Hi

 is there something wrong with these patches or why does ab not send SNI 
 headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

I suggest using bugzilla.

Re: ab and SNI

2013-11-23 Thread Jeff Trawick

On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.netwrote:

 Hi

 is there something wrong with these patches or why does ab not send SNI
 headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

 for each https-request fro ab the target servers floods one line into log

 [Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.594877 2013] [ssl:error] [pid 27315] AH02033: No
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.598552 2013] [ssl:error] [pid 27317] AH02033: No
 hostname was provided via SNI for a name
 based virtual host



Ask Meena perhaps?  She's quite harmless.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: ab and SNI


Am 23.11.2013 14:22, schrieb Jeff Trawick:
 On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net 
 mailto:h.rei...@thelounge.net wrote:
 
 is there something wrong with these patches or why does ab not send SNI 
 headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni
 
 for each https-request fro ab the target servers floods one line into 
 log
 
 [Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.594877 2013] [ssl:error] [pid 27315] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.598552 2013] [ssl:error] [pid 27317] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 
 Ask Meena perhaps?  She's quite harmless

you missed what i asked - in fact why there are patches needed
why does ab -c 100 -n 50 https://www.test.rh/; not send SNI headers and 
flood logs




signature.asc
Description: OpenPGP digital signature

Re: ab and SNI

On Sat, Nov 23, 2013 at 8:33 AM, Reindl Harald h.rei...@thelounge.net wrote:

 Am 23.11.2013 14:22, schrieb Jeff Trawick:
 On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net 
 mailto:h.rei...@thelounge.net wrote:

 is there something wrong with these patches or why does ab not send 
 SNI headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

 for each https-request fro ab the target servers floods one line into 
 log

 [Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.594877 2013] [ssl:error] [pid 27315] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.598552 2013] [ssl:error] [pid 27317] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host

 Ask Meena perhaps?  She's quite harmless

 you missed what i asked - in fact why there are patches needed
 why does ab -c 100 -n 50 https://www.test.rh/; not send SNI headers and 
 flood logs

The code wrote, built, and tested itself, but we removed it out of spite.

Re: ab and SNI


Am 23.11.2013 15:44, schrieb Eric Covener:
 On Sat, Nov 23, 2013 at 8:33 AM, Reindl Harald h.rei...@thelounge.net wrote:

 Am 23.11.2013 14:22, schrieb Jeff Trawick:
 On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net:

 is there something wrong with these patches or why does ab not send 
 SNI headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

 for each https-request fro ab the target servers floods one line into 
 log

 [Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.594877 2013] [ssl:error] [pid 27315] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host
 [Sat Nov 23 14:00:33.598552 2013] [ssl:error] [pid 27317] AH02033: No 
 hostname was provided via SNI for a name
 based virtual host

 Ask Meena perhaps?  She's quite harmless

 you missed what i asked - in fact why there are patches needed
 why does ab -c 100 -n 50 https://www.test.rh/; not send SNI headers and 
 flood logs
 
 The code wrote, built, and tested itself, but we removed it out of spite

sorry that i offended you in bringing on-list things i noticed and forced
you to throw around cynicism - maybe i better not waste my time to point
out things which could be improved before i learned C++ to apply changes
myself



signature.asc
Description: OpenPGP digital signature

Re: ab and SNI

 is there something wrong with these patches or why does ab not send 
 SNI headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

 Ask Meena perhaps?  She's quite harmless

 you missed what i asked - in fact why there are patches needed
 why does ab -c 100 -n 50 https://www.test.rh/; not send SNI headers 
 and flood logs

 The code wrote, built, and tested itself, but we removed it out of spite

 sorry that i offended you in bringing on-list things i noticed and forced
 you to throw around cynicism - maybe i better not waste my time to point
 out things which could be improved before i learned C++ to apply changes
 myself


I don't think this list is appropriate for this issue.

Further, I think your emails in this thread are flippant and demeaning
to the volunteers here.

I personally de-prioritize thinking about issues framed in this way.

Re: ab and SNI

I should also add that I see a pattern here, in case my response seems
disproportionate.

Re: ab and SNI


Am 23.11.2013 16:13, schrieb Eric Covener:
 is there something wrong with these patches or why does ab not send SNI 
 headers?
 https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni

 Ask Meena perhaps?  She's quite harmless

 you missed what i asked - in fact why there are patches needed
 why does ab -c 100 -n 50 https://www.test.rh/; not send SNI headers 
 and flood logs

 The code wrote, built, and tested itself, but we removed it out of spite

 sorry that i offended you in bringing on-list things i noticed and forced
 you to throw around cynicism - maybe i better not waste my time to point
 out things which could be improved before i learned C++ to apply changes
 myself
 
 I don't think this list is appropriate for this issue.

then state it without cynicism and disrespect

 Further, I think your emails in this thread are flippant

there is nothing flippant in asking questions

 and demeaning to the volunteers here

maybe consider not assume bad intentions from everybody
which is not a reputable core-maintainer

 I personally de-prioritize thinking about issues framed in this way

what is this way?

maybe assume that non-native speakers phrase things different
without any bad intention

 I should also add that I see a pattern here, in case my response seems
 disproportionate

explain what you believe that you see instead throw fog candles hence

if that is the attitude of the http-devel list i should unsubscribe here
after mod_security works fine with Apache 2.4 behind a reverse-proxy
since I (as stupid user which should be quite - that is how your attitude
sounds like) spent my energy at the begin of 2013 to find out where the
problem is, where it can be solved and you hardly can tell me that no others
benefit from the result - the definition of a community is also users and
the topic is *not* appropriate for the users-list

hence if you have a personal problem state it or leave me in peace



signature.asc
Description: OpenPGP digital signature

Re: ab and SNI

2013-11-23 Thread Jeff Trawick

On Sat, Nov 23, 2013 at 10:27 AM, Reindl Harald h.rei...@thelounge.netwrote:


 Am 23.11.2013 16:13, schrieb Eric Covener:
  is there something wrong with these patches or why does ab not
 send SNI headers?
  https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni
 
  Ask Meena perhaps?  She's quite harmless
 
  you missed what i asked - in fact why there are patches needed
  why does ab -c 100 -n 50 https://www.test.rh/; not send SNI
 headers and flood logs
 
  The code wrote, built, and tested itself, but we removed it out of
 spite
 
  sorry that i offended you in bringing on-list things i noticed and
 forced
  you to throw around cynicism - maybe i better not waste my time to point
  out things which could be improved before i learned C++ to apply changes
  myself
 
  I don't think this list is appropriate for this issue.

 then state it without cynicism and disrespect

  Further, I think your emails in this thread are flippant

 there is nothing flippant in asking questions

  and demeaning to the volunteers here

 maybe consider not assume bad intentions from everybody
 which is not a reputable core-maintainer

  I personally de-prioritize thinking about issues framed in this way

 what is this way?

 maybe assume that non-native speakers phrase things different
 without any bad intention

  I should also add that I see a pattern here, in case my response seems
  disproportionate

 explain what you believe that you see instead throw fog candles hence

 if that is the attitude of the http-devel list i should unsubscribe here
 after mod_security works fine with Apache 2.4 behind a reverse-proxy
 since I (as stupid user which should be quite - that is how your attitude
 sounds like) spent my energy at the begin of 2013 to find out where the
 problem is, where it can be solved and you hardly can tell me that no
 others
 benefit from the result - the definition of a community is also users and
 the topic is *not* appropriate for the users-list

 hence if you have a personal problem state it or leave me in peace


My impression from reading your posts is that you are needlessly combative
and impatient, at the same time that you have an understandable need for
others on the list to dedicate time to your queries and reports.  This is
usually a bad combination.

Talk of unsubscribing or your value to the community is unnecessary.  The
situation is the same for you as for anyone else:  If you are softer in
your approach then more people will take time to assist.

(Before you respond, realize that it is easier for me or anyone else to
simply ignore you than it is to try imperfectly to give hints for better
interaction.)

Sincerely!

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: ab and SNI


Am 23.11.2013 16:48, schrieb Jeff Trawick:
 On Sat, Nov 23, 2013 at 10:27 AM, Reindl Harald h.rei...@thelounge.net
 
 Am 23.11.2013 16:13, schrieb Eric Covener:
  I don't think this list is appropriate for this issue.
 
 then state it without cynicism and disrespect
 
  Further, I think your emails in this thread are flippant
 
 there is nothing flippant in asking questions
 
  and demeaning to the volunteers here
 
 maybe consider not assume bad intentions from everybody
 which is not a reputable core-maintainer
 
  I personally de-prioritize thinking about issues framed in this way
 
 what is this way?
 
 maybe assume that non-native speakers phrase things different
 without any bad intention
 
  I should also add that I see a pattern here, in case my response seems
  disproportionate
 
 explain what you believe that you see instead throw fog candles hence
 
 if that is the attitude of the http-devel list i should unsubscribe here
 after mod_security works fine with Apache 2.4 behind a reverse-proxy
 since I (as stupid user which should be quite - that is how your attitude
 sounds like) spent my energy at the begin of 2013 to find out where the
 problem is, where it can be solved and you hardly can tell me that no 
 others
 benefit from the result - the definition of a community is also users and
 the topic is *not* appropriate for the users-list
 
 hence if you have a personal problem state it or leave me in peace
 
 My impression from reading your posts is that you are needlessly combative 
 and impatient

combative maybe if someone responds with a shut up user attitude

impatient? i asked a question and i am facing this over many months
if i would be impatient i had asked the question long ago

call me impatient would be reasonable if i send daily a ping

 at the same time that you have an understandable need for others on the list 
 to 
 dedicate time to your queries and reports. This is usually a bad combination.

that is simply not true

a simple answer noticed, not high priority, but noticed would have
fnished the whole thread without any need to respond with cynicism
and disrespect

 Talk of unsubscribing or your value to the community is unnecessary

it is unnecessary?
it is the logical consequence of beeing undesirable

 The situation is the same for you as for anyone else:  
 If you are softer in your approach then more people will take time to assist

my intention in the inital post was not to be unsoft or somehow else bad
that's the simple history of the initial posting

* i found the flood in the logs again
* i called ab --help, there is nothing about SNI
* i called man ab, there is no manpage
* i typed https://www.google.at/search?q=ab+benchmark+sni
* i found that there is a solutionwhich is worth to be upstream
  not today, not tomorrow, sooner or later in whatever release

 (Before you respond, realize that it is easier for me or anyone else to 
 simply ignore you than it is to try
 imperfectly to give hints for better interaction.)

appreciated



signature.asc
Description: OpenPGP digital signature

[PATCH 55360] Potential buffer overflows in support/ab

2013-08-05 Thread Mike Rumph


Hello all,

A comment section in support/ab.c lists the following known problems:

/*
 * BUGS:
 *
 * - uses strcpy/etc.
 * - has various other poor buffer attacks related to the lazy parsing of
 *   response headers from the server
 * - doesn't implement much of HTTP/1.x, only accepts certain forms of
 *   responses
 * - (performance problem) heavy use of strstr shows up top in profile
 *   only an issue for loopback usage
 */

I was able to duplicate segmentation faults through the T and X command 
line options.


I submitted a patch to fix potential buffer overflows through these options.
- https://issues.apache.org/bugzilla/show_bug.cgi?id=55360

The patch also removes 2 unreferenced fixed length buffers.

support/ab.c also contains 3 additional fixed length buffers that could 
potentially overflow:

- servername, buffer and _request

Fixing these problems will require a deeper understanding of the code.

Please, consider the submitted patch for adoption.

Thanks,

Mike Rumph

Re: [PATCH 55360] Potential buffer overflows in support/ab

2013-08-05 Thread Jeff Trawick

On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph mike.ru...@oracle.com wrote:

 Hello all,

 A comment section in support/ab.c lists the following known problems:

 /*
  * BUGS:
  *
  * - uses strcpy/etc.
  * - has various other poor buffer attacks related to the lazy parsing of
  *   response headers from the server
  * - doesn't implement much of HTTP/1.x, only accepts certain forms of
  *   responses
  * - (performance problem) heavy use of strstr shows up top in profile
  *   only an issue for loopback usage
  */

 I was able to duplicate segmentation faults through the T and X command
 line options.

