On Wed, Jan 11, 2017 at 10:47:18PM +, Lukas Tribus wrote:
> The output of whether prefer-server-ciphers is supported by OpenSSL
> actually always show yes in 1.8, because SSL_OP_CIPHER_SERVER_PREFERENCE
> is redefined before the actual check in src/ssl_sock.c, since it was
> moved from here
The output of whether prefer-server-ciphers is supported by OpenSSL
actually always show yes in 1.8, because SSL_OP_CIPHER_SERVER_PREFERENCE
is redefined before the actual check in src/ssl_sock.c, since it was
moved from here from src/haproxy.c.
Since this is not really relevant anymore as we
Hi.
Am 11-01-2017 18:40, schrieb Lukas Tribus:
Hello,
Am 11.01.2017 um 18:40 schrieb Aleksandar Lazic:
Just for my curiosity, why someone want no compression?
There are a number of reasons to compile with a smaller number of
dependencies:
- smaller builds for embedded systems
- faster
On Wed, Jan 11, 2017 at 07:39:55PM +0400, Ryabin Sergey wrote:
> Sometimes errno != 0 before calling strtol(3)
>
>
> diff --git a/src/server.c b/src/server.c
> index 2f539c99..28340ddb 100644
> --- a/src/server.c
> +++ b/src/server.c
> @@ -2815,6 +2815,7 @@ const char
Hi Willy,
Thanks for your quick reply and explanation.
Cheers,
Brian
On Wed, Jan 11, 2017 at 3:11 AM Willy Tarreau wrote:
> Hi Brian,
>
> On Wed, Jan 11, 2017 at 02:08:39AM +, Brian Glogower wrote:
> > Hi all,
> >
> > I noticed that after upgrading to haproxy v1.7.1, haproxy
On Wed, Jan 11, 2017 at 08:53:18PM +0200, Ciprian Dorin Craciun wrote:
> On Wed, Jan 11, 2017 at 8:27 PM, Lukas Tribus wrote:
> > But if we do remove those conditions, I guess we break a number of "old
> > assumptions"
> > and we will hit new code paths, so there is a potential for
On Wed, Jan 11, 2017 at 07:27:08PM +0100, Lukas Tribus wrote:
> Hello,
>
>
> Am 11.01.2017 um 14:44 schrieb Willy Tarreau:
> > On Wed, Jan 11, 2017 at 01:41:27PM +0200, Ciprian Dorin Craciun wrote:
> > > Unfortunately a lot of these sites have hard-coded resources with the
> > > `www`
On Wed, Jan 11, 2017 at 8:27 PM, Lukas Tribus wrote:
> But if we do remove those conditions, I guess we break a number of "old
> assumptions"
> and we will hit new code paths, so there is a potential for bugs :)
[I can't speak with much confidence as this is the first time I see
On Wed, Jan 11, 2017 at 04:08:03PM +, Lukas Tribus wrote:
> > Ah crap, and I was particularly careful about it when I did it :-(
>
> There is more from this conversation:
>
> The prefer-server-ciphers output relies on the macro
> SSL_OP_CIPHER_SERVER_PREFERENCE, however it is (now) redefined
Hello,
Am 11.01.2017 um 18:40 schrieb Aleksandar Lazic:
Just for my curiosity, why someone want no compression?
There are a number of reasons to compile with a smaller number of
dependencies:
- smaller builds for embedded systems
- faster compilation for development
- lack of trust in
Hello,
Am 11.01.2017 um 14:44 schrieb Willy Tarreau:
On Wed, Jan 11, 2017 at 01:41:27PM +0200, Ciprian Dorin Craciun wrote:
Unfortunately a lot of these sites have hard-coded resources with the
`www` alternative domain and HTTP-only. Therefore at least until we
rewrite those (which given
Hi.
Am 11-01-2017 14:24, schrieb Lukas Tribus:
When haproxy is compiled without zlib or slz, the output of
haproxy -vv shows (null).
Just for my curiosity, why someone want no compression?
BR Aleks
> Ah crap, and I was particularly careful about it when I did it :-(
There is more from this conversation:
The prefer-server-ciphers output relies on the macro
SSL_OP_CIPHER_SERVER_PREFERENCE, however it is (now) redefined
before checking its presence in src/ssl_sock.c.
