Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

;); > } > apr_brigade_destroy(temp); > } > > This would still block in the non ssl case if directmode is not set to off > explicitly. I would propose to change the default behaviour of directmode > here to off as directmode seems to be something very special to

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

2015 10:58 >> To: dev@httpd.apache.org >> Subject: Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is >> loaded >> >> The AP_MODE_INIT triggers the handshake nicely. But the protocol switching >> still happens >> on the first read. currently lo

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

ion"); >> } >> apr_brigade_destroy(temp); >> } >> >> This would still block in the non ssl case if directmode is not set to off >> explicitly. I would propose to change the default behaviour of directmode >> here to off as directmode seems

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

>>> ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, c, >>> - "h2_h2, error reading 24 bytes speculative"); >>> + "h2_h2, Failed to init connection"); >>> } >>> apr_

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Mon, Oct 12, 2015 at 11:13 AM, Rainer Jung wrote: > > Since I started this thread: IMHO this discussion shouldn't stop/influence > 2.4.17. mod_http2 is experimental, so even a change of defaults in early > releases should be OK. And any exotic interop problems are not

RE: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

hat should be explicitly enabled. Regards Rüdiger > -Original Message----- > From: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de] > Sent: Sonntag, 11. Oktober 2015 19:54 > To: dev@httpd.apache.org > Subject: Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is >

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

s", >>>> - (int)slen, s); >>>> -} >>>>} >>>> +else { >>>> + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, c, >>>> +

RE: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

> -Original Message- > From: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de] > Sent: Montag, 12. Oktober 2015 10:58 > To: dev@httpd.apache.org > Subject: Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is > loaded > > The AP_MODE_INIT trigg

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

It is default for some, others do not do it. No browser speaks h2c nowadays. I think reading bytes on a connection which is supposed to allow h2c traffic should be fine. Then one could argue if 24 bytes can always be expected... Since we no longer enabled h2c by default in a server, I expect

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Am 12.10.2015 um 11:09 schrieb Stefan Eissing: I plan to change it to only happen for servers, where h2/h2c is among configured protocols. Am 12.10.2015 um 11:07 schrieb Yann Ylavic : On Sun, Oct 11, 2015 at 7:15 PM, Yann Ylavic wrote: On Sun,

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Mon, Oct 12, 2015 at 11:12 AM, Yann Ylavic wrote: > Is this something used by real world h2 clients? I meant browers :p

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

I plan to change it to only happen for servers, where h2/h2c is among configured protocols. > Am 12.10.2015 um 11:07 schrieb Yann Ylavic : > > On Sun, Oct 11, 2015 at 7:15 PM, Yann Ylavic wrote: >> On Sun, Oct 11, 2015 at 7:11 PM, Stefan Eissing >>

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Sun, Oct 11, 2015 at 7:15 PM, Yann Ylavic wrote: > On Sun, Oct 11, 2015 at 7:11 PM, Stefan Eissing > wrote: >> Don't think so. But loading the module should do no harm, I think. And it >> does now. > > Isn't configuring H2Direct on which

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

That would be better, but still the doc says "This mode falls outside the RFC 7540 but has become widely implemented as it is very convenient for development and testing". Is this something used by real world h2 clients? On Mon, Oct 12, 2015 at 11:09 AM, Stefan Eissing

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On 11 Oct 2015, at 7:00 PM, Stefan Eissing wrote: > Ok, analyzed the code. Here is what seems to be happening: > > - mod_http2, in the connection hook, does a blocking, speculative read to > a) make sure the ALPN has been triggered Looking at the code inside the

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

With r1708107 I committed the following changes to /trunk: mod_ssl: - calling ap_switch_protocol directly after ap_select protocol from inside the SSL ALPN callback. Error in switching will result in a TLS error which seems correct. This makes sure that after the ALPN has been triggered, the

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On 10/12/2015 02:12 AM, Yann Ylavic wrote: That would be better, but still the doc says "[H2Direct] falls outside the RFC 7540 but has become widely implemented as it is very convenient for development and testing". _Does_ it fall outside the RFC? Section 3.4 covers the establishment of

2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

I get a test failure for 2.4.17 in the mod_nntp_like_ssl part. Te failure happens on Solaris. Note that the nntp tests are disabled by default on Linux because of problems with the kernel accept filter, so that many of you wont run this test and thus not observe the problem. The problems is

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Sun, Oct 11, 2015 at 9:32 AM, Rainer Jung wrote: > The problems is that the test hangs after test 1 when waiting for the result > of 2. On Solaris 8 the behavior changes a bit, there test 2 succeeds, but > 3-5 receive an empty result. The difference might be due to

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Am 11.10.2015 um 19:08 schrieb Yann Ylavic: On Sun, Oct 11, 2015 at 7:00 PM, Stefan Eissing wrote: Ok, analyzed the code. Here is what seems to be happening: - mod_http2, in the connection hook, does a blocking, speculative read to a) make sure the ALPN has

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

> Am 11.10.2015 um 19:19 schrieb Rainer Jung : > > Am 11.10.2015 um 19:08 schrieb Yann Ylavic: >> On Sun, Oct 11, 2015 at 7:00 PM, Stefan Eissing >> wrote: >>> Ok, analyzed the code. Here is what seems to be happening: >>> >>> - mod_http2,

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Sun, Oct 11, 2015 at 7:00 PM, Stefan Eissing wrote: > Ok, analyzed the code. Here is what seems to be happening: > > - mod_http2, in the connection hook, does a blocking, speculative read to > a) make sure the ALPN has been triggered > b) check for the magic

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

On Sun, Oct 11, 2015 at 7:11 PM, Stefan Eissing wrote: > Don't think so. But loading the module should do no harm, I think. And it > does now. Isn't configuring H2Direct on which harms?

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Ok, in ssl_engine_io.c, lines 1426+ I see a hint: /* XXX: we could actually move ssl_io_filter_handshake to an * ap_hook_process_connection but would still need to call it for * AP_MODE_INIT for protocols that may upgrade the connection * rather than have SSLEngine On

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Hmm, will look into this. The module does a speculative non_blocking read on the connection. That happens only if H2Direct is "on", which I enabled to allow test when the client does not have ALPN. Then it can detect on the first 24 bytes if the client starts talking h2 right away. Is doing

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Ok, analyzed the code. Here is what seems to be happening: - mod_http2, in the connection hook, does a blocking, speculative read to a) make sure the ALPN has been triggered b) check for the magic 24 bytes h2 preface in case H2Direct is on This works fine for HTTP/1.1 or protocols where the

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

Don't think so. But loading the module should do no harm, I think. And it does now. I am not familiar with the NNTP use case. Is this always an NNTP-only server then? > Am 11.10.2015 um 19:08 schrieb Yann Ylavic : > > On Sun, Oct 11, 2015 at 7:00 PM, Stefan Eissing >

Re: 2.4.17 test failure for mod_nntp_like_ssl when mod_http2 is loaded

What is the penalty of invoking SSL_do_handshake(ssl) on the server side for a new connection? We do this on renegotiate and upgrade cases... > Am 11.10.2015 um 19:23 schrieb Stefan Eissing : > > >> Am 11.10.2015 um 19:19 schrieb Rainer Jung