 I submitted a patch to fix potential buffer overflows through these
 options.
 - 
 https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360https://issues.apache.org/bugzilla/show_bug.cgi?id=55360

 The patch also removes 2 unreferenced fixed length buffers.

 support/ab.c also contains 3 additional fixed length buffers that could
 potentially overflow:
 - servername, buffer and _request

 Fixing these problems will require a deeper understanding of the code.

 Please, consider the submitted patch for adoption.



The patch looks fine in an initial glance.  I anticipate committing it
today after eyeballing it a bit more.  (Or else I'll speak up.)

Thanks,

Jeff



 Thanks,

 Mike Rumph





-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: [PATCH 55360] Potential buffer overflows in support/ab

2013-08-05 Thread Jeff Trawick

On Mon, Aug 5, 2013 at 4:10 PM, Jeff Trawick traw...@gmail.com wrote:

On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph mike.ru...@oracle.com wrote:

Hello all,

A comment section in support/ab.c lists the following known problems:

/*
* BUGS:
*
* - uses strcpy/etc.
* - has various other poor buffer attacks related to the lazy parsing of
* response headers from the server
* - doesn't implement much of HTTP/1.x, only accepts certain forms of
* responses
* - (performance problem) heavy use of strstr shows up top in profile
* only an issue for loopback usage
*/

I was able to duplicate segmentation faults through the T and X command
line options.

I submitted a patch to fix potential buffer overflows through these
options.
-
https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360https://issues.apache.org/bugzilla/show_bug.cgi?id=55360

The patch also removes 2 unreferenced fixed length buffers.

support/ab.c also contains 3 additional fixed length buffers that could
potentially overflow:
- servername, buffer and _request

Fixing these problems will require a deeper understanding of the code.

Please, consider the submitted patch for adoption.

The patch looks fine in an initial glance. I anticipate committing it
today after eyeballing it a bit more. (Or else I'll speak up.)

This is now in trunk as r1510707; I'll nominate for inclusion in 2.4.next
shortly.

Thanks,

Jeff

Thanks,

Mike Rumph

--
Born in Roswell... married an alien...
http://emptyhammock.com/

ab-mruby is a HTTP Benchmark and Test Framework

2013-06-20 Thread MATSUMOTO Ryosuke

Hi, all

I have implemented ab-mruby.

ab-mruby is a HTTP Benchmark and Test Framework based on ab. ab-mruby
embedded mruby into ab command. mruby is a embeddable scripting language
like lua.

You can test and configure ab command options dynamically by mruby script.

https://github.com/matsumoto-r/ab-mruby

I'd like to get your thoughts on it.

Best regards,

-- 
MATSUMOTO Ryosuke  matsu1229 at gmail.com 
http://blog.matsumoto-r.jp/

Re: ab: socket_timeout parameter -s (default: 30sec)

2012-12-17 Thread Christophe JAILLET


Le 16/12/2012 03:28, Guido Serra a écrit :

Hi,
I added a parameter to the utility Apache Benchmark (ab) to allow setting the 
socket timeout
...it is currently a hardcoded value at 30 seconds, and this is problematic on 
bad applications that
have a slight percentage of requests going above that threshold... or worse


Thank you for the patch and for the test results.

I've applied it on my own tree but not pushed yet on trunk.

You use a new -s switch. However, 
http://httpd.apache.org/docs/trunk/en/programs/ab.html has it already 
assigned.

This was related to rudimentary https support.

*But* I don't find anything that look like that in the code or changelog 
about this.



Does any one know when/if this option was already used and where this 
rudimentary https support is ?

The only things I have is the use of port 443 if the scheme has https://.
Is there something I have missed ?


IMO, using the -s option for passing a timeout should be OK, as per the 
proposed patch, and doc should be updated accordingly.



Best regards,
CJ

Re: ab: socket_timeout parameter -s (default: 30sec)

2012-12-17 Thread Christophe JAILLET


Le 17/12/2012 12:45, Christophe JAILLET a écrit :

Le 16/12/2012 03:28, Guido Serra a écrit :

Hi,
I added a parameter to the utility Apache Benchmark (ab) to allow 
setting the socket timeout
...it is currently a hardcoded value at 30 seconds, and this is 
problematic on bad applications that
have a slight percentage of requests going above that threshold... or 
worse



Thank you for the patch and for the test results.

I've applied it on my own tree but not pushed yet on trunk.

You use a new -s switch. However, 
http://httpd.apache.org/docs/trunk/en/programs/ab.html has it already 
assigned.

This was related to rudimentary https support.

*But* I don't find anything that look like that in the code or 
changelog about this.



Does any one know when/if this option was already used and where this 
rudimentary https support is ?

The only things I have is the use of port 443 if the scheme has https://.
Is there something I have missed ?


IMO, using the -s option for passing a timeout should be OK, as per 
the proposed patch, and doc should be updated accordingly.



Best regards,
CJ


Applied to trunk:
http://svn.apache.org/viewvc?view=revisionrevision=1422937

CJ

ab: socket_timeout parameter -s (default: 30sec)

2012-12-15 Thread Guido Serra

Hi,
I added a parameter to the utility Apache Benchmark (ab) to allow setting the 
socket timeout
...it is currently a hardcoded value at 30 seconds, and this is problematic on 
bad applications that 
have a slight percentage of requests going above that threshold... or worse


ab.diff
Description: Binary data


ab_man.diff
Description: Binary data

Anyway, I did managed to create a patch for the utility and one for the man 
file. 

Would u mind merging them?

sample of usage:

grinder:~ zeph$ nc -l 12345

grinder:support zeph$ time ./ab -n 1 -c 1 http://localhost:12345/
This is ApacheBench, Version 2.3 $Revision: 1395225 $
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)...apr_pollset_poll: The timeout specified 
has expired (70007)

real0m30.058s

grinder:~ zeph$ nc -l 12345

grinder:support zeph$ time ./ab -s 1 -n 1 -c 1 http://localhost:12345/
This is ApacheBench, Version 2.3 $Revision: 1395225 $
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)...apr_pollset_poll: The timeout specified 
has expired (70007)

real0m1.043s

grinder:~ zeph$ nc -l 12345

grinder:support zeph$ time ./ab -s 45 -n 1 -c 1 http://localhost:12345/
This is ApacheBench, Version 2.3 $Revision: 1395225 $
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)...apr_pollset_poll: The timeout specified 
has expired (70007)

real0m45.041s

regards,
--
Guido Serra
http://guidoserra.it

[PATCH] does ab actually work over SSL for anyone?

2012-08-09 Thread Jeff Trawick

Index: support/ab.c
===
--- support/ab.c(revision 1370289)
+++ support/ab.c(working copy)
@@ -1347,11 +1347,21 @@
 good++;
 close_connection(c);
 }
+else if (scode == SSL_ERROR_SYSCALL
+  status == 0
+  c-read != 0) {
+/* connection closed, but in violation of the protocol, after
+ * some data has already been read; this commonly happens, so
+ * let the length check catch any response errors
+ */
+good++;
+close_connection(c);
+}
 else if (scode != SSL_ERROR_WANT_WRITE
   scode != SSL_ERROR_WANT_READ) {
 /* some fatal error: */
 c-read = 0;
-BIO_printf(bio_err, SSL read failed - closing connection\n);
+BIO_printf(bio_err, SSL read failed (%d) - closing
connection\n, scode);
 ERR_print_errors(bio_err);
 close_connection(c);
 }

Without it I get something like this:

...
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
SSL read failed - closing connection
Completed 200 requests
Finished 200 requests


Server Software:
Server Hostname:127.0.0.1
Server Port:8443

Document Path:  /manual/mod/mod_rewrite.html.en
Document Length:0 bytes   

The server is trunk mod_ssl using standard shutdown.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: ab: HTTP/1.1

2010-08-16 Thread Jeff Trawick

2010/8/15 Igor Galić i.ga...@brainsware.org


 Hi folks,

 In stumbling over this: http://dpaste.de/NFVw/
 I put together a quick patch.


HTTP/1.0 defaults to Connection: Close.  There's no need to transmit those
bytes when specifying 1.0.

Perhaps the server you're using doesn't handle that properly?




 Good night
 --
 Igor Galić

 Tel: +43 (0) 664 886 22 883
 Mail: i.ga...@brainsware.org
 URL: http://brainsware.org/




-- 
Born in Roswell... married an alien...

ab: HTTP/1.1

2010-08-15 Thread Igor Galić


Hi folks,

In stumbling over this: http://dpaste.de/NFVw/
I put together a quick patch.

Good night
-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
Index: ab.c
===
--- ab.c	(revision 985779)
+++ ab.c	(working copy)
@@ -1643,17 +1643,17 @@
 /* setup request */
 if (!send_body) {
 snprintf_res = apr_snprintf(request, sizeof(_request),
-%s %s HTTP/1.0\r\n
+%s %s HTTP/1.1\r\n
 %s %s %s
 %s \r\n,
 method_str[method],
 (isproxy) ? fullurl : path,
-keepalive ? Connection: Keep-Alive\r\n : ,
+keepalive ? Connection: Keep-Alive\r\n : Connection: close\r\n,
 cookie, auth, hdrs);
 }
 else {
 snprintf_res = apr_snprintf(request,  sizeof(_request),
-%s %s HTTP/1.0\r\n
+%s %s HTTP/1.1\r\n
 %s %s %s
 Content-length: % APR_SIZE_T_FMT \r\n
 Content-type: %s\r\n
@@ -1661,7 +1661,7 @@
 \r\n,
 method_str[method],
 (isproxy) ? fullurl : path,
-keepalive ? Connection: Keep-Alive\r\n : ,
+keepalive ? Connection: Keep-Alive\r\n : Connection: close\r\n,
 cookie, auth,
 postlen,
 (content_type[0]) ? content_type : text/plain, hdrs);

Re: svn commit: r811806 - in /httpd/httpd/trunk: CHANGES docs/man/ab.8 support/ab.c

2009-09-08 Thread William A. Rowe, Jr.

Jeff Barnes wrote:
 I obsoleted the .8 file and attached the svn diff for the xml file.
 
 Should the ab.8 file be removed from svn if it gets overwritten with each 
 documentation generation?

No moreso than the .html files, all generated from xml.  We don't expect
typical developers to install the docs toolchain.

Perhaps it's time we did, but that's a different discussion altogether ;)

Re: svn commit: r811806 - in /httpd/httpd/trunk: CHANGES docs/man/ab.8 support/ab.c

2009-09-06 Thread Ruediger Pluem



On 09/06/2009 01:03 PM, minf...@apache.org wrote:
 Author: minfrin
 Date: Sun Sep  6 11:03:14 2009
 New Revision: 811806
 
 URL: http://svn.apache.org/viewvc?rev=811806view=rev
 Log:
 Add support for HTTP PUT to ab.
 Submiited by: Jeff Barnes jbarnesweb yahoo.com
 
 Modified:
 httpd/httpd/trunk/CHANGES
 httpd/httpd/trunk/docs/man/ab.8
 httpd/httpd/trunk/support/ab.c
 

 Modified: httpd/httpd/trunk/docs/man/ab.8
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/man/ab.8?rev=811806r1=811805r2=811806view=diff
 ==
 --- httpd/httpd/trunk/docs/man/ab.8 (original)
 +++ httpd/httpd/trunk/docs/man/ab.8 Sun Sep  6 11:03:14 2009
 @@ -27,7 +27,7 @@
  .SH SYNOPSIS
   
  .PP
 -\fBab\fR [ -\fBA\fR \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR 
 \fIwindowsize\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR 
 \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR \fIcsv-file\fR ] [ 
 -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR \fIgnuplot-file\fR ] [ -\fBh\fR ] [ 
 -\fBH\fR \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBn\fR 
 \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBP\fR 
 \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [ -\fBr\fR ] [ 
 -\fBs\fR ] [ -\fBS\fR ] [ -\fBt\fR \fItimelimit\fR ] [ -\fBT\fR 
 \fIcontent-type\fR ] [ -\fBv\fR \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ 
 -\fBx\fR \fItable-attributes\fR ] [ -\fBX\fR \fIproxy\fR[:\fIport\fR] ] [ 
 -\fBy\fR \fItr-attributes\fR ] [ -\fBz\fR \fItd-attributes\fR ] [ 
 -\fBZ\fR \fIciphersuite\fR ] 
 [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR
 +\fBab\fR [ -\fBA\fR \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR 
 \fIwindowsize\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR 
 \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR \fIcsv-file\fR ] [ 
 -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR \fIgnuplot-file\fR ] [ -\fBh\fR ] [ 
 -\fBH\fR \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBn\fR 
 \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBu\fR \fIPUT-file\fR ] [ 
 -\fBP\fR \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [ -\fBr\fR ] 
 [ -\fBs\fR ] [ -\fBS\fR ] [ -\fBt\fR \fItimelimit\fR ] [ -\fBT\fR 
 \fIcontent-type\fR ] [ -\fBv\fR \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ 
 -\fBx\fR \fItable-attributes\fR ] [ -\fBX\fR \fIproxy\fR[:\fIport\fR] ] [ 
 -\fBy\fR \fItr-attributes\fR ] [ -\fBz\fR \fItd-attributes\fR ] [ 
 -\fBZ\fR \fIciphersuite\fR ] 
 [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR
   
  
  .SH SUMMARY
 

This is bad. ab.8 is generated from ab.xml. So this change gets lost the next 
time the documentation
gets regenerated.

