Re: [PATCH v4] BUG/MINOR: dns: allow 63 char in hostname

[Miroslav Zagorac]

On 01/28/2020 12:02 AM, Baptiste wrote:

On Sun, Jan 26, 2020 at 7:53 PM William Dauchy  wrote:


hostname were limited to 62 char, which is not RFC1035 compliant;
- the parsing loop should stop when above max label char
- fix len label test where d[i] was wrongly used
- simplify the whole function to avoid using two extra char* variable

this should fix github issue #387
 ...


This patch is "approved".
Willy, you can apply.

Baptiste



Hello,

whether in this function is sufficient to check the length of the label 
and its contents (uppercase and lowercase letters, numbers and hyphen) 
or whether RFC1035 should be followed where it states the following:


"The labels must follow the rules for ARPANET host names.  They must
start with a letter, end with a letter or digit, and have as interior
characters only letters, digits, and hyphen.  There are also some
restrictions on the length.  Labels must be 63 characters or less."

--
Zaga

What can change the nature of a man?

Re: [PATCH v3] BUG/MINOR: dns: allow 63 char in hostname

[Baptiste]

On Sun, Jan 26, 2020 at 8:15 PM Илья Шипицин  wrote:

>
>
> вс, 26 янв. 2020 г. в 23:12, William Dauchy :
>
>> On Sun, Jan 26, 2020 at 7:08 PM Илья Шипицин 
>> wrote:
>> > such things are fragile.  once fixed, they can silently break during
>> further refactoring.
>> > on other hand, such functions are good candidates to write unit tests.
>>
>> I considered it but to my knowledge, this is currently not possible
>> with varnishtest, as we would need to mock a dns resolution, and make
>> haproxy starts. I don't know whether there are other plans for haproxy
>> tests.
>>
>
>
> I do not mean varnishtest here.
>
> varnishtest is "full stack functional test", it is too expensive.
>
> I mean lightweight unit testing, for example, cmocka.
>
>
>> --
>> William
>>
>

On a side note, I am working on building tests for the DNS in HAProxy using
socat + script as a DNS server in vtest.
I am at a point where dig can query my socat+script, then I'll try HAProxy,
then I'll do the vtest integration.

Baptiste

Re: [PATCH v4] BUG/MINOR: dns: allow 63 char in hostname

[Baptiste]

On Sun, Jan 26, 2020 at 7:53 PM William Dauchy  wrote:

> hostname were limited to 62 char, which is not RFC1035 compliant;
> - the parsing loop should stop when above max label char
> - fix len label test where d[i] was wrongly used
> - simplify the whole function to avoid using two extra char* variable
>
> this should fix github issue #387
>
> Signed-off-by: William Dauchy 
> ---
>  src/dns.c | 31 +--
>  1 file changed, 13 insertions(+), 18 deletions(-)
>
> diff --git a/src/dns.c b/src/dns.c
> index eefd8d0dc..28d47d26c 100644
> --- a/src/dns.c
> +++ b/src/dns.c
> @@ -1470,7 +1470,6 @@ int dns_str_to_dn_label(const char *str, int
> str_len, char *dn, int dn_len)
>   */
>  int dns_hostname_validation(const char *string, char **err)
>  {
> -   const char *c, *d;
> int i;
>
> if (strlen(string) > DNS_MAX_NAME_SIZE) {
> @@ -1479,36 +1478,32 @@ int dns_hostname_validation(const char *string,
> char **err)
> return 0;
> }
>
> -   c = string;
> -   while (*c) {
> -   d = c;
> -
> +   while (*string) {
> i = 0;
> -   while (*d != '.' && *d && i <= DNS_MAX_LABEL_SIZE) {
> -   i++;
> -   if (!((*d == '-') || (*d == '_') ||
> - ((*d >= 'a') && (*d <= 'z')) ||
> - ((*d >= 'A') && (*d <= 'Z')) ||
> - ((*d >= '0') && (*d <= '9' {
> +   while (*string && *string != '.' && i <
> DNS_MAX_LABEL_SIZE) {
> +   if (!(*string == '-' || *string == '_' ||
> + (*string >= 'a' && *string <= 'z') ||
> + (*string >= 'A' && *string <= 'Z') ||
> + (*string >= '0' && *string <= '9'))) {
> if (err)
> *err = DNS_INVALID_CHARACTER;
> return 0;
> }
> -   d++;
> +   i++;
> +   string++;
> }
>
> -   if ((i >= DNS_MAX_LABEL_SIZE) && (d[i] != '.')) {
> +   if (!(*string))
> +   break;
> +
> +   if (*string != '.' && i >= DNS_MAX_LABEL_SIZE) {
> if (err)
> *err = DNS_LABEL_TOO_LONG;
> return 0;
> }
>
> -   if (*d == '\0')
> -   goto out;
> -
> -   c = ++d;
> +   string++;
> }
> - out:
> return 1;
>  }
>
> --
> 2.24.1
>
>

This patch is "approved".
Willy, you can apply.