We may just remove this
Sometimes errno != 0 before calling strtol(3)
diff --git a/src/server.c b/src/server.c
index 2f539c99..28340ddb 100644
--- a/src/server.c
+++ b/src/server.c
@@ -2815,6 +2815,7 @@ const char *update_server_addr_port(struct
server *s, const char *addr, const ch
/* check if PORT
On Wed, Jan 11, 2017 at 02:24:35PM +, Lukas Tribus wrote:
> When haproxy is compiled without zlib or slz, the output of
> haproxy -vv shows (null).
>
> Make haproxy -vv output great again by providing the proper
> information (which is what we did before).
>
> This is for 1.8 only.
Ah crap,
When haproxy is compiled without zlib or slz, the output of
haproxy -vv shows (null).
Make haproxy -vv output great again by providing the proper
information (which is what we did before).
This is for 1.8 only.
---
src/compression.c | 2 ++
1 file changed, 2 insertions(+)
diff --git
On Wed, Jan 11, 2017 at 01:41:27PM +0200, Ciprian Dorin Craciun wrote:
> Unfortunately a lot of these sites have hard-coded resources with the
> `www` alternative domain and HTTP-only. Therefore at least until we
> rewrite those (which given their low-value might be delayed forever),
> we'll end
On Wed, Jan 11, 2017 at 1:07 PM, Willy Tarreau wrote:
> This one is obsolete, the format of the Location header field is
> described here :
>
>https://tools.ietf.org/html/rfc7231#page-68
>
> and it uses this format :
>
>https://tools.ietf.org/html/rfc3986#section-4.2
>
> As
On Wed, Jan 11, 2017 at 1:02 PM, Willy Tarreau wrote:
> Yes that's indeed the place. The reason for this behaviour is that
> (normally) when the client gets a redirect to another host or scheme,
> it will no longer use the current connection and will have to close
> it. The typical
> -block { if | unless } (deprecated)
> +block [deny_status ] { if | unless } (deprecated)
I'd rather not add details suggesting how to do side-effect things to
a deprecated keyword. It supports it only because it's being emulated
using "http-request deny", so better not encourage its use
applied, thanks.
On Wed, Dec 28, 2016 at 10:49:01AM +0200, Jarno Huuskonen wrote:
> ---
> src/proto_http.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/proto_http.c b/src/proto_http.c
> index aa8d997..d804e60 100644
> --- a/src/proto_http.c
> +++ b/src/proto_http.c
> @@ -343,7
Hi Jarno,
On Mon, Jan 09, 2017 at 02:38:32PM +0200, Jarno Huuskonen wrote:
> Hello,
>
> Haproxy uses 500 "Server Error" for error/status code 500.
> AFAIK RFC 2616/7231 and most? other servers use 500 "Internal Server Error".
>
> Is there a reason for using "Server Error" and not "Internal
On Mon, Jan 09, 2017 at 08:47:17PM +, Robin H. Johnson wrote:
> Maybe Willy would considering changing the name of the matches to 'prefix'
> & 'suffix' instead of 'beg' & 'end', and just keep beg/end as legacy.
It's convenient to keep short names there as they're commonly used in
anonymous
Hi Brian,
On Wed, Jan 11, 2017 at 02:08:39AM +, Brian Glogower wrote:
> Hi all,
>
> I noticed that after upgrading to haproxy v1.7.1, haproxy returning 400s
> for certain requests that include the HTTP Authorization header. The
> following is the output from 'show errors'. I am not seeing
On Wed, Jan 11, 2017 at 12:05:43AM +0200, Ciprian Dorin Craciun wrote:
> On Tue, Jan 10, 2017 at 11:00 PM, Bryan Talbot
> wrote:
> > Whatever the reason for forcing the connection closed -- it only closes
> > when the scheme changes. Redirecting to a different host or
Hi Ciprian,
On Wed, Jan 11, 2017 at 12:58:57AM +0200, Ciprian Dorin Craciun wrote:
> On Tue, Jan 10, 2017 at 9:36 AM, Cyril Bonté wrote:
> > This is because haproxy behaves differently depending on the the Location
> > URL :
> > - beginning with /, it will allow HTTP
Merged in 1.8, thanks Manu. It looks valid even for previous versions
by the way though not having it there doesn't seem to cause any impact.
Thus I'll let it cook there and if someone finds a valid reason for
backporting it we'll do it later.
Thanks,
Willy
merged, thanks Manu.
Willy
29 matches
Mail list logo