Regards

Rüdiger

Re: svn commit: r811806 - in /httpd/httpd/trunk: CHANGES docs/man/ab.8 support/ab.c

2009-09-06 Thread Jeff Barnes

I obsoleted the .8 file and attached the svn diff for the xml file.

Should the ab.8 file be removed from svn if it gets overwritten with each 
documentation generation?

Thanks,
Jeff

--- On Sun, 9/6/09, Ruediger Pluem rpl...@apache.org wrote:

 From: Ruediger Pluem rpl...@apache.org
 Subject: Re: svn commit: r811806 - in /httpd/httpd/trunk: CHANGES 
 docs/man/ab.8 support/ab.c
 To: dev@httpd.apache.org
 Date: Sunday, September 6, 2009, 5:52 AM
 
 
 On 09/06/2009 01:03 PM, minf...@apache.org
 wrote:
  Author: minfrin
  Date: Sun Sep  6 11:03:14 2009
  New Revision: 811806
  
  URL: http://svn.apache.org/viewvc?rev=811806view=rev
  Log:
  Add support for HTTP PUT to ab.
  Submiited by: Jeff Barnes jbarnesweb
 yahoo.com
  
  Modified:
      httpd/httpd/trunk/CHANGES
  
    httpd/httpd/trunk/docs/man/ab.8
  
    httpd/httpd/trunk/support/ab.c
  
 
  Modified: httpd/httpd/trunk/docs/man/ab.8
  URL: 
  http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/man/ab.8?rev=811806r1=811805r2=811806view=diff
 
 ==
  --- httpd/httpd/trunk/docs/man/ab.8 (original)
  +++ httpd/httpd/trunk/docs/man/ab.8 Sun Sep  6
 11:03:14 2009
  @@ -27,7 +27,7 @@
   .SH SYNOPSIS
    
   .PP
  -\fBab\fR [ -\fBA\fR
 \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR
 \fIwindowsize\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR
 \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR
 \fIcsv-file\fR ] [ -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR
 \fIgnuplot-file\fR ] [ -\fBh\fR ] [ -\fBH\fR
 \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBn\fR
 \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBP\fR
 \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [
 -\fBr\fR ] [ -\fBs\fR ] [ -\fBS\fR ] [ -\fBt\fR
 \fItimelimit\fR ] [ -\fBT\fR \fIcontent-type\fR ] [ -\fBv\fR
 \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ -\fBx\fR
 \fItable-attributes\fR ] [ -\fBX\fR
 \fIproxy\fR[:\fIport\fR] ] [ -\fBy\fR
 \fItr-attributes\fR ] [ -\fBz\fR
 \fItd-attributes\fR ] [ -\fBZ\fR \fIciphersuite\fR ]
 [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR
  +\fBab\fR [ -\fBA\fR
 \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR
 \fIwindowsize\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR
 \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR
 \fIcsv-file\fR ] [ -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR
 \fIgnuplot-file\fR ] [ -\fBh\fR ] [ -\fBH\fR
 \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBn\fR
 \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBu\fR
 \fIPUT-file\fR ] [ -\fBP\fR
 \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [
 -\fBr\fR ] [ -\fBs\fR ] [ -\fBS\fR ] [ -\fBt\fR
 \fItimelimit\fR ] [ -\fBT\fR \fIcontent-type\fR ] [ -\fBv\fR
 \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ -\fBx\fR
 \fItable-attributes\fR ] [ -\fBX\fR
 \fIproxy\fR[:\fIport\fR] ] [ -\fBy\fR
 \fItr-attributes\fR ] [ -\fBz\fR
 \fItd-attributes\fR ] [ -\fBZ\fR \fIciphersuite\fR ]
 [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR
    
   
   .SH SUMMARY
  
 
 This is bad. ab.8 is generated from ab.xml. So this change
 gets lost the next time the documentation
 gets regenerated.
 
 Regards
 
 Rüdiger

Re: ab

2009-09-04 Thread Jeff Barnes

Apparently my last submission to the list was a patch for a fork of ab 
(http://code.google.com/p/apachebench-standalone/wiki/HowToBuild).

Sorry for the confusion (mine). Please find the attached svn diff for the 
*correct* ab.c and ab.8. 
(http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/support/ab.c and 
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/docs/ab.8).

To recap, I added support for HTTP PUT requests to ab and updated the man page. 
I hope you find the changes useful.

Also, I have inlined the diffs to this email message.

Regards,
Jeff


ndex: support/ab.c
===
--- support/ab.c(revision 808959)
+++ support/ab.c(working copy)
@@ -763,8 +763,10 @@
 if (keepalive)
 printf(Keep-Alive requests:%d\n, doneka);
 printf(Total transferred:  % APR_INT64_T_FMT  bytes\n, totalread);
-if (posting  0)
+if (posting == 1)
 printf(Total POSTed:   % APR_INT64_T_FMT \n, totalposted);
+if (posting == 2)
+printf(Total PUT:  % APR_INT64_T_FMT \n, totalposted);
 printf(HTML transferred:   % APR_INT64_T_FMT  bytes\n, totalbread);

 /* avoid divide by zero */
@@ -1048,10 +1050,14 @@
 printf(tr %sth colspan=2 %sTotal transferred:/th
td colspan=2 %s% APR_INT64_T_FMT  bytes/td/tr\n,
trstring, tdstring, tdstring, totalread);
-if (posting  0)
+if (posting == 1)
 printf(tr %sth colspan=2 %sTotal POSTed:/th
td colspan=2 %s% APR_INT64_T_FMT /td/tr\n,
trstring, tdstring, tdstring, totalposted);
+if (posting == 2)
+printf(tr %sth colspan=2 %sTotal PUT:/th
+   td colspan=2 %s% APR_INT64_T_FMT /td/tr\n,
+   trstring, tdstring, tdstring, totalposted);
 printf(tr %sth colspan=2 %sHTML transferred:/th
td colspan=2 %s% APR_INT64_T_FMT  bytes/td/tr\n,
trstring, tdstring, tdstring, totalbread);
@@ -1606,12 +1612,13 @@
 }
 else {
 snprintf_res = apr_snprintf(request,  sizeof(_request),
-POST %s HTTP/1.0\r\n
+%s %s HTTP/1.0\r\n
 %s %s %s
 Content-length: % APR_SIZE_T_FMT \r\n
 Content-type: %s\r\n
 %s
 \r\n,
+(posting == 1) ? POST : PUT,
 (isproxy) ? fullurl : path,
 keepalive ? Connection: Keep-Alive\r\n : ,
 cookie, auth,
@@ -1623,14 +1630,15 @@
 }

 if (verbosity = 2)
-printf(INFO: POST header == \n---\n%s\n---\n, request);
+printf(INFO: %s header == \n---\n%s\n---\n, 
+(posting == 2) ? PUT : POST, request);

 reqlen = strlen(request);

 /*
  * Combine headers and (optional) post file into one contineous buffer
  */
-if (posting == 1) {
+if (posting = 1) {
 char *buff = malloc(postlen + reqlen + 1);
 if (!buff) {
 fprintf(stderr, error creating request buffer: out of memory\n);
@@ -1831,6 +1839,7 @@
 fprintf(stderr, -t timelimitSeconds to max. wait for 
responses\n);
 fprintf(stderr, -b windowsize   Size of TCP send/receive buffer, in 
bytes\n);
 fprintf(stderr, -p postfile File containing data to POST. 
Remember also to set -T\n);
+fprintf(stderr, -u putfile  File containing data to PUT. Remember 
also to set -T\n);
 fprintf(stderr, -T content-type Content-type header for POSTing, 
eg.\n);
 fprintf(stderr, 
'application/x-www-form-urlencoded'\n);
 fprintf(stderr, Default is 'text/plain'\n);
@@ -2022,7 +2031,7 @@
 #endif

 apr_getopt_init(opt, cntxt, argc, argv);
-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:u:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2047,8 +2056,8 @@
 windowsize = atoi(optarg);
 break;
 case 'i':
-if (posting == 1)
-err(Cannot mix POST and HEAD\n);
+if (posting  0)
+err(Cannot mix POST/PUT and HEAD\n);
 posting = -1;
 break;
 case 'g':
@@ -2073,6 +2082,16 @@
 exit(r);
 }
 break;
+case 'u':
+if (posting != 0)
+err(Cannot mix PUT and HEAD\n);
+if (0 == (r = open_postfile(optarg))) {
+posting = 2;
+}
+else if (postdata) {
+exit(r);
+}
+break;
 case 'r':
 recverrok = 1;
 break;



Index: docs/man/ab.8 
===
--- docs/man/ab.8   (revision 808959)
+++ docs/man/ab.8   (working copy)
@@ -27,7 +27,7

Re: ab

2009-09-04 Thread Graham Leggett

Jeff Barnes wrote:

 Apparently my last submission to the list was a patch for a fork of ab 
 (http://code.google.com/p/apachebench-standalone/wiki/HowToBuild).
 
 Sorry for the confusion (mine). Please find the attached svn diff for the 
 *correct* ab.c and ab.8. 
 (http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/support/ab.c and 
 http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/docs/ab.8).
 
 To recap, I added support for HTTP PUT requests to ab and updated the man 
 page. I hope you find the changes useful.
 
 Also, I have inlined the diffs to this email message.

Would it be possible to open a bugzilla issue for this, and attach the
patch there? This will make sure it doesn't fall through the cracks.

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: ab

2009-08-18 Thread Jeff Barnes

Here is the svn diff for ab to implement PUT requests. I also modified the ab 
man page, but I don't know where to check it out. I can provide the updated man 
page in its entirety or someone could point me to the svn server for it and I 
can send a diff. Or ?