Baptiste

Re: "check-sni" doesn't seems to have effect on "tcp-check connect ssl"

[Nelson Branco]

I meant, I was expecting to have the server_name TLS extension sent as it 
happens if we use a httpcheck.

--
Nelson Branco


From: Baptiste 
Sent: Monday, January 27, 2020, 21:39
To: Nelson Branco
Cc: haproxy@formilux.org
Subject: Re: "check-sni" doesn't seems to have effect on "tcp-check connect ssl"


On Mon, Jan 27, 2020 at 7:50 PM Nelson Branco 
mailto:nelson.bra...@vision-box.com>> wrote:
Do anyone know if “check-sni” should have effect as well on “tcp-check connect 
ssl” at version “HAProxy version 1.8.8-1ubuntu0.9, released 2019/12/02”?

Hi,

What do you mean by "effect" ?

Baptiste

Re: "check-sni" doesn't seems to have effect on "tcp-check connect ssl"

[Baptiste]

On Mon, Jan 27, 2020 at 7:50 PM Nelson Branco 
wrote:

> Do anyone know if “check-sni” should have effect as well on “tcp-check
> connect ssl” at version “HAProxy version 1.8.8-1ubuntu0.9, released
> 2019/12/02”?
>

Hi,

What do you mean by "effect" ?

Baptiste

"check-sni" doesn't seems to have effect on "tcp-check connect ssl"

[Nelson Branco]

Do anyone know if "check-sni" should have effect as well on "tcp-check connect 
ssl" at version "HAProxy version 1.8.8-1ubuntu0.9, released 2019/12/02"?

Re: [PATCH] ssl certificates load speedup and dedup (pem/ctx)

[Emmanuel Hocdet]

Hi William,

> 
> With ‘ssl crt foo.pem chain bar.pem’, or crt-list with ‘foo.pem [chain 
> bar.pem]’,
> deduplicate chain look like deduplicate ca-file.
> Find ocsp_issuer with this chain doesn’t work directly, but it seems doable.
> For CLI, reload cert when chain is updated seem also complicated, perhaps
> less problematic than others solutions. 
> 

Proposal for ‘chain’ parameter:
https://github.com/ehocdet/haproxy/commits/chain 


++
Manu

Re: Disabling regtests in Travis ?

[Martin Grigorov]

On Fri, Jan 24, 2020 at 6:43 PM Willy Tarreau  wrote:

> On Fri, Jan 24, 2020 at 09:12:58PM +0500,  ??? wrote:
> > >> +  - make reg-tests VTEST_PROGRAM=../vtest/vtest
> > >> REGTESTS_TYPES=default,bug,devel
> > >>
> > >
> > > let us try that.
>
> OK, now pushed.
>
> > > I will have a look at "racy" tests.
> > > Maybe we'll enable them on Github Actions.
> > >
> > >
> > the good thing about Github Actions, it is possible to attach own build
> > agents. So, if we
> > have dedicated hardware and we not want to depend on travis-ci
> neighbours,
> > it might be an option.
>
> That's good to know, even if I doubt we'd need it, at least it
> opens possibilities.
>

The regtests run fine on my ARM64 VM. I run them daily.
If HAProxy team decides to move to GitHub Actions and to use an external
build agent for ARM64 then just ping me!

Regards,
Martin


>
> Willy
>
>

Bid Writing Workshops and New Training Courses

[NFP Workshops]

NFP WORKSHOPS

Bid Writing Workshops and New Training Courses for 
Charities, Schools and Public Sector Organisations.

UNSUBSCRIBES
This email has been sent to haproxy@formilux.org
To unsubscribe please reply back replacing the subject line with  unsubscribe
Unsubscribes will take effect within seven days.

BOOKING DETAILS
You can book any workshop online and pay using a debit card, credit card or 
paypal. 
Just google  nfp workshops  to go to our website.

QUESTIONS
To ask a question please reply back replacing the subject line with  question

BID WRITING: THE BASICS   Start 09.00  Finish 11.30  Cost £95

Do you know the most common reasons for rejection? Are you gathering the right 
evidence? Are you making the right arguments? Are you using the right 
terminology? Are your numbers right? Are you learning from rejections? Are you 
assembling the right documents? Do you know how to create a clear and concise 
standard funding bid? Are you communicating with people or just excluding them? 
Do you know your own organisation well enough? Are you thinking through your 
projects carefully enough? Do you know enough about your competitors? Are you 
answering the questions funders will ask themselves about your application? Are 
you submitting applications correctly?

