Re: mod_remoteip

> There is nothing I see in the code that prevents a cycle with internal proxy from following a cycle with external proxy. It's been several years so I was going from memory, but you are right... > So if your explanation is the way the code is intended, there may exist some subtle error cases.

Re: mod_remoteip

On 12/11/2013 2:18 PM, William A. Rowe Jr. wrote: On Mon, 09 Dec 2013 11:10:46 -0800 Mike Rumph wrote: As you can see from the bug report, I have been looking into this. It might also be important to consider the related bug 55637: - https://issues.apache.org/bugzilla/show_bug.cgi?id=55637

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, 13 Dec 2013 10:46:43 +0100 Ruediger Pluem wrote: > William A. Rowe Jr. wrote: > > > > Yes, and? Why would this differ from the historical handling of the > > Host: header? The HTTP Host header is not the dns name of this hop, > > It doesn't, but we clearly stated in the docs before: D

[PATCH] Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Mon, 25 Nov 2013 15:55:41 -0600 "William A. Rowe Jr." wrote: > It appears that our SNI hostname comparison is invalid for forward > proxy applications, specifically proxy CONNECT. RFC 2616 states; > > 14.23 Host > > The Host request-header field specifies the Internet host and port >

Re: Do pools lead to bad programming?

Le 12/12/2013 01:15, Graham Leggett a écrit : Obviously allocating too early and then throwing away the results of the allocation is a waste as you've pointed out, and should ideally be smoked out and fixed. I'd love to see these things fixed, because they add up. If you post them here they ar

Re: Do pools lead to bad programming?

Le 12/12/2013 01:54, Kean Johnston a écrit : I'd love to see these things fixed, because they add up. If you post them here they are likely to be reviewed very quickly, as they'll no doubt be simple to review. Cool. Here's a patch for the case I just mentioned. It also eliminates an un-needed a

Re: Some redundant code and comment typos in mod_remoteip

Not correct, this is just a french man who didn't take time to check in a dictionary... :) I update... Thx CJ Le 13/12/2013 19:57, Mike Rumph a écrit : equivalant versus equivalent Perhaps this is a difference in British versus American spelling, correct? Anyway, thanks for the commits

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, 13 Dec 2013 07:05:13 +0100 Kaspar Brand wrote: > On 12.12.2013 20:06, William A. Rowe Jr. wrote: > > On Thu, 12 Dec 2013 09:28:16 + > > "Plüm, Rüdiger, Vodafone Group" wrote: > >> The reason is that you can define SSL parameters in Virtual hosts > >> like SSLCiphers or SSLProtocols.

Re: Some redundant code and comment typos in mod_remoteip

equivalant versus equivalent Perhaps this is a difference in British versus American spelling, correct? Anyway, thanks for the commits. Mike Rumph On 12/12/2013 10:12 PM, Christophe JAILLET wrote: Trunk = r1550650 for comments upodate r1550651 for redundant check 2.4.x = r1550652 for

Looking for Volunteers for WPKOPS Survey

The Web PKI Ops (wpkops) Working Group is part of the IETF, and has as its goal to describe how the Web PKI "actually" works in the set of browsers and servers that are in common use today. To that end, the working group is attempting to document current and historic browser and server behavior.

Re: Do pools lead to bad programming?

The format string is a multiplier of length. 4k repeated %Y elements in the 'a' variable's format string is 8kbytes in the format string, but the result would take 16kbytes. Then you have things like %B: the full month name according to the current locale. You cannot really predict the length wi

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

On Dec 13, 2013, at 4:33 AM, Ruediger Pluem wrote: > > > Yann Ylavic wrote: >> Hi devs, >> >> This was pointed out by Joe Orton's comment at >> https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. >> >> Here is a proposal (patch against ap_proxy_http_process_response) to address >

Re: Do pools lead to bad programming?

On Fri, Dec 13, 2013 at 5:06 AM, Daniel Lescohier wrote: > Here is my draft replacement: > > static const char *log_request_time_custom(request_rec *r, char *a, >apr_time_exp_t *xt) > { > static const apr_size_t buf_len = 256; > apr_size_t tstr_

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, Dec 13, 2013 at 2:42 PM, Plüm, Rüdiger, Vodafone Group < ruediger.pl...@vodafone.com> wrote: > > > > > *Von:* Yann Ylavic [mailto:ylavic@gmail.com] > *Gesendet:* Freitag, 13. Dezember 2013 13:09 > *An:* httpd > *Betreff:* Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT > reques

AW: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

Von: Yann Ylavic [mailto:ylavic@gmail.com] Gesendet: Freitag, 13. Dezember 2013 13:09 An: httpd Betreff: Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests On Fri, Dec 13, 2013 at 10:46 AM, Ruediger Pluem mailto:rpl...@apache.org>> wrote: William A. Rowe Jr. wrote:> > The SSL

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

On Fri, Dec 13, 2013 at 10:33 AM, Ruediger Pluem wrote: > > > Yann Ylavic wrote: > > Hi devs, > > > > This was pointed out by Joe Orton's comment at > https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. > > > > Here is a proposal (patch against ap_proxy_http_process_response) to > addre

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, Dec 13, 2013 at 10:46 AM, Ruediger Pluem wrote: > > William A. Rowe Jr. wrote:> > > The SSL settings come from first the IP/port search, then the resolved > > SNI hostname's vhost, and finally from the corresponding Host: named > > vhost where applicable. Of course the Host: vhost config

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

William A. Rowe Jr. wrote: > On Thu, 12 Dec 2013 09:28:16 + > "Plüm, Rüdiger, Vodafone Group" wrote: > >> >> >>> -Original Message- >>> From: Kaspar Brand [mailto:httpd-dev.2...@velox.ch] >>> Sent: Donnerstag, 12. Dezember 2013 07:01 >>> To: dev@httpd.apache.org >>> Subject: Re: Beh

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

Yann Ylavic wrote: > Hi devs, > > This was pointed out by Joe Orton's comment at > https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. > > Here is a proposal (patch against ap_proxy_http_process_response) to address > the double lifetime transformation of the > buckets from the back

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On 13 Dec 2013, at 06:05, Kaspar Brand wrote: > On 12.12.2013 20:06, William A. Rowe Jr. wrote: >> On Thu, 12 Dec 2013 09:28:16 + "Plüm, Rüdiger, Vodafone Group" >> wrote: >> >> Yes, and? Why would this differ from the historical handling of the Host: >> header? The HTTP Host header is n

Re: svn commit: r1550060 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

jkal...@apache.org wrote: > Author: jkaluza > Date: Wed Dec 11 07:16:28 2013 > New Revision: 1550060 > > URL: http://svn.apache.org/r1550060 > Log: > mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all > configured SSL CA certificates to stdout the same way as DUMP_CERTS does

Re: Do pools lead to bad programming?

On Fri, Dec 13, 2013 at 5:06 AM, Daniel Lescohier wrote: > char server_portstr[sizeof(apr_port_t)*241/100+3]; /* log10(256) is > 2.408 */ > Nice :)

Re: unsetting encrypted cookies when encryption key changes

Must have made some mistake when testing it yesterday because it works like a charm. Suggesting this patch (against trunk) diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 89c8074..476e021 100644 --- a/modules/session/mod_session.c +++ b/modules/session/mod_session.