Best regards,
Jeff Barnes

Index: ab.c
===
--- ab.c(revision 18)
+++ ab.c(working copy)
@@ -807,8 +807,10 @@
 if (keepalive)
 printf(Keep-Alive requests:%d\n, doneka);
 printf(Total transferred:  % APR_INT64_T_FMT  bytes\n, totalread);
-if (posting  0)
+if (posting == 1)
 printf(Total POSTed:   % APR_INT64_T_FMT \n, totalposted);
+else if (posting == 2)
+printf(Total PUT:  % APR_INT64_T_FMT \n, totalposted);
 printf(HTML transferred:   % APR_INT64_T_FMT  bytes\n, totalbread);
 
 /* avoid divide by zero */
@@ -1092,10 +1094,14 @@
 printf(tr %sth colspan=2 %sTotal transferred:/th
td colspan=2 %s% APR_INT64_T_FMT  bytes/td/tr\n,
trstring, tdstring, tdstring, totalread);
-if (posting  0)
+if (posting == 1)
 printf(tr %sth colspan=2 %sTotal POSTed:/th
td colspan=2 %s% APR_INT64_T_FMT /td/tr\n,
trstring, tdstring, tdstring, totalposted);
+else if (posting == 2)
+printf(tr %sth colspan=2 %sTotal PUT:/th
+   td colspan=2 %s% APR_INT64_T_FMT /td/tr\n,
+   trstring, tdstring, tdstring, totalposted);
 printf(tr %sth colspan=2 %sHTML transferred:/th
td colspan=2 %s% APR_INT64_T_FMT  bytes/td/tr\n,
trstring, tdstring, tdstring, totalbread);
@@ -1637,7 +1643,7 @@
 keepalive ? Connection: Keep-Alive\r\n : ,
 cookie, auth, hdrs);
 }
-else {
+else if (posting == 1) {
 snprintf_res = apr_snprintf(request,  sizeof(_request),
 POST %s HTTP/1.0\r\n
 %s %s %s
@@ -1651,6 +1657,21 @@
 postlen,
 (content_type[0]) ? content_type : text/plain, hdrs);
 }
+else {
+snprintf_res = apr_snprintf(request,  sizeof(_request),
+PUT %s HTTP/1.0\r\n
+%s %s %s
+Content-length: % APR_SIZE_T_FMT \r\n
+Content-type: %s\r\n
+%s
+\r\n,
+(isproxy) ? fullurl : path,
+keepalive ? Connection: Keep-Alive\r\n : ,
+cookie, auth,
+postlen,
+(content_type[0]) ? content_type : text/plain, hdrs);
+}
+
 if (snprintf_res = sizeof(_request)) {
 err(Request too long\n);
 }
@@ -1663,7 +1684,7 @@
 /*
  * Combine headers and (optional) post file into one contineous buffer
  */
-if (posting == 1) {
+if (posting = 1) {
 char *buff = malloc(postlen + reqlen + 1);
 if (!buff) {
 fprintf(stderr, error creating request buffer: out of memory\n);
@@ -1852,6 +1873,7 @@
 fprintf(stderr, -t timelimitSeconds to max. wait for 
responses\n);
 fprintf(stderr, -b windowsize   Size of TCP send/receive buffer, in 
bytes\n);
 fprintf(stderr, -p postfile File containing data to POST. 
Remember also to set -T\n);
+fprintf(stderr, -u postfile File containing data to PUT. Remember 
also to set -T\n);
 fprintf(stderr, -T content-type Content-type header for POSTing, 
eg.\n);
 fprintf(stderr, 
'application/x-www-form-urlencoded'\n);
 fprintf(stderr, Default is 'text/plain'\n);
@@ -1967,26 +1989,26 @@
 
 rv = apr_file_open(postfd, pfile, APR_READ, APR_OS_DEFAULT, cntxt);
 if (rv != APR_SUCCESS) {
-fprintf(stderr, ab: Could not open POST data file (%s): %s\n, pfile,
+fprintf(stderr, ab: Could not open POST/PUT data file (%s): %s\n, 
pfile,
 apr_strerror(rv, errmsg, sizeof errmsg));
 return rv;
 }
 
 rv = apr_file_info_get(finfo, APR_FINFO_NORM, postfd);
 if (rv != APR_SUCCESS) {
-fprintf(stderr, ab: Could not stat POST data file (%s): %s\n, pfile,
+fprintf(stderr, ab: Could not stat POST/PUT data file (%s): %s\n, 
pfile,
 apr_strerror(rv, errmsg, sizeof errmsg));
 return rv;
 }
 postlen = (apr_size_t)finfo.size;
 postdata = malloc(postlen);
 if (!postdata) {
-fprintf(stderr, ab: Could not allocate POST data buffer\n);
+fprintf(stderr, ab: Could not allocate POST/PUT data buffer\n);
 return APR_ENOMEM;
 }
 rv = apr_file_read_full(postfd, postdata, postlen, NULL);
 if (rv != APR_SUCCESS) {
-fprintf(stderr, ab: Could not read POST data file: %s\n,
+fprintf(stderr, ab: Could not read POST/PUT data file: %s\n,
 apr_strerror(rv, errmsg, sizeof errmsg));
 return rv;
 }
@@ -2045,7 +2067,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);
-while ((status = apr_getopt(opt

ab

2009-08-17 Thread Jeff Barnes

A need arose for my organization to be able to load test web services. I 
modified ab.c to be able to send HTTP PUT requests.

We have been using it for a couple of weeks and it is performing as expected. I 
would be happy to provide the changes (minor, it mimics POST requests).

Would it be appropriate for me to post the svn diff to this list?

Best regards,
Jeff Barnes

Re: ab

2009-08-17 Thread Philip M. Gollucci

Jeff Barnes wrote:
 A need arose for my organization to be able to load test web services. I 
 modified ab.c to be able to send HTTP PUT requests.
 
 We have been using it for a couple of weeks and it is performing as expected. 
 I would be happy to provide the changes (minor, it mimics POST requests).
 
 Would it be appropriate for me to post the svn diff to this list?
 
 Best regards,
 Jeff Barnes
 
 
Please do so.

Re: svn commit: r541138 - in /httpd/httpd/trunk: docs/man/ab.8 docs/manual/programs/ab.html.en docs/manual/programs/ab.xml support/ab.c

2007-05-24 Thread Vincent Bray


On 24/05/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

Author: sctemme
Date: Wed May 23 19:19:04 2007
New Revision: 541138


Thanks Sander,

I subscribed to the httpd-cvs list (as linked to from the httpd site)
three days ago but haven't seen any commits. Is that list still
active? I got the hi, welcome to the list email so I guess my signup
was ok..

--
noodl

Re: svn commit: r541138 - in /httpd/httpd/trunk: docs/man/ab.8 docs/manual/programs/ab.html.en docs/manual/programs/ab.xml support/ab.c

2007-05-24 Thread Sander Temme



On May 23, 2007, at 11:49 PM, Vincent Bray wrote:


On 24/05/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

Author: sctemme
Date: Wed May 23 19:19:04 2007
New Revision: 541138


Thanks Sander,

I subscribed to the httpd-cvs list (as linked to from the httpd site)
three days ago but haven't seen any commits. Is that list still
active? I got the hi, welcome to the list email so I guess my signup
was ok..


You must be on the right list, because that's where you saw the  
commit message you're quoting.  It's [EMAIL PROTECTED], but perhaps httpd- 
cvs still works... don't know.


S.

--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



smime.p7s
Description: S/MIME cryptographic signature

Re: Small patch to ab apr_socket_recv error handling

2007-03-08 Thread Filip Hanik - Dev Lists

if you want, you can commit this, the error counters are all over the 
place and not really correct.

So I'm gonna keep improving ab to return the correct error stats.

Filip

Filip Hanik - Dev Lists wrote:

ok, Jeff's feedback has been incorporated into this patch.

Filip

Jeff Trawick wrote:

On 3/2/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

is the patch below looking good?
does it need adjustments?
do I need to follow a different process?

Filip

Filip Hanik - Dev Lists wrote:
 ok, final patch, this one also adds in Content-Length: 0 when keep
 alive is used.
 somehow, most containers will not do keep alive unless there is a
 content length header.




Index: ab.c
===
--- ab.c(revision 515860)
+++ ab.c(working copy)
@@ -258,6 +258,7 @@
 /* - GLOBALS  */
 
 int verbosity = 0;  /* no verbosity by default */

+int recverrok = 0;  /* ok to proceed after socket receive errors */
 int posting = 0;/* GET by default */
 int requests = 1;   /* Number of requests to make */
 int heartbeatres = 100; /* How often do we say we're alive */
@@ -317,7 +318,7 @@
 #endif
 
 /* store error cases */

-int err_length = 0, err_conn = 0, err_except = 0;
+int err_length = 0, err_conn = 0, err_recv = 0, err_except = 0;
 int err_response = 0;
 
 apr_time_t start, endtime;

@@ -760,8 +761,8 @@
 printf(Complete requests:  %ld\n, done);
 printf(Failed requests:%ld\n, bad);
 if (bad)
-printf(   (Connect: %d, Length: %d, Exceptions: %d)\n,
-err_conn, err_length, err_except);
+printf(   (Connect: %d, Receive: %d, Length: %d, Exceptions: %d)\n,
+err_conn, err_recv, err_length, err_except);
 printf(Write errors:   %ld\n, epipe);
 if (err_response)
 printf(Non-2xx responses:  %d\n, err_response);
@@ -1329,10 +1330,18 @@
 }
 /* catch legitimate fatal apr_socket_recv errors */
 else if (status != APR_SUCCESS) {
-err_except++; /* XXX: is this the right error counter? */
-/* XXX: Should errors here be fatal, or should we allow a
- * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+err_recv++;
+if (recverrok) {
+bad++;
+close_connection(c);
+if ( verbosity = 1 ) {
+char buf[120];
+fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
+}
+return;
+} else {
+apr_err(apr_socket_recv, status);
+}
 }
 }
 
@@ -1819,6 +1828,7 @@

 fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
 fprintf(stderr, -g filename Output collected data to gnuplot format 
file.\n);
 fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
+fprintf(stderr, -r  Don't exit on socket receive 
errors.\n);
 fprintf(stderr, -h  Display usage information (this 
message)\n);
 #ifdef USE_SSL
 fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl 
ciphers)\n);
@@ -1981,7 +1991,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);

-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2032,6 +2042,9 @@
 exit(r);
 }
 break;
+case 'r':
+recverrok = 1;
+break;
 case 'v':
 verbosity = atoi(optarg);
 break;
  



No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.7/712 - Release Date: 3/6/2007 3:42 PM

Re: Small patch to ab apr_socket_recv error handling

2007-03-08 Thread Jeff Trawick


On 3/7/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

ok, Jeff's feedback has been incorporated into this patch.


Could you post the patch again as an attachment?  Some whitespace
oddity is making it hard to apply for me.

Thanks!

Re: Small patch to ab apr_socket_recv error handling

2007-03-08 Thread Filip Hanik - Dev Lists

it is an attachment, chances are your mail reader is expanding it into 
your viewing window

but you can also get it here

http://www.hanik.com/fix-ab-recv-error.patch

Filip

Jeff Trawick wrote:

On 3/7/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

ok, Jeff's feedback has been incorporated into this patch.


Could you post the patch again as an attachment?  Some whitespace
oddity is making it hard to apply for me.

Thanks!

Re: Small patch to ab apr_socket_recv error handling

2007-03-08 Thread Jeff Trawick


On 3/8/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

it is an attachment, chances are your mail reader is expanding it into
your viewing window
but you can also get it here

http://www.hanik.com/fix-ab-recv-error.patch


thanks; committed to trunk

Re: Small patch to ab apr_socket_recv error handling

2007-03-07 Thread Filip Hanik - Dev Lists


ok, Jeff's feedback has been incorporated into this patch.

Filip

Jeff Trawick wrote:

On 3/2/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

is the patch below looking good?
does it need adjustments?
do I need to follow a different process?

Filip

Filip Hanik - Dev Lists wrote:
 ok, final patch, this one also adds in Content-Length: 0 when keep
 alive is used.
 somehow, most containers will not do keep alive unless there is a
 content length header.


Index: ab.c
===
--- ab.c(revision 515860)
+++ ab.c(working copy)
@@ -258,6 +258,7 @@
 /* - GLOBALS  */
 
 int verbosity = 0;  /* no verbosity by default */
+int recverrok = 0;  /* ok to proceed after socket receive errors */
 int posting = 0;/* GET by default */
 int requests = 1;   /* Number of requests to make */
 int heartbeatres = 100; /* How often do we say we're alive */
@@ -317,7 +318,7 @@
 #endif
 
 /* store error cases */
-int err_length = 0, err_conn = 0, err_except = 0;
+int err_length = 0, err_conn = 0, err_recv = 0, err_except = 0;
 int err_response = 0;
 
 apr_time_t start, endtime;
@@ -760,8 +761,8 @@
 printf(Complete requests:  %ld\n, done);
 printf(Failed requests:%ld\n, bad);
 if (bad)
-printf(   (Connect: %d, Length: %d, Exceptions: %d)\n,
-err_conn, err_length, err_except);
+printf(   (Connect: %d, Receive: %d, Length: %d, Exceptions: %d)\n,
+err_conn, err_recv, err_length, err_except);
 printf(Write errors:   %ld\n, epipe);
 if (err_response)
 printf(Non-2xx responses:  %d\n, err_response);
@@ -1329,10 +1330,18 @@
 }
 /* catch legitimate fatal apr_socket_recv errors */
 else if (status != APR_SUCCESS) {
-err_except++; /* XXX: is this the right error counter? */
-/* XXX: Should errors here be fatal, or should we allow a
- * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+err_recv++;
+if (recverrok) {
+bad++;
+close_connection(c);
+if ( verbosity = 1 ) {
+char buf[120];
+fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
+}
+return;
+} else {
+apr_err(apr_socket_recv, status);
+}
 }
 }
 
@@ -1819,6 +1828,7 @@
 fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
 fprintf(stderr, -g filename Output collected data to gnuplot 
format file.\n);
 fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
+fprintf(stderr, -r  Don't exit on socket receive 
errors.\n);
 fprintf(stderr, -h  Display usage information (this 
message)\n);
 #ifdef USE_SSL
 fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See 
openssl ciphers)\n);
@@ -1981,7 +1991,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);
-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2032,6 +2042,9 @@
 exit(r);
 }
 break;
+case 'r':
+recverrok = 1;
+break;
 case 'v':
 verbosity = atoi(optarg);
 break;

Re: Small patch to ab apr_socket_recv error handling

2007-03-03 Thread Jeff Trawick


On 3/2/07, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote:

is the patch below looking good?
does it need adjustments?
do I need to follow a different process?

