com will close each others
> connections in pool. Why should we pick first connection and close it
> instead of looking for matching one in ap_proxy_get_worker()?
Sorry, not in ap_proxy_get_worker() but in ap_proxy_acquire_connection().
--
Pavel Matěja
Dne Pá 21. února 2014 13:55:56, Yann Ylavic napsal(a):
> On Thu, Feb 20, 2014 at 7:18 PM, Yann Ylavic wrote:
> > On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja wrote:
> >> Currently there are two possible scenarios with SSLCheckProxyPeerName On
> >> and numeric Host/U
"SSLProxyCheckPeerCN canon" option could be handled
> so that admins needing "ProxyPreserveHost on" could still forward the
> client's Host but check the backend's CN against ServerName.
SSLProxyCheckPeerCN has been superseded by SSLProxyCheckPeerName.
Should we add "canon" to both then?
--
Pavel Matěja
Dne 20.2.2014 19:18, Yann Ylavic napsal(a):
On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja wrote:
Hi,
you missed the possibility when client goes to numeric IP (https://1.2.3.4/)
in reverse proxy configuration.
In such case you don't have useable 1.a, 1.b, 2.b nor 2.c. so there should
b
a few more committers to
review the relevant specs and chime in with opinions on productive vs.
disruptive rules that are out-of-spec.
On Wed, Feb 19, 2014 at 2:24 AM, Pavel Matěja wrote:
Dne Út 18. února 2014 10:16:15, Daniel Kahn Gillmor napsal(a):
On 02/18/2014 08:14 AM, Pavel Matěj
ipsubnet_create() returns SUCCESS in the IP address case.
>
> The problem is probably elsewhere.
I'm very sorry, my bad:
AH02411: SSL Proxy: Checking peer certificate for hostname..
We didn't have SSLProxyCheckPeerName On back in non-SNI days.
I have to figure out how to pass request w
Dne Čt 20. února 2014 08:13:13, Eric Covener napsal(a):
> On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja wrote:
> > Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
> >> I believe that Kaspar and Ruediger are still entirely at odds with my
> >> position, bu
ed to..
Any idea how to rework configuration without the downgrade to SSLv3?
--
Pavel Matěja
> On Wed, Feb 19, 2014 at 2:24 AM, Pavel Matěja wrote:
> > Dne Út 18. února 2014 10:16:15, Daniel Kahn Gillmor napsal(a):
> >> On 02/18/2014 08:14 AM, Pavel Matěja wrote:
>
ervers on reverse proxy using two
different fake
hostnames for backend server with same ip to distinguish workers in
ap_proxy_get_worker().
Another workaround I know about is to downgrade proxy - backend connection to
SSLv3 only.
--
Pavel Matěja
e/bin/httpd:ap_process_request+0x1a 0x8105328
/apache/bin/httpd:0x81014c0
/apache/bin/httpd:0x81015c9
/apache/bin/httpd:ap_run_process_connection+0x48 0x80a3ccb
/apache/bin/httpd:ap_process_connection+0x51 0x80a4100
/apache/bin/httpd:0x818d3e9
Anobody seen something similar?
--
Pavel Matěja
Dne Út 17. prosince 2013 18:35:50, Kaspar Brand napsal(a):
> On 26.11.2013 06:31, Kaspar Brand wrote:
> > As far as PR 55782 is concerned, the problem might be that
> > proxy_util.c:ap_proxy_determine_connection() does not take Host: header
> > differences into account when checking if an existing
11 matches
Mail list logo