Re: [PATCH] BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of HA_OPENSSL_VERSION

2021-03-26 Thread William Lallemand
On Fri, Mar 26, 2021 at 11:47:48PM +0500, Илья Шипицин wrote:
> Hello,
> 
> yet another patch that removes few HA_OPENSSL_VERSION usage.
> 
> Ilya

Pushed in master, thanks.

-- 
William Lallemand



[PATCH] BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of HA_OPENSSL_VERSION

2021-03-26 Thread Илья Шипицин
Hello,

yet another patch that removes few HA_OPENSSL_VERSION usage.

Ilya
From cda2194398d8c7a4b0ca07ab2ed47c290c92b64f Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Fri, 26 Mar 2021 23:35:31 +0500
Subject: [PATCH] BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of
 HA_OPENSSL_VERSION

EVP_CIPH_GCM_MODE was introduced in https://github.com/openssl/openssl/commit/bdaa54155cceb34846a202d0027054fd51493695
together with EVP support for AES-GCM.
---
 src/sample.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/sample.c b/src/sample.c
index e7655a575..835a18115 100644
--- a/src/sample.c
+++ b/src/sample.c
@@ -1778,7 +1778,7 @@ static inline int sample_check_arg_base64(struct arg *arg, char **err)
 	return 1;
 }
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
+#ifdef EVP_CIPH_GCM_MODE
 static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
 		  const char *file, int line, char **err)
 {
@@ -1920,7 +1920,7 @@ static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp,
 	free_trash_chunk(smp_trash);
 	return 0;
 }
-#endif /* HA_OPENSSL_VERSION_NUMBER */
+#endif
 
 static int check_crypto_digest(struct arg *args, struct sample_conv *conv,
 		  const char *file, int line, char **err)
@@ -4120,7 +4120,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
 	{ "sha1",   sample_conv_sha1,  0,NULL, SMP_T_BIN,  SMP_T_BIN  },
 #ifdef USE_OPENSSL
 	{ "sha2",   sample_conv_sha2,  ARG1(0, SINT), smp_check_sha2, SMP_T_BIN,  SMP_T_BIN  },
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
+#ifdef EVP_CIPH_GCM_MODE
 	{ "aes_gcm_dec", sample_conv_aes_gcm_dec,   ARG4(4,SINT,STR,STR,STR), check_aes_gcm,   SMP_T_BIN, SMP_T_BIN },
 #endif
 	{ "digest",  sample_conv_crypto_digest, ARG1(1,STR),  check_crypto_digest, SMP_T_BIN, SMP_T_BIN },
-- 
2.30.2



Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread William Lallemand
On Thu, Mar 25, 2021 at 12:52:42AM +0500, Илья Шипицин wrote:
> Hello,
> 
> yet another patch that removes several occurrences of HA_OPENSSL_VERSION
> also, fetches enabled for BoringSSL and LibreSSL-2.7.0 and higher
> 
> Ilya


Looks good, pushed in master, thanks!

-- 
William Lallemand



Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread William Lallemand
On Fri, Mar 26, 2021 at 03:02:27PM +0100, Willy Tarreau wrote:
> On Fri, Mar 26, 2021 at 06:45:22PM +0500,  ??? wrote:
> > Ping :)
> 
> Ilya, please use the MAINTAINERS file to be sure to direct your messages
> to the relevant maintainers, because each time you forward them to me, I
> forward them in turn and the integration of your work gets needlessly
> delayed.

I agree. You can also wait more than 1 day before doing a "ping" for a
minor patch, it's more likely that we didn't read it yet than we missed
it.

> @Emeric, @William, could one of you please have a look ?
> 

I'll take a look.

-- 
William Lallemand



Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread Willy Tarreau
On Fri, Mar 26, 2021 at 06:45:22PM +0500,  ??? wrote:
> Ping :)

Ilya, please use the MAINTAINERS file to be sure to direct your messages
to the relevant maintainers, because each time you forward them to me, I
forward them in turn and the integration of your work gets needlessly
delayed.

@Emeric, @William, could one of you please have a look ?

Cheers,
Willy

> On Thu, Mar 25, 2021, 12:52 AM  ???  wrote:
> 
> > Hello,
> >
> > yet another patch that removes several occurrences of HA_OPENSSL_VERSION
> > also, fetches enabled for BoringSSL and LibreSSL-2.7.0 and higher
> >
> > Ilya
> >



Re: [PATCH] fine guard for ssl random extraction functions

2021-03-26 Thread Илья Шипицин
Ping :)

On Thu, Mar 25, 2021, 12:52 AM Илья Шипицин  wrote:

> Hello,
>
> yet another patch that removes several occurrences of HA_OPENSSL_VERSION
> also, fetches enabled for BoringSSL and LibreSSL-2.7.0 and higher
>
> Ilya
>


Re: is it possible to disable option httpchk per backend?

2021-03-26 Thread Christopher Faulet

Le 25/03/2021 à 17:53, Mariusz Gronczewski a écrit :

Hi,

is it possible to disable "option httpchk" in specific backend when it
is enabled in defaults block? I have config where basically every
backend sans one is http so I'd like to keep that in defaults and just
disable it in tcp backend (which is backend for SPOE/A) but it seems to
be one of very few options that do not have "no option httpchk".



Hi,

Indeed, you can't. But you may override it with the right health-check type. For 
instance "option tcp-check". Or better "option spop-check" if it is a SPOE backend.


--
Christopher Faulet