Filip

Filip Hanik - Dev Lists wrote:
 ok, final patch, this one also adds in Content-Length: 0 when keep
 alive is used.
 somehow, most containers will not do keep alive unless there is a
 content length header.


That sounds very odd.  Regardless, the important point for now is that
we don't want to combine two unrelated changes in one patch/commit.
The point of the patch on this discussion thread is to recover from
socket receive errors, so the patch under review/revision shouldn't
try to accomplish anything else.


 Index: ab.c
 ===
 --- ab.c  (revision 511976)
 +++ ab.c  (working copy)
 @@ -258,6 +258,7 @@
  /* - GLOBALS  */

  int verbosity = 0;  /* no verbosity by default */
 +int recverrok = 0;
  int posting = 0;/* GET by default */
  int requests = 1;   /* Number of requests to make */
  int heartbeatres = 100; /* How often do we say we're alive */
 @@ -1330,9 +1331,19 @@
  /* catch legitimate fatal apr_socket_recv errors */
  else if (status != APR_SUCCESS) {
  err_except++; /* XXX: is this the right error counter? */
 -/* XXX: Should errors here be fatal, or should we allow a
 - * certain number of them before completely failing? -aaron */
 -apr_err(apr_socket_recv, status);
 +if ( recverrok ) {


no spaces around recverrok; should be

if (recverrok) {


 +bad++;
 +close_connection(c);
 +if ( verbosity = 1 ) {
 +char buf[120];
 +fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
 +}
 +return;
 +} else {
 +/* XXX: Should errors here be fatal, or should we allow a
 + * certain number of them before completely failing? -aaron 
*/


IMO that comment can die now because of this patch.


 +apr_err(apr_socket_recv, status);


It would be nice to slip in a message such as Use the -r option to
continue after socket receive errors. but I don't see a trivial way
to add that in the natural message order (first the description of
what wrong, next the hint about how to take a different action when
that occurs).  Punt for now unless you can think of a way to implement
that without butchering existing subroutines.


 +}
  }
  }

 @@ -1559,7 +1570,7 @@
  (posting == 0) ? GET : HEAD,
  (isproxy) ? fullurl : path,
  AP_AB_BASEREVISION,
 -keepalive ? Connection: Keep-Alive\r\n : ,
 +keepalive ? Connection: Keep-Alive\r\nContent-Length: 0\r\n : 
,


zap this part of the patch for now; start a discussion on that
separate issue after this patch is finished/committed


  cookie, auth, host_field, colonhost, hdrs);
  }
  else {
 @@ -1819,6 +1830,7 @@
  fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
  fprintf(stderr, -g filename Output collected data to gnuplot format 
file.\n);
  fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
 +fprintf(stderr, -r  Don't exit on apr_socket_recv 
errors.\n);


IMO the usage statement should refer to socket receive errors, not
the name of a library function


  fprintf(stderr, -h  Display usage information (this 
message)\n);
  #ifdef USE_SSL
  fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See 
openssl ciphers)\n);
 @@ -1981,7 +1993,7 @@
  #endif

  apr_getopt_init(opt, cntxt, argc, argv);
 -while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
 +while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
  #ifdef USE_SSL
  Z:f:
  #endif
 @@ -2032,6 +2044,9 @@
  exit(r);
  }
  break;
 +case 'r':
 +recverrok = 1;
 +break;
  case 'v':
  verbosity = atoi(optarg);
  break;


bad and err_except are incremented when a receive error occurs.
Previously, that wasn't so interesting since ab aborted immediately.
IMO it is worthwhile to have a separate counter.

  if (bad)
   printf(   (Connect: %d, Receive: %d, Length: %d, Exceptions: %d)\n,
   err_conn, err_recv, err_length, err_except);

Thanks!

Re: Small patch to ab apr_socket_recv error handling

2007-03-02 Thread Filip Hanik - Dev Lists


is the patch below looking good?
does it need adjustments?
do I need to follow a different process?

Filip

Filip Hanik - Dev Lists wrote:
ok, final patch, this one also adds in Content-Length: 0 when keep 
alive is used.
somehow, most containers will not do keep alive unless there is a 
content length header.


Filip

Filip Hanik - Dev Lists wrote:

hi Aaron,
I added in the -r command line options, to not exit out on 
apr_socket_recv errors.

Patch attached

Filip





Index: ab.c
===
--- ab.c(revision 511976)
+++ ab.c(working copy)
@@ -258,6 +258,7 @@
 /* - GLOBALS  */
 
 int verbosity = 0;  /* no verbosity by default */

+int recverrok = 0;
 int posting = 0;/* GET by default */
 int requests = 1;   /* Number of requests to make */
 int heartbeatres = 100; /* How often do we say we're alive */
@@ -1330,9 +1331,19 @@
 /* catch legitimate fatal apr_socket_recv errors */
 else if (status != APR_SUCCESS) {
 err_except++; /* XXX: is this the right error counter? */
-/* XXX: Should errors here be fatal, or should we allow a
- * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+if ( recverrok ) {
+bad++;
+close_connection(c);
+if ( verbosity = 1 ) {
+char buf[120];
+fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
+}
+return;
+} else {
+/* XXX: Should errors here be fatal, or should we allow a
+ * certain number of them before completely failing? -aaron */
+apr_err(apr_socket_recv, status);
+}
 }
 }
 
@@ -1559,7 +1570,7 @@

 (posting == 0) ? GET : HEAD,
 (isproxy) ? fullurl : path,
 AP_AB_BASEREVISION,
-keepalive ? Connection: Keep-Alive\r\n : ,
+keepalive ? Connection: Keep-Alive\r\nContent-Length: 0\r\n : ,
 cookie, auth, host_field, colonhost, hdrs);
 }
 else {
@@ -1819,6 +1830,7 @@
 fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
 fprintf(stderr, -g filename Output collected data to gnuplot format 
file.\n);
 fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
+fprintf(stderr, -r  Don't exit on apr_socket_recv 
errors.\n);
 fprintf(stderr, -h  Display usage information (this 
message)\n);
 #ifdef USE_SSL
 fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl 
ciphers)\n);
@@ -1981,7 +1993,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);

-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2032,6 +2044,9 @@
 exit(r);
 }
 break;
+case 'r':
+recverrok = 1;
+break;
 case 'v':
 verbosity = atoi(optarg);
 break;
  



No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date: 2/27/2007 3:24 
PM

Re: Small patch to ab apr_socket_recv error handling

2007-02-28 Thread Filip Hanik - Dev Lists

ok, final patch, this one also adds in Content-Length: 0 when keep alive 
is used.
somehow, most containers will not do keep alive unless there is a 
content length header.


Filip

Filip Hanik - Dev Lists wrote:

hi Aaron,
I added in the -r command line options, to not exit out on 
apr_socket_recv errors.

Patch attached

Filip



Index: ab.c
===
--- ab.c(revision 511976)
+++ ab.c(working copy)
@@ -258,6 +258,7 @@
 /* - GLOBALS  */
 
 int verbosity = 0;  /* no verbosity by default */
+int recverrok = 0;
 int posting = 0;/* GET by default */
 int requests = 1;   /* Number of requests to make */
 int heartbeatres = 100; /* How often do we say we're alive */
@@ -1330,9 +1331,19 @@
 /* catch legitimate fatal apr_socket_recv errors */
 else if (status != APR_SUCCESS) {
 err_except++; /* XXX: is this the right error counter? */
-/* XXX: Should errors here be fatal, or should we allow a
- * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+if ( recverrok ) {
+bad++;
+close_connection(c);
+if ( verbosity = 1 ) {
+char buf[120];
+fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
+}
+return;
+} else {
+/* XXX: Should errors here be fatal, or should we allow a
+ * certain number of them before completely failing? -aaron */
+apr_err(apr_socket_recv, status);
+}
 }
 }
 
@@ -1559,7 +1570,7 @@
 (posting == 0) ? GET : HEAD,
 (isproxy) ? fullurl : path,
 AP_AB_BASEREVISION,
-keepalive ? Connection: Keep-Alive\r\n : ,
+keepalive ? Connection: Keep-Alive\r\nContent-Length: 0\r\n : ,
 cookie, auth, host_field, colonhost, hdrs);
 }
 else {
@@ -1819,6 +1830,7 @@
 fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
 fprintf(stderr, -g filename Output collected data to gnuplot 
format file.\n);
 fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
+fprintf(stderr, -r  Don't exit on apr_socket_recv 
errors.\n);
 fprintf(stderr, -h  Display usage information (this 
message)\n);
 #ifdef USE_SSL
 fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See 
openssl ciphers)\n);
@@ -1981,7 +1993,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);
-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2032,6 +2044,9 @@
 exit(r);
 }
 break;
+case 'r':
+recverrok = 1;
+break;
 case 'v':
 verbosity = atoi(optarg);
 break;

Re: Small patch to ab apr_socket_recv error handling

2007-02-27 Thread Aaron Bannert

Apache shouldn't be prematurely disconnecting sockets in the middle
of a response unless there is a serious problem (Eg. the Apache
child process is crashing). Could you describe how to reproduce this?

As for the patch, could you make this configurable with a command-line
option? That way the current functionality can stay default (meaning,
all recv() errors are fatal) and for those circumstances where the
user knows that there is some network-level or Apache-level problem
causing intermittent recv() errors, they can still get performance
results out of AB.

-aaron


On Mon, Feb 26, 2007 at 01:06:14PM -0700, Filip Hanik - Dev Lists wrote:
 I've created a small patch that lets ab continue even if it encounters 
 an error on apr_socket_recv
 
 quite commonly, when servers are overloaded they disconnect the socket, 
 ab receives a 104 (connection reset by peer) and the ab test exits.
 
 This patch logs the error, both counters correctly, cleans up the 
 connection and continues.
 
 thoughts?
 
 Filip

 Index: ab.c
 ===
 --- ab.c  (revision 511976)
 +++ ab.c  (working copy)
 @@ -1332,7 +1332,10 @@
  err_except++; /* XXX: is this the right error counter? */
  /* XXX: Should errors here be fatal, or should we allow a
   * certain number of them before completely failing? -aaron */
 -apr_err(apr_socket_recv, status);
 +//apr_err(apr_socket_recv, status);
 +bad++;
 +close_connection(c);
 +return;
  }
  }

Re: Small patch to ab apr_socket_recv error handling

2007-02-27 Thread Filip Hanik - Dev Lists


hi Aaron,
I added in the -r command line options, to not exit out on 
apr_socket_recv errors.

Patch attached

Filip

Aaron Bannert wrote:

Apache shouldn't be prematurely disconnecting sockets in the middle
of a response unless there is a serious problem (Eg. the Apache
child process is crashing). Could you describe how to reproduce this?

As for the patch, could you make this configurable with a command-line
option? That way the current functionality can stay default (meaning,
all recv() errors are fatal) and for those circumstances where the
user knows that there is some network-level or Apache-level problem
causing intermittent recv() errors, they can still get performance
results out of AB.

