Re: unsetting encrypted cookies when encryption key changes

Must have made some mistake when testing it yesterday because it works like a charm. Suggesting this patch (against trunk) diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 89c8074..476e021 100644 --- a/modules/session/mod_session.c +++

Re: Do pools lead to bad programming?

On Fri, Dec 13, 2013 at 5:06 AM, Daniel Lescohier daniel.lescoh...@cbsi.com wrote: char server_portstr[sizeof(apr_port_t)*241/100+3]; /* log10(256) is 2.408 */ Nice :)

Re: svn commit: r1550060 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

jkal...@apache.org wrote: Author: jkaluza Date: Wed Dec 11 07:16:28 2013 New Revision: 1550060 URL: http://svn.apache.org/r1550060 Log: mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all configured SSL CA certificates to stdout the same way as DUMP_CERTS does.

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On 13 Dec 2013, at 06:05, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 12.12.2013 20:06, William A. Rowe Jr. wrote: On Thu, 12 Dec 2013 09:28:16 + Plüm, Rüdiger, Vodafone Group ruediger.pl...@vodafone.com wrote: Yes, and? Why would this differ from the historical handling of the

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

Yann Ylavic wrote: Hi devs, This was pointed out by Joe Orton's comment at https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. Here is a proposal (patch against ap_proxy_http_process_response) to address the double lifetime transformation of the buckets from the backend

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

William A. Rowe Jr. wrote: On Thu, 12 Dec 2013 09:28:16 + Plüm, Rüdiger, Vodafone Group ruediger.pl...@vodafone.com wrote: -Original Message- From: Kaspar Brand [mailto:httpd-dev.2...@velox.ch] Sent: Donnerstag, 12. Dezember 2013 07:01 To: dev@httpd.apache.org Subject: Re:

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, Dec 13, 2013 at 10:46 AM, Ruediger Pluem rpl...@apache.org wrote: William A. Rowe Jr. wrote: The SSL settings come from first the IP/port search, then the resolved SNI hostname's vhost, and finally from the corresponding Host: named vhost where applicable. Of course the Host:

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

On Fri, Dec 13, 2013 at 10:33 AM, Ruediger Pluem rpl...@apache.org wrote: Yann Ylavic wrote: Hi devs, This was pointed out by Joe Orton's comment at https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. Here is a proposal (patch against ap_proxy_http_process_response) to

AW: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

Von: Yann Ylavic [mailto:ylavic@gmail.com] Gesendet: Freitag, 13. Dezember 2013 13:09 An: httpd Betreff: Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests On Fri, Dec 13, 2013 at 10:46 AM, Ruediger Pluem rpl...@apache.orgmailto:rpl...@apache.org wrote: William A. Rowe Jr.

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, Dec 13, 2013 at 2:42 PM, Plüm, Rüdiger, Vodafone Group ruediger.pl...@vodafone.com wrote: *Von:* Yann Ylavic [mailto:ylavic@gmail.com] *Gesendet:* Freitag, 13. Dezember 2013 13:09 *An:* httpd *Betreff:* Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

Re: Do pools lead to bad programming?

On Fri, Dec 13, 2013 at 5:06 AM, Daniel Lescohier daniel.lescoh...@cbsi.com wrote: Here is my draft replacement: static const char *log_request_time_custom(request_rec *r, char *a, apr_time_exp_t *xt) { static const apr_size_t buf_len = 256;

Re: [PATCH] ap_proxy_http_process_response double lifetime transform

On Dec 13, 2013, at 4:33 AM, Ruediger Pluem rpl...@apache.org wrote: Yann Ylavic wrote: Hi devs, This was pointed out by Joe Orton's comment at https://issues.apache.org/bugzilla/show_bug.cgi?id=50335#c40. Here is a proposal (patch against ap_proxy_http_process_response) to address

Re: Do pools lead to bad programming?

The format string is a multiplier of length. 4k repeated %Y elements in the 'a' variable's format string is 8kbytes in the format string, but the result would take 16kbytes. Then you have things like %B: the full month name according to the current locale. You cannot really predict the length

Looking for Volunteers for WPKOPS Survey

The Web PKI Ops (wpkops) Working Group is part of the IETF, and has as its goal to describe how the Web PKI actually works in the set of browsers and servers that are in common use today. To that end, the working group is attempting to document current and historic browser and server behavior.

Re: Some redundant code and comment typos in mod_remoteip

equivalant versus equivalent Perhaps this is a difference in British versus American spelling, correct? Anyway, thanks for the commits. Mike Rumph On 12/12/2013 10:12 PM, Christophe JAILLET wrote: Trunk = r1550650 for comments upodate r1550651 for redundant check 2.4.x = r1550652

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, 13 Dec 2013 07:05:13 +0100 Kaspar Brand httpd-dev.2...@velox.ch wrote: On 12.12.2013 20:06, William A. Rowe Jr. wrote: On Thu, 12 Dec 2013 09:28:16 + Plüm, Rüdiger, Vodafone Group ruediger.pl...@vodafone.com wrote: The reason is that you can define SSL parameters in Virtual

Re: Some redundant code and comment typos in mod_remoteip

Not correct, this is just a french man who didn't take time to check in a dictionary... :) I update... Thx CJ Le 13/12/2013 19:57, Mike Rumph a écrit : equivalant versus equivalent Perhaps this is a difference in British versus American spelling, correct? Anyway, thanks for the

Re: Do pools lead to bad programming?

Le 12/12/2013 01:54, Kean Johnston a écrit : I'd love to see these things fixed, because they add up. If you post them here they are likely to be reviewed very quickly, as they'll no doubt be simple to review. Cool. Here's a patch for the case I just mentioned. It also eliminates an un-needed

Re: Do pools lead to bad programming?

Le 12/12/2013 01:15, Graham Leggett a écrit : Obviously allocating too early and then throwing away the results of the allocation is a waste as you've pointed out, and should ideally be smoked out and fixed. I'd love to see these things fixed, because they add up. If you post them here they

[PATCH] Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Mon, 25 Nov 2013 15:55:41 -0600 William A. Rowe Jr. wr...@rowe-clan.net wrote: It appears that our SNI hostname comparison is invalid for forward proxy applications, specifically proxy CONNECT. RFC 2616 states; 14.23 Host The Host request-header field specifies the Internet host

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On Fri, 13 Dec 2013 10:46:43 +0100 Ruediger Pluem rpl...@apache.org wrote: William A. Rowe Jr. wrote: Yes, and? Why would this differ from the historical handling of the Host: header? The HTTP Host header is not the dns name of this hop, It doesn't, but we clearly stated in the docs

Re: mod_remoteip

On 12/11/2013 2:18 PM, William A. Rowe Jr. wrote: On Mon, 09 Dec 2013 11:10:46 -0800 Mike Rumph mike.ru...@oracle.com wrote: As you can see from the bug report, I have been looking into this. It might also be important to consider the related bug 55637: -

Re: mod_remoteip

There is nothing I see in the code that prevents a cycle with internal proxy from following a cycle with external proxy. It's been several years so I was going from memory, but you are right... So if your explanation is the way the code is intended, there may exist some subtle error cases.