RE: req_ssl_ver ACL not working

2015-10-10 Thread Lukas Tribus
>> jve.linuxwall.info as SNI value? I suggest to remove the >> SNI if statement while testing the TLS ACL. > > Argh... I can't count the number of times forgetting -servername in > openssl s_client got me looking for a bug. This one included. > > "acl tls12 req.payload(9,2) -m bin 0303" works as ex

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Mildis
Here is a working patch for IPv6 literal with square brackets. Tested with : "2001:db8::1234:5678", "2001:db8::1234:5678:", "2001:db8::1234:5678:80", "2001:db8::1234:5678:80:", "::", ":::", ":::80", "[2001:db8::1234:5678]", "[2001:db8::1234:5678]:", "[2001:db8::1234:5678]:80", "[::]", "[::]:", "[:

Re: req_ssl_ver ACL not working

2015-10-10 Thread Julien Vehent
On 2015-10-10 02:02, Willy Tarreau wrote: On Fri, Oct 09, 2015 at 05:05:12AM -0400, Julien Vehent wrote: On 2015-10-08 18:24, Lukas Tribus wrote: >Are you sure your TLSv1.2 client is actually sending >jve.linuxwall.info as SNI value? I suggest to remove the >SNI if statement while testing the TL

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Willy Tarreau
Hi, On Sat, Oct 10, 2015 at 01:50:46PM +0200, Mildis wrote: > Here is a working patch for IPv6 literal with square brackets. > Tested with : > "2001:db8::1234:5678", > "2001:db8::1234:5678:", > "2001:db8::1234:5678:80", > "2001:db8::1234:5678:80:", > "::", > ":::", > ":::80", > "[2001:db8::1234:56

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Mildis
Aw, man ! My C skills are so rusted :) I’ll look at your comments and correct all this. BTW, a bit off-topic : have you looked at a code-review server like gerrit ? Quite useful for multi-round patchset submission like this one. -- Mildis Le 2015-10-10 15:49, Willy Tarreau a écrit : Hi, On

Re: OPTIM : IPv6 literal address parsing

2015-10-10 Thread Willy Tarreau
On Sat, Oct 10, 2015 at 05:02:08PM +0200, Mildis wrote: > Aw, man ! > My C skills are so rusted :) > > I???ll look at your comments and correct all this. Thanks. > BTW, a bit off-topic : have you looked at a code-review server like > gerrit ? No but quite frankly I don't believe a single minut

Re: Interactive stats socket broken on master

2015-10-10 Thread Andrew Hayworth
Bump - I don't mind maintaining my own HAProxy package, but it seems bad to release a major version with the interactive stats socket broken. Any thoughts on the patch? On Tue, Oct 6, 2015 at 9:29 AM, Jesse Hathaway wrote: > On Fri, Oct 2, 2015 at 10:24 AM, Andrew Hayworth > wrote:> > > Attach

Re: Try request again if response body is empty?

2015-10-10 Thread Shawn Heisey
On 10/10/2015 12:31 AM, Willy Tarreau wrote: > Is the response closed when this happens (eg: server crash) ? If so, > we could add some sample fetches to detect that the request or response > channels are closed in case that could help. This is trivial to do, but > it will only be reliable if the c

Re: Try request again if response body is empty?

2015-10-10 Thread Baptiste
On Sun, Oct 11, 2015 at 5:29 AM, Shawn Heisey wrote: > On 10/10/2015 12:31 AM, Willy Tarreau wrote: >> Is the response closed when this happens (eg: server crash) ? If so, >> we could add some sample fetches to detect that the request or response >> channels are closed in case that could help. Thi