-aaron
  


Index: ab.c
===
--- ab.c(revision 511976)
+++ ab.c(working copy)
@@ -258,6 +258,7 @@
 /* - GLOBALS  */
 
 int verbosity = 0;  /* no verbosity by default */
+int recverrok = 0;
 int posting = 0;/* GET by default */
 int requests = 1;   /* Number of requests to make */
 int heartbeatres = 100; /* How often do we say we're alive */
@@ -1330,9 +1331,19 @@
 /* catch legitimate fatal apr_socket_recv errors */
 else if (status != APR_SUCCESS) {
 err_except++; /* XXX: is this the right error counter? */
-/* XXX: Should errors here be fatal, or should we allow a
- * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+if ( recverrok ) {
+bad++;
+close_connection(c);
+if ( verbosity = 1 ) {
+char buf[120];
+fprintf(stderr,%s: %s (%d)\n,apr_socket_recv, 
apr_strerror(status, buf, sizeof buf), status);
+}
+return;
+} else {
+/* XXX: Should errors here be fatal, or should we allow a
+ * certain number of them before completely failing? -aaron */
+apr_err(apr_socket_recv, status);
+}
 }
 }
 
@@ -1819,6 +1830,7 @@
 fprintf(stderr, -S  Do not show confidence estimators and 
warnings.\n);
 fprintf(stderr, -g filename Output collected data to gnuplot 
format file.\n);
 fprintf(stderr, -e filename Output CSV file with percentages 
served\n);
+fprintf(stderr, -r  Don't exit on apr_socket_recv 
errors.\n);
 fprintf(stderr, -h  Display usage information (this 
message)\n);
 #ifdef USE_SSL
 fprintf(stderr, -Z ciphersuite  Specify SSL/TLS cipher suite (See 
openssl ciphers)\n);
@@ -1981,7 +1993,7 @@
 #endif
 
 apr_getopt_init(opt, cntxt, argc, argv);
-while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
+while ((status = apr_getopt(opt, 
n:c:t:b:T:p:v:rkVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
 Z:f:
 #endif
@@ -2032,6 +2044,9 @@
 exit(r);
 }
 break;
+case 'r':
+recverrok = 1;
+break;
 case 'v':
 verbosity = atoi(optarg);
 break;

Small patch to ab apr_socket_recv error handling

2007-02-26 Thread Filip Hanik - Dev Lists

I've created a small patch that lets ab continue even if it encounters 
an error on apr_socket_recv


quite commonly, when servers are overloaded they disconnect the socket, 
ab receives a 104 (connection reset by peer) and the ab test exits.


This patch logs the error, both counters correctly, cleans up the 
connection and continues.


thoughts?

Filip
Index: ab.c
===
--- ab.c(revision 511976)
+++ ab.c(working copy)
@@ -1332,7 +1332,10 @@
 err_except++; /* XXX: is this the right error counter? */
 /* XXX: Should errors here be fatal, or should we allow a
  * certain number of them before completely failing? -aaron */
-apr_err(apr_socket_recv, status);
+//apr_err(apr_socket_recv, status);
+bad++;
+close_connection(c);
+return;
 }
 }

Re: [PATCH] SSL patch for ab (ApacheBench)

2005-05-17 Thread Joe Orton

On Wed, May 11, 2005 at 10:37:17PM +0900, Masaoki Kobayashi wrote:
 This is a patch for the version of ab on the trunk.
 In this version of ab, HAVE_OPENSSL controls if I
 have OpenSSL.  I conformed to the way although I
 did not checked the case of HAVE_SSLC.

Thanks a lot, and sorry for the slow follow-up.  I committed this with a
few style fixes and also adding better handling of SSL_read errors in
read_connect().

Regards,

joe

Re: [PATCH] SSL patch for ab (ApacheBench)

2005-05-11 Thread Masaoki Kobayashi

This is a patch for the version of ab on the trunk.
In this version of ab, HAVE_OPENSSL controls if I
have OpenSSL.  I conformed to the way although I
did not checked the case of HAVE_SSLC.
There has also been small more fixes.
1. The resulting shared key bit length is now the
  number of effective bits.
2. Now ab does not dump core in case of SSL handshake
  error.
Later, I will also submit the above changes for the
original 2.0.54 patch.
--
Masaoki Kobayashi
[EMAIL PROTECTED]
--- ab.c.org2005-05-11 13:32:42.263557000 +0900
+++ ab.c2005-05-11 21:05:19.95778 +0900
@@ -164,6 +164,9 @@
 #include sslc.h
 #define USE_SSL
 #define RSAREF
+#define SK_NUM(x) sk_num(x)
+#define SK_VALUE(x,y) sk_value(x,y)
+typedef STACK X509_STACK_TYPE;
 
 #elif defined(HAVE_OPENSSL)
 
@@ -176,6 +179,9 @@
 #include openssl/ssl.h
 #include openssl/rand.h
 #define USE_SSL
+#define SK_NUM(x) sk_X509_num(x)
+#define SK_VALUE(x,y) sk_X509_value(x,y)
+typedef STACK_OF(X509) X509_STACK_TYPE;
 
 #endif
 
@@ -232,9 +238,6 @@
 };
 
 struct data {
-#ifdef USE_SSL
-/*  insert SSL timings */
-#endif
 int read;  /* number of bytes read */
 apr_time_t starttime;  /* start time of connection in seconds since
 * Jan. 1, 1970 */
@@ -301,10 +304,11 @@
 long epipe = 0; /* number of broken pipe writes */
 
 #ifdef USE_SSL
-int ssl = 0;
-SSL_CTX *ctx;
+int is_ssl;
+SSL_CTX *ssl_ctx;
+char *ssl_cipher = NULL;
+char *ssl_info = NULL;
 BIO *bio_out,*bio_err;
-static void write_request(struct connection * c);
 #endif
 
 /* store error cases */
@@ -336,7 +340,24 @@
 apr_xlate_t *from_ascii, *to_ascii;
 #endif
 
+static void err(char *s);
+static void apr_err(char *s, apr_status_t rv);
+static void write_request(struct connection * c);
+static int compradre(struct data * a, struct data * b);
+static int comprando(struct data * a, struct data * b);
+static int compri(struct data * a, struct data * b);
+static int compwait(struct data * a, struct data * b);
+static void output_results(void);
+static void output_html_results(void);
+static void start_connect(struct connection * c);
 static void close_connection(struct connection * c);
+static void read_connection(struct connection * c);
+static void test(void);
+static void copyright(void);
+static void usage(const char *progname);
+static int parse_url(char *url);
+static int open_postfile(const char *pfile);
+
 /* - */
 
 /* simple little function to write an error string and exit */
@@ -363,74 +384,6 @@
 exit(rv);
 }
 
-#if defined(USE_SSL)  USE_THREADS
-/*
- * To ensure thread-safetyness in OpenSSL - work in progress
- */
-
-static apr_thread_mutex_t **lock_cs;
-static int  lock_num_locks;
-
-static void ssl_util_thr_lock(int mode, int type,
-  const char *file, int line)
-{
-if (type  lock_num_locks) {
-if (mode  CRYPTO_LOCK) {
-apr_thread_mutex_lock(lock_cs[type]);
-}
-else {
-apr_thread_mutex_unlock(lock_cs[type]);
-}
-}
-}
-
-static unsigned long ssl_util_thr_id(void)
-{
-/* OpenSSL needs this to return an unsigned long.  On OS/390, the pthread 
- * id is a structure twice that big.  Use the TCB pointer instead as a 
- * unique unsigned long.
- */
-#ifdef __MVS__
-struct PSA {
-char unmapped[540];
-unsigned long PSATOLD;
-} *psaptr = 0;
-
-return psaptr-PSATOLD;
-#else
-return (unsigned long) apr_os_thread_current();
-#endif
-}
-
-static apr_status_t ssl_util_thread_cleanup(void *data)
-{
-CRYPTO_set_locking_callback(NULL);
-
-/* Let the registered mutex cleanups do their own thing 
- */
-return APR_SUCCESS;
-}
-
-void ssl_util_thread_setup(apr_pool_t *p)
-{
-int i;
-
-lock_num_locks = CRYPTO_num_locks();
-lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
-
-for (i = 0; i  lock_num_locks; i++) {
-apr_thread_mutex_create((lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
-}
-
-CRYPTO_set_id_callback(ssl_util_thr_id);
-
-CRYPTO_set_locking_callback(ssl_util_thr_lock);
-
-apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup,
-   apr_pool_cleanup_null);
-}
-#endif
-
 /* - */
 /* write out request to a connection - assumes we can write
  * (small) request out in one go into our new socket buffer
@@ -460,6 +413,24 @@
 return(ret);
 }
 
+static void ssl_state_cb(const SSL *s, int w, int r)
+{
+if (w  SSL_CB_ALERT) {
+   BIO_printf(bio_err, SSL/TLS Alert [%s] %s:%s\n,
+   (w  SSL_CB_READ ? read : write),
+SSL_alert_type_string_long(r),
+SSL_alert_desc_string_long(r));
+} else if (w  SSL_CB_LOOP) {
+   BIO_printf(bio_err, SSL/TLS State [%s] %s\n,
+   (SSL_in_connect_init((SSL*)s) ? connect

Re: [PATCH] SSL patch for ab (ApacheBench)

2005-05-11 Thread Masaoki Kobayashi

This is a second patch to ab in 2.0.54 package.
It fixes the things below against the first patch.
1. The resulting shared key bit length is now the
  number of effective bits.
2. Now ab does not dump core in case of SSL handshake
  error.
--
Masaoki Kobayashi
[EMAIL PROTECTED]
--- ab.c.org2005-05-08 23:36:00.0 +0900
+++ ab.c2005-05-11 20:47:00.0 +0900
@@ -91,7 +91,7 @@
  * ab - or to due to a change in the distribution it is compiled with 
  * (such as an APR change in for example blocking).
  */
-#define AP_AB_BASEREVISION 2.0.41-dev-ssl-patch
+#define AP_AB_BASEREVISION 2.0.41-dev-ssl-patch-2
 
 /*
  * BUGS:
@@ -548,10 +548,10 @@
if (ssl_info == NULL) {
SSL_CIPHER *ci;
X509 *cert;
-   int sk_bits, pk_bits;
+   int sk_bits, pk_bits, swork;
 
ci = SSL_get_current_cipher(c-ssl);
-   SSL_CIPHER_get_bits(ci, sk_bits);
+   sk_bits = SSL_CIPHER_get_bits(ci, swork);
cert = SSL_get_peer_certificate(c-ssl);
if (cert)
pk_bits = EVP_PKEY_bits(X509_get_pubkey(cert));
@@ -586,6 +586,7 @@
BIO_printf(bio_err, SSL handshake failed (%d).\n, ecode);
ERR_print_errors(bio_err);
close_connection(c);
+   do_next = 0;
break;
}
 }
@@ -723,7 +724,7 @@
 printf(Server Hostname:%s\n, hostname);
 printf(Server Port:%hd\n, port);
 #ifdef AB_USE_SSL
-if (is_ssl)
+if (is_ssl  ssl_info)
 printf(SSL/TLS Protocol:   %s\n, ssl_info);
 #endif
 printf(\n);
@@ -1697,7 +1698,7 @@
 if (!use_html) {
printf(This is ApacheBench, Version %s\n, AP_AB_BASEREVISION  
$Revision: 1.121.2.12 $ apache-2.0);
printf(Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, 
http://www.zeustech.net/\n;);
-   printf(Copyright (c) 1998-2002 The Apache Software Foundation, 
http://www.apache.org/\n;);
+   printf(Copyright (c) 1998-2005 The Apache Software Foundation, 
http://www.apache.org/\n;);
printf(\n);
 }
 else {

Re: [PATCH] SSL patch for ab (ApacheBench)

2005-05-10 Thread Joe Orton

On Tue, May 10, 2005 at 02:13:47PM +0900, Masaoki Kobayashi wrote:
 This patch modifies the support/ab.c to handle SSL/TLS
 properly.

This looks really wonderful, thanks a lot for submitting this.  Is there
any chance that you can rediff this against the version of ab on the
trunk?

http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/ab.c

(there are many conflicts when applying your patch to that)

 The current implementation in 2.0.54 seems to be broken
 because it dumps core when I compile it with -DUSE_SSL.
 Even when I go back to 2.0.39, it still has many problems.

The trunk already fixed some of the simpler issues fixed there but not
the more fundamental stuff you mention.  It would be great to get your
fixes in but it needs to be merged to the trunk first.