BID WRITING: ADVANCED   Start 12.00  Finish 14.30  Cost £95

Are you applying to the right trusts? Are you applying to enough trusts? Are 
you 
asking for the right amount of money? Are you applying in the right ways? Are 
your projects the most fundable projects? Are you carrying out trust 
fundraising 
in a professional way? Are you delegating enough work? Are you highly 
productive 
or just very busy? Are you looking for trusts in all the right places? How do 
you compare with your competitors for funding? Is the rest of your fundraising 
hampering your bids to trusts? Do you understand what trusts are ideally 
looking 
for?

LONDON
16 Mar 2020 - 23 Mar 2020 - 27 Apr 2020 - 08 Jun 2020 - 15 Jun 2020
VAI, 200A Pentonville Road, Kings Cross, London N1 9JP

SOUTHAMPTON   
17 Mar 2020 - 09 Jun 2020
Jurys Inn, Charlotte Place, Southampton SO14 0TB

BRISTOL   
18 Mar 2020 - 10 Jun 2020
The Waterfront Meeting Rooms, Welsh Back, Bristol BS1 4SB

EDINBURGH 
19 Mar 2020 - 11 Jun 2020
Courtyard, 1-3 Baxter's Place, Edinburgh EH1 3AF

NEWCASTLE 
20 Mar 2020 - 12 Jun 2020
Jurys Inn, Scotswood Road, Newcastle upon Tyne NE1 4AD

NOTTINGHAM
24 Mar 2020 - 16 Jun 2020
Jurys Inn, Station Street, Nottingham NG2 3BJ

BIRMINGHAM
25 Mar 2020 - 17 Jun 2020
Jurys Inn, 245 Broad Street, Birmingham B1 2HQ

MANCHESTER
26 Mar 2020 - 18 Jun 2020
Jurys Inn, 56 Great Bridgewater Street, Manchester M1 5LE

LEEDS 
27 Mar 2020 - 19 Jun 2020
Jurys Inn, Brewery Wharf, Brewery Place, Leeds LS10 1NE 

BID WRITING: INTERACTIVE   
LONDON
13 Mar 2020
VAI, 200A Pentonville Road, Kings Cross, London N1 9JP
Start 10.00  Finish 16.00  Cost £295/£345  

Here is how the day works. You bring 11 copies of your standard funding bid or 
a 
recent bid. Print them out triple spaced in Arial 16 point font. We will 
provide 
a big table, pens, a trainer and up to 9 other attendees. We will all review 
your bid. Word by word. Line by line. We will test out your jargon and your 
acronyms to see how well understood they really are. We will ask “What are you 
actually trying to say here?”. Once your bid is revised you will have the 
chance 
to review up to 9 other bids to learn from other people’s bids and how they go 
about things. By the end of the day you should have a better written, clearer, 
more effective bid than you arrived with. If it is perfect already then at 
least 
you will have had that confirmed by up to 10 other people. We will send you a 
questionnaire in advance about your trust and foundation fundraising statistics 
and strategy. We will all then review that strategy to see how you are doing 
now, what you should be aiming to achieve in the future and the practical steps 
to bring that about. Finally we will review your organisation as a whole. What 
aspects should you be telling more people more about. What aspects should you 
be 
trying to improve in the years ahead to increase your success rate with trusts 
and foundations.

RECRUITMENT: THE BASICS
LONDON
09 Mar 2020
VAI, 200A Pentonville Road, Kings Cross, London N1 9JP
Start 10.00  Finish 16.00  Cost £295/£345  

A step by step introduction to all the most important things to consider when 
recruiting new staff. Writing job descriptions. Writing candidate 
specifications. Writing job adverts. Where to advertise. Using a recruitment 
agency. Selecting candidates to interview. Interview questions. Interview 
styles. Final selection. Contracts of employment. Inductions for new staff. 
Payroll and expenses. An overview of employment legislation. Employment record 
keeping. Attracting the best staff through improving your public profile.

PURCHASING: THE BASICS
LONDON
10

they use it

[Marcel Deniau]

Hi there,
I've been using HAProxy for over 3 years now in various projects & companies.
How can we be featured on your pagehttp://www.haproxy.org/they-use-it.html ?
Thanks,Marcel

--
MARCEL DENIAU
PartnerVPN roommar...@vpnroom.comvpnroom.com