Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC
On Fri, Sep 01, 2023 at 01:25:55AM +, Hopkins, Andrew wrote: > Hi, Hi Andrew! > I have what I think it approaching the final 3 patches attached. I > cleaned up the first patch so it just includes the code, makefile, and > documentation changes to support AWS-LC. The second patch disables the > one FFDH test when HAPRoxy is build with AWS-LC. I merged these two ones which are fine. > Finally, the third patch does a few things: > 1. Add support to matrix.py to find the latest release of AWS-LC, it > would be a one line change to add AWS-LC to build on every push in > matrix.py in the future > 2. Update matrix.py to have a main function, > this looks like a big change but is all whitespace. I did this because > I needed a way to get the latest version in aws-lc.yml. I did that by > invoking the determine_latest_aws_lc function in the GitHub action, > I'm open to other suggestions > 3. Add a weekly build of HAProxy with > the latest release of AWS-LC with the same schedule as the other > weekly jobs: Thursdays at 00:00 > Seems like you just list what could be 3 differents patches in my opinion. :-) Also this could have been your commit message too! I didn't merged this one, there is a lot going on in there. It would be better to split them for better readibility. We encourage to write micro commits with only one feature per patch. I'm fine with the final result though, but could you split it in 3 patches? Thanks > You can see an example of the run here [1]. Also, I discovered you can > add `workflow_dispatch` to scheduled tasks so you can manually trigger > them without having to tweak the cron schedule. > > [1] https://github.com/andrewhop/haproxy/actions/runs/6044112377 > That's great, that will be useful this way! Thanks -- William Lallemand
Re: [PATCH] MINOR: properly mark the end of the CLI command in error messages
On Sat, Sep 02, 2023 at 10:05:11AM +0200, Miroslav Zagorac wrote: > Hello all, > > this is a patch related to correctly marking the end of the CLI command in the > error message in several places in the file src/ssl_ckch.c . > Thanks, merged. -- William Lallemand
[PR] BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
Dear list! Author: Chris Staite Number of patches: 1 This is an automated relay of the Github pull request: BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer Patch title(s): BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer Link: https://github.com/haproxy/haproxy/pull/2278 Edit locally: wget https://github.com/haproxy/haproxy/pull/2278.patch && vi 2278.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2278.patch | git am - Description: A previous fix to ensure that there is sufficient space on the output buffer to place parsed data (#2053) introduced an issue that if the output buffer is filled on a chunk boundary no data is parsed but the congested flag is not set due to the state not being H1_MSG_DATA. The check to ensure that there is sufficient space in the output buffer is actually already performed in all downstream functions before it is used. This makes the early optimisation that avoids the state transition to H1_MSG_DATA needless. Therefore, in order to allow the chunk parser to continue in this edge case we can simply remove the early check. This ensures that the state can progress and set the congested flag correctly in the caller. This patch fixes #2262. The upstream change that caused this logic error was backported as far as 2.5, therefore it makes sense to backport this fix back that far also. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