Regards,

joe

Re: [PATCH] SSL patch for ab (ApacheBench)

2005-05-10 Thread Masaoki Kobayashi

OK.  It seems not so hard to apply those changes to
the one on trunk.  I will make the patch in a few
days.
When I give SSL stress to apache httpd 2.0.54 with
the new ab, the SSL connections at the httpd will
be unstable.  I believe there should be a problem
around the SSL session cache as dbm.  The httpd is
really stable when SSL session cache is shmcb.
It may be a problem of dbm library on solaris 10.
Joe Orton wrote:
This looks really wonderful, thanks a lot for submitting this.  Is there
any chance that you can rediff this against the version of ab on the
trunk?
http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/ab.c
(there are many conflicts when applying your patch to that)
--
Masaoki Kobayashi
[EMAIL PROTECTED]

[PATCH] SSL patch for ab (ApacheBench)

2005-05-09 Thread Masaoki Kobayashi

This patch modifies the support/ab.c to handle SSL/TLS
properly.
The current implementation in 2.0.54 seems to be broken
because it dumps core when I compile it with -DUSE_SSL.
Even when I go back to 2.0.39, it still has many problems.
i.e.
- Asynchronous I/O does not work with SSL, which means
 only one slow connection prevents all other concurrent
 connections from proceeding.
- It sleeps one second for each SSL connections during
 SSL handshake.
- SIGSEGV occurs with -v 4 because of the buffer
 overflow inside ssl_print_cert_info().
- Cannot specify either protocol version or cipher suites.
This patch makes ab work with asynchronous I/O even in
SSL/TLS, while it introduces 2 more options for SSL/TLS.
 -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl ciphers)
 -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)
 Example:
   ab -f SSL3 -Z DES-CBC3-SHA -n 1000 -c 100 https://server/
This patch also includes the modification for configure.in
to set -DAB_USE_SSL automatically when you configure
apache with --enable-ssl.  You have to run buildconf
after applying this patch, of course.
--
Masaoki Kobayashi
[EMAIL PROTECTED]
diff -urN httpd-2.0.54/configure.in httpd-2.0.54-ab-ssl-patch/configure.in
--- httpd-2.0.54/configure.in   2005-03-30 20:00:06.0 +0900
+++ httpd-2.0.54-ab-ssl-patch/configure.in  2005-05-08 23:36:00.0 
+0900
@@ -395,6 +395,10 @@
 APACHE_SUBST(SHLIBPATH_VAR)
 APACHE_SUBST(OS_SPECIFIC_VARS)
 
+if test $enable_ssl != no; then
+  APR_ADDTO(DEFS, -DAB_USE_SSL)
+fi
+
 PRE_SHARED_CMDS='echo '
 POST_SHARED_CMDS='echo '
 
diff -urN httpd-2.0.54/support/ab.c httpd-2.0.54-ab-ssl-patch/support/ab.c
--- httpd-2.0.54/support/ab.c   2005-02-05 05:21:18.0 +0900
+++ httpd-2.0.54-ab-ssl-patch/support/ab.c  2005-05-08 23:36:00.0 
+0900
@@ -91,7 +91,7 @@
  * ab - or to due to a change in the distribution it is compiled with 
  * (such as an APR change in for example blocking).
  */
-#define AP_AB_BASEREVISION 2.0.41-dev
+#define AP_AB_BASEREVISION 2.0.41-dev-ssl-patch
 
 /*
  * BUGS:
@@ -144,7 +144,7 @@
 #if APR_HAVE_STDLIB_H
 #include stdlib.h
 
-#ifdef USE_SSL
+#ifdef AB_USE_SSL
 #if ((!(RSAREF))  (!(SYSSSL)))
 /* Libraries on most systems.. */
 #include openssl/rsa.h
@@ -154,6 +154,15 @@
 #include openssl/err.h
 #include openssl/ssl.h
 #include openssl/rand.h
+#ifdef RSAREF
+typedef STACK X509_STACK_TYPE;
+#   define SK_NUM(x) sk_num(x)
+#   define SK_VALUE(x,y) sk_value(x,y)
+#else
+typedef STACK_OF(X509) X509_STACK_TYPE;
+#   define SK_NUM(x) sk_X509_num(x)
+#   define SK_VALUE(x,y) sk_X509_value(x,y)
+#endif
 #else
 /* Libraries for RSAref and SYSSSL */
 #include rsa.h
@@ -214,15 +223,12 @@
done;   /* Connection closed */
 
 int socknum;
-#ifdef USE_SSL
+#ifdef AB_USE_SSL
 SSL *ssl;
 #endif
 };
 
 struct data {
-#ifdef USE_SSL
-/*  insert SSL timings */
-#endif
 int read;  /* number of bytes read */
 apr_time_t starttime;  /* start time of connection in seconds since
 * Jan. 1, 1970 */
@@ -288,10 +294,12 @@
 long good = 0, bad = 0;/* number of good and bad requests */
 long epipe = 0;/* number of broken pipe writes */
 
-#ifdef USE_SSL
-int ssl = 0;
-SSL_CTX *ctx;
-BIO *bio_out,*bio_err;
+#ifdef AB_USE_SSL
+int is_ssl;
+SSL_CTX *ssl_ctx;
+char *ssl_cipher = NULL;
+char *ssl_info = NULL;
+BIO *bio_out, *bio_err;
 static void write_request(struct connection * c);
 #endif
 
@@ -351,81 +359,13 @@
 exit(rv);
 }
 
-#if defined(USE_SSL)  USE_THREADS
-/*
- * To ensure thread-safetyness in OpenSSL - work in progress
- */
-
-static apr_thread_mutex_t **lock_cs;
-static int  lock_num_locks;
-
-static void ssl_util_thr_lock(int mode, int type,
-  const char *file, int line)
-{
-if (type  lock_num_locks) {
-if (mode  CRYPTO_LOCK) {
-apr_thread_mutex_lock(lock_cs[type]);
-}
-else {
-apr_thread_mutex_unlock(lock_cs[type]);
-}
-}
-}
-
-static unsigned long ssl_util_thr_id(void)
-{
-/* OpenSSL needs this to return an unsigned long.  On OS/390, the pthread 
- * id is a structure twice that big.  Use the TCB pointer instead as a 
- * unique unsigned long.
- */
-#ifdef __MVS__
-struct PSA {
-char unmapped[540];
-unsigned long PSATOLD;
-} *psaptr = 0;
-
-return psaptr-PSATOLD;
-#else
-return (unsigned long) apr_os_thread_current();
-#endif
-}
-
-static apr_status_t ssl_util_thread_cleanup(void *data)
-{
-CRYPTO_set_locking_callback(NULL);
-
-/* Let the registered mutex cleanups do their own thing 
- */
-return APR_SUCCESS;
-}
-
-void ssl_util_thread_setup(apr_pool_t *p)
-{
-int i;
-
-lock_num_locks = CRYPTO_num_locks();
-lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
-
-for (i = 0; i  lock_num_locks; i

Re: 2.1 trunk = ab -v 2 segfault

2005-04-15 Thread Joe Orton

On Sat, Mar 26, 2005 at 11:27:27AM +0100, Alexander Lazic wrote:
 Hi,
 
 i use the 2.1 tunk ab and have found 2 segfaults, it think.
 
 the first one was easy to find:
  in ssl_print_cert_info() the buf is 64 not BUFSIZ
  for eg. =X509_NAME_oneline(dn, buf, BUFSIZ);
 
 The second one was not so easy to find because i'am not very familiar
 with the openssl-development.

Thanks for the report, there were three segfaults actually; I've fixed
them on the trunk.

 After the test i get a segfault:
 
 gdb  /home/al/progs/http-2.1/bin/ab
 (gdb) set args -v 2 -g gnuplot_ab -sn1 -c2 https://$SERVER/

one of the segfaults was because you're using a -c value  -n, which
doesn't really make sense; I changed ab to reject that.

Regards,

joe

Re: 2.1 trunk = ab -v 2 segfault

2005-04-15 Thread Alexander Lazic

Hi,
On Fre 15.04.2005 11:54, Joe Orton wrote:
Thanks for the report, there were three segfaults actually; I've fixed
them on the trunk.
Thanks ;-)
one of the segfaults was because you're using a -c value  -n, which
doesn't really make sense; I changed ab to reject that.
Ops, sorry :-(
al ;-)

Re: 2.1 trunk = ab -v 2 segfault

2005-04-15 Thread Sander Temme

On Apr 15, 2005, at 4:25 AM, Alexander Lazic wrote:
one of the segfaults was because you're using a -c value  -n, which
doesn't really make sense; I changed ab to reject that.
Ops, sorry :-(
Don't be sorry, it's still a bug. (:
S.
--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


smime.p7s
Description: S/MIME cryptographic signature

2.1 trunk = ab -v 2 segfault

2005-03-26 Thread Alexander Lazic

Hi,
i use the 2.1 tunk ab and have found 2 segfaults, it think.
the first one was easy to find:
 in ssl_print_cert_info() the buf is 64 not BUFSIZ
 for eg. =X509_NAME_oneline(dn, buf, BUFSIZ);
The second one was not so easy to find because i'am not very familiar
with the openssl-development.
After the test i get a segfault:
gdb  /home/al/progs/http-2.1/bin/ab
(gdb) set args -v 2 -g gnuplot_ab -sn1 -c2 https://$SERVER/
(gdb) dir 
/home/al/download/openssl/openssl-0.9.7f/crypto/asn1:/home/al/download/openssl/openssl-0.9.7f/crypto/x509v3:/home/al/download/openssl/openssl-0.9.7f/crypto/x509:/home/al/download/apachestuff/httpd-2.1_cvs-2005-03-25/srclib/apr-util:/home/al/download/apachestuff/httpd-2.1_cvs-2005-03-25/srclib/apr:/home/al/download/openssl/openssl-0.9.7f/ssl:/home/al/download/openssl/openssl-0.9.7f/crypto:/home/al/download/openssl/openssl-0.9.7f/crypto/bio:/home/al/download/openssl/openssl-0.9.7f/crypto/stack:/home/al/download/openssl/openssl-0.9.7f/crypto/objects
(gdb) run
---
SSL read failed - closing connection
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210231712 (LWP 19528)]
ASN1_STRING_free (a=0x291) at asn1_lib.c:393
393 if (a-data != NULL) OPENSSL_free(a-data);
(gdb) bt
#0  ASN1_STRING_free (a=0x291) at asn1_lib.c:393
#1  0x0807979f in ASN1_primitive_free (pval=0x80f5ae4, it=0x0) at tasn_fre.c:224
#2  0x080797d0 in ASN1_primitive_free (pval=0xb7f0787c, it=0x0) at 
tasn_fre.c:219
#3  0x080cd848 in X509_ALGOR_seq_tt ()
#4  0x080cd848 in X509_ALGOR_seq_tt ()
#5  0x080cd848 in X509_ALGOR_seq_tt ()
#6  0x0807972f in ASN1_template_free (pval=0xb7f0787c, tt=0x80cd834) at 
tasn_fre.c:174
#7  0x0071 in ?? ()
#8  0x080c22d4 in X509_CERT_AUX_it ()
#9  0x0003 in ?? ()
#10 0x080cd848 in X509_ALGOR_seq_tt ()
#11 0x0811dfdc in ?? ()
#12 0x in ?? ()
#13 0x in ?? ()
#14 0x08079985 in asn1_item_combine_free (pval=0x80c2588, it=0xb7f0787c, 
combine=135059508) at tasn_fre.c:151
Previous frame inner to this frame (corrupt stack?)
---
Please can anybody look at this issuse ;-)
al ;-)

Re: [1.3 PATCH] Select SSL version on ab command line

2005-01-03 Thread Sander Temme

On Dec 21, 2004, at 1:03 PM, Sander Temme wrote:
On Dec 21, 2004, at 11:21 AM, William A. Rowe, Jr. wrote:
Can we use a separate flag to specific protocol version?
To address both your and André's response, yes we can. I even found an 
unused letter that makes sense: -m for 'method'. And yes, I'll do a 
2.1 patch. The reason my personal itch was with the 1.3 ab is that it 
defaults to SSLv2 and my company's product doesn't support SSLv2.
Now that the holidays are over:
Tickle
If we (as a community) don't want to put that kind of work into ab, 
especially 1.3 ab, I totally understand. In that case, I would like you 
to consider the following one-line patch that just makes ab negotiate 
the highest SSL version available rather than finding itself stuck at 
the obsolete SSL version 2:

Index: src/support/ab.c
===
--- src/support/ab.c(revision 124022)
+++ src/support/ab.c(working copy)
@@ -1655,7 +1655,7 @@
 #ifdef USE_SSL
 SSL_library_init();
-if (!(ctx = SSL_CTX_new(SSLv2_client_method( {
+if (!(ctx = SSL_CTX_new(SSLv23_client_method( {
fprintf(stderr, Could not init SSL CTX: );
ERR_print_errors_fp(stderr);
exit(1);
Thanks!
S.
--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


smime.p7s
Description: S/MIME cryptographic signature

[1.3 PATCH] Select SSL version on ab command line

The following patch (inline and attached) expands the experimental -s 
flag to ab to specify the SSL version used for the benchmark run. Valid 
versions are SSLv2, SSLv3, TLSv1 and ANY in which case the program will 
use the highest version available. This code is active when httpd is 
configured with CFLAGS=-DUSE_SSL and LDFLAGS=-lssl -lcrypto.

Downside: getopt(3) doesn't allow for an optional optarg, so a bare -s 
no longer works. I could possibly hack around that by scanning the bare 
argv string but that seems to me like a significant can of worms.

Patch:
Index: src/support/ab.8
===
--- src/support/ab.8(revision 122972)
+++ src/support/ab.8(working copy)
@@ -28,7 +28,7 @@
 ] [
 .B \-i
 ] [
-.B \-s
+.BI \-s  version
 ] [
 .BI \-n  requests
 ] [
@@ -95,14 +95,15 @@
 one or two times the standard deviation apart. And default to the
 min/avg/max values. (legacy support).
 .TP 12
-.B \-s
+.BI \-s  version
 When compiled in (ab -h will show you) use the SSL protected
 .B https
 rather than the
 .B http
 protocol. This feature is experimental and
 .B very
-rudimentary. You propably do not want to use it.
+rudimentary. You probably do not want to use it. The version parameter
+can be (SSLv2|SSLv3|TLSv1|ANY).
 .TP 12
 .B \-k
 Enable the HTTP KeepAlive feature; that is, perform multiple requests
Index: src/support/ab.c
===
--- src/support/ab.c(revision 122972)
+++ src/support/ab.c(working copy)
@@ -1364,7 +1364,8 @@
 fprintf(stderr, -g filename Output collected data to 
gnuplot format file.\n);
 fprintf(stderr, -e filename Output CSV file with 
percentages served\n);
 #ifdef USE_SSL
-fprintf(stderr, -s  Use httpS instead of HTTP 
(SSL)\n);
+fprintf(stderr, -s version  Use httpS instead of HTTP 
(SSL)\n);
+fprintf(stderr, version is 
(SSLv2|SSLv3|TLSv1|ANY)\n);
 #endif
 fprintf(stderr, -h  Display usage information 
(this message)\n);
 exit(EINVAL);
@@ -1463,6 +1464,10 @@
 {
 int c, r, l;
 char tmp[1024];
+#ifdef USE_SSL
+char ssl_err[40];
+SSL_METHOD *ssl_method;
+#endif
 /* table defaults  */
 tablestring = ;
 trstring = ;
@@ -1474,13 +1479,25 @@
 optind = 1;
 while ((c = getopt(argc, argv, 
n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
-  s
+  s:
 #endif
   ))  0) {
switch (c) {
 #ifdef USE_SSL
case 's':
ssl = 1;
+if (!strcmp(optarg, ANY)) {
+ssl_method = SSLv23_client_method();
+} else if (!strcmp(optarg, SSLv2)) {
+ssl_method = SSLv2_client_method();
+} else if (!strcmp(optarg, SSLv3)) {
+ssl_method = SSLv3_client_method();
+} else if (!strcmp(optarg, TLSv1)) {
+ssl_method = TLSv1_client_method();
+} else {
+sprintf(ssl_err, SSL method %.4s not supported.\n, 
optarg);
+err(ssl_err);
+}
break;
 #endif
case 'n':
@@ -1655,7 +1672,7 @@

 #ifdef USE_SSL
 SSL_library_init();
-if (!(ctx = SSL_CTX_new(SSLv2_client_method( {
+if (!(ctx = SSL_CTX_new(ssl_method))) {
fprintf(stderr, Could not init SSL CTX: );
ERR_print_errors_fp(stderr);
exit(1);
Similar patch for Apache 2 ab is forthcoming.
S.
--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


ab.c.patch
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature

Re: [1.3 PATCH] Select SSL version on ab command line

2004-12-21 Thread André Malo

* Sander Temme wrote:

 The following patch (inline and attached) expands the experimental -s
 flag to ab to specify the SSL version used for the benchmark run. Valid
 versions are SSLv2, SSLv3, TLSv1 and ANY in which case the program will
 use the highest version available. This code is active when httpd is
 configured with CFLAGS=-DUSE_SSL and LDFLAGS=-lssl -lcrypto.

 Downside: getopt(3) doesn't allow for an optional optarg, so a bare -s
 no longer works. I could possibly hack around that by scanning the bare
 argv string but that seems to me like a significant can of worms.

The solution is simple. Use -s for turning on SSL and another flag for the 
version. I'd suggest anyway to start with 2.1 and then go down the backport 
chain. That's the desired way.

nd
-- 
Already I've seen people (really!) write web URLs in the form:
http:\\some.site.somewhere
[...] How soon until greengrocers start writing apples $1\pound
or something?   -- Joona I Palaste in clc

Re: [1.3 PATCH] Select SSL version on ab command line

2004-12-21 Thread William A. Rowe, Jr.

At 01:15 PM 12/21/2004, Sander Temme wrote:
The following patch (inline and attached) expands the experimental -s flag to 
ab to specify the SSL version used for the benchmark run. Valid versions are 
SSLv2, SSLv3, TLSv1 and ANY in which case the program will use the highest 
version available. This code is active when httpd is configured with 
CFLAGS=-DUSE_SSL and LDFLAGS=-lssl -lcrypto.

Downside: getopt(3) doesn't allow for an optional optarg, so a bare -s no 
longer works. I could possibly hack around that by scanning the bare argv 
string but that seems to me like a significant can of worms.

Due to a change I hope to introduce, allowing a generic '-s' for
http:// connections (to trigger client-selected connection upgrade)
that would be a big downside.

Can we use a separate flag to specific protocol version?

Re: [1.3 PATCH] Select SSL version on ab command line

On Dec 21, 2004, at 11:21 AM, William A. Rowe, Jr. wrote:
Can we use a separate flag to specific protocol version?
To address both your and André's response, yes we can. I even found an 
unused letter that makes sense: -m for 'method'. And yes, I'll do a 2.1 
patch. The reason my personal itch was with the 1.3 ab is that it 
defaults to SSLv2 and my company's product doesn't support SSLv2.

Here's a new 1.3 patch (also attached for line-wrappy goodness):
Index: src/support/ab.8
===
--- src/support/ab.8	(revision 122972)
+++ src/support/ab.8	(working copy)
@@ -30,6 +30,8 @@
 ] [
 .B \-s
 ] [
+.BI \-m  version
+] [
 .BI \-n  requests
 ] [
 .BI \-t  timelimit
@@ -102,11 +104,19 @@
 .B http
 protocol. This feature is experimental and
 .B very
-rudimentary. You propably do not want to use it.
+rudimentary. You probably do not want to use it.
 .TP 12
+.BI \-m  version
+SSL version to use.
+.B Version
+can be SSLv2, SSLv3 or TLSv1. To be used together with
+.B \-s
+option. Default is highest available version.
+.TP 12
 .B \-k
 Enable the HTTP KeepAlive feature; that is, perform multiple requests
 within one HTTP session. Default is no KeepAlive.
+.TP 12
 .B \-i
 Use an HTTP 'HEAD' instead of the GET method. Cannot be mixed with 
POST.
 .TP 12
Index: src/support/ab.c
===
--- src/support/ab.c	(revision 122972)
+++ src/support/ab.c	(working copy)
@@ -1365,6 +1365,9 @@
 fprintf(stderr, -e filename Output CSV file with 
percentages served\n);
 #ifdef USE_SSL
 fprintf(stderr, -s  Use httpS instead of HTTP 
(SSL)\n);
+fprintf(stderr, -m version  SSL version is 
(SSLv2|SSLv3|TLSv1)\n);
+fprintf(stderr, If not specified, use highest 
available.\n);
+fprintf(stderr, Use this option together with 
-s.\n);
 #endif
 fprintf(stderr, -h  Display usage information 
(this message)\n);
 exit(EINVAL);
@@ -1463,6 +1466,9 @@
 {
 int c, r, l;
 char tmp[1024];
+#ifdef USE_SSL
+SSL_METHOD *ssl_method = NULL;
+#endif
 /* table defaults  */
 tablestring = ;
 trstring = ;
@@ -1474,13 +1480,30 @@
 optind = 1;
 while ((c = getopt(argc, argv, 
n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq
 #ifdef USE_SSL
-		   s
+		   sm:
 #endif
 		   ))  0) {
 	switch (c) {
 #ifdef USE_SSL
 	case 's':
 	ssl = 1;
+if (ssl_method == NULL) {
+ssl_method = SSLv23_client_method();
+}
+break;
+case 'm':
+ssl = 1;
+if (!strcmp(optarg, SSLv2)) {
+ssl_method = SSLv2_client_method();
+} else if (!strcmp(optarg, SSLv3)) {
+ssl_method = SSLv3_client_method();
+} else if (!strcmp(optarg, TLSv1)) {
+ssl_method = TLSv1_client_method();
+} else {
+fprintf(stderr, SSL method %s not supported. 
Defaulting to highest 
+supported version.\n, optarg);
+ssl_method = SSLv23_client_method();
+}
 	break;
 #endif
 	case 'n':
@@ -1655,7 +1678,7 @@

 #ifdef USE_SSL
 SSL_library_init();
-if (!(ctx = SSL_CTX_new(SSLv2_client_method( {
+if (!(ctx = SSL_CTX_new(ssl_method))) {
fprintf(stderr, Could not init SSL CTX: );
ERR_print_errors_fp(stderr);
exit(1);
--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


smime.p7s
Description: S/MIME cryptographic signature

Re: [1.3 PATCH] Select SSL version on ab command line

2004-12-21 Thread Mads Toftum

On Tue, Dec 21, 2004 at 01:03:13PM -0800, Sander Temme wrote:
 
 On Dec 21, 2004, at 11:21 AM, William A. Rowe, Jr. wrote:
 
 Can we use a separate flag to specific protocol version?
 
 To address both your and André's response, yes we can. I even found an 
 unused letter that makes sense: -m for 'method'. And yes, I'll do a 2.1 
 patch. The reason my personal itch was with the 1.3 ab is that it 
 defaults to SSLv2 and my company's product doesn't support SSLv2.
 
Could this be similar to openssl s_client - ssl2, ssl3, ... and the 
no_ssl2, no_ssl3 etc? Just like you might want to specify a specific
version, I could see where it would be nice to go the other way and
remove a specific cipher.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

Re: [1.3 PATCH] Select SSL version on ab command line

On Dec 21, 2004, at 1:12 PM, Mads Toftum wrote:
Could this be similar to openssl s_client - ssl2, ssl3, ... and the
no_ssl2, no_ssl3 etc? Just like you might want to specify a specific
version, I could see where it would be nice to go the other way and
remove a specific cipher.
That's right, this is either selecting a specific version or (the 
default) send an SSLv2 compatible hello and offer up all versions it 
can do.

We're also not talking about Ciphers here, just protocol versions. It 
figures out the ciphersuites for itself. I figure if we want to get 
that sophisticated, we'd better pour our energy into flood instead of 
ab.

S.
--
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


smime.p7s
Description: S/MIME cryptographic signature

Re: [1.3 PATCH] Select SSL version on ab command line

2004-12-21 Thread Mads Toftum

On Tue, Dec 21, 2004 at 02:02:46PM -0800, Sander Temme wrote:
 We're also not talking about Ciphers here, just protocol versions. It 
 figures out the ciphersuites for itself. I figure if we want to get 
 that sophisticated, we'd better pour our energy into flood instead of 
 ab.
 
Cipher was a mistake on my part - I wanted to say protocol but got
distracted ;)

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

[PATCH] Select SSL version on ab command line