Re: [RFC PATCH] BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

On Mon, Jul 01, 2019 at 10:55:41PM +0200, Lukas Tribus wrote: > Hello Willy, > > On Mon, 1 Jul 2019 at 22:34, Willy Tarreau wrote: > > > > On Mon, Jul 01, 2019 at 10:32:29PM +0200, Lukas Tribus wrote: > > > Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including") > > > changed empty ha

Re: The case for changing the documentation syntax

Hello Nick, On Mon, 1 Jul 2019 at 17:02, Nick Ramirez wrote: > > Hello all, > > I'd like to propose something radical, but that will greatly help us in terms > of documentation. (And documentation is very important when it comes to > people choosing whether to use a piece of software, as I am

Re: [RFC PATCH] BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

вт, 2 июл. 2019 г. в 01:34, Willy Tarreau : > On Mon, Jul 01, 2019 at 10:32:29PM +0200, Lukas Tribus wrote: > > Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including") > > changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL, > > from accessing packet_length directly (not

Re: [RFC PATCH] BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

Hello Willy, On Mon, 1 Jul 2019 at 22:34, Willy Tarreau wrote: > > On Mon, Jul 01, 2019 at 10:32:29PM +0200, Lukas Tribus wrote: > > Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including") > > changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL, > > from accessing packe

Re: Re[2]: The case for changing the documentation syntax

Adding my 2 cents here: I write documentation a lot and would like to mention the Asciidoc format, and more specifically asciidoctor ( https://asciidoctor.org/). Asciidoc is a _very_ powerful syntax yet extremely simple to use. Here's a link to their cheat sheet to give you a quick idea of the syn

[RFC PATCH] BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including") changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL, from accessing packet_length directly (not available in LibreSSL) to calling SSL_state() instead. However, SSL_state() appears to be fully broken in both OpenSSL

Re: [RFC PATCH] BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

On Mon, Jul 01, 2019 at 10:32:29PM +0200, Lukas Tribus wrote: > Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including") > changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL, > from accessing packet_length directly (not available in LibreSSL) to > calling SSL_state() inst

Re: [PR] BUILD: extend travis-ci matrix

wow. I am surprised how proxy protocl might be used. can we add reg test on that ? вт, 2 июл. 2019 г. в 01:31, Lukas Tribus : > Hello Ilya, hello Willy, > > > On Thu, 27 Jun 2019 at 14:04, Lukas Tribus wrote: > > > > Hello, > > > > On Thu, 27 Jun 2019 at 13:19, Willy Tarreau wrote: > > > > > >

Re: [PR] BUILD: extend travis-ci matrix

Hello Ilya, hello Willy, On Thu, 27 Jun 2019 at 14:04, Lukas Tribus wrote: > > Hello, > > On Thu, 27 Jun 2019 at 13:19, Willy Tarreau wrote: > > > > Hi guys, > > > > On Thu, Jun 27, 2019 at 03:55:54PM +0500, ??? wrote: > > > you are right, commit messages is not my best. > > > sorry ab

Re: Please help for a solution like secure_link

Tim, Mon Jul 01 21:36:11 GMT+02:00 2019 Tim Düsterhus : > Aleks, > > Am 01.07.19 um 21:27 schrieb Aleksandar Lazic: > > Maybe it's also possible with spoe ? > > I never worked with SPOE before, but I believe it might be possible. > SPOE is painful and fragile with HAProxy 1.8, though, bec

Re: Please help for a solution like secure_link

Aleks, Am 01.07.19 um 21:27 schrieb Aleksandar Lazic: > Maybe it's also possible with spoe ? I never worked with SPOE before, but I believe it might be possible. SPOE is painful and fragile with HAProxy 1.8, though, because you have to spawn the SPOA manually. Also using SPOE is pretty heavy, bec

Re: Please help for a solution like secure_link

Thanks. Maybe it's also possible with spoe ? Lua requires a rebuild of haproxy , which I want to avoid. Mon Jul 01 21:18:42 GMT+02:00 2019 Tim Düsterhus : > Aleks, > > Am 01.07.19 um 21:16 schrieb Aleksandar Lazic: > > > > The concat isn't available in 1.8 any substitution? > > Ugh, yeah. Bot

Re: Please help for a solution like secure_link

Aleks, Am 01.07.19 um 21:16 schrieb Aleksandar Lazic: > > The concat isn't available in 1.8 any substitution? Ugh, yeah. Both concat and strcmp are 1.9+. I must've missed that requirement. You can use Lua to add yourself a concat and strcmp converter. Or you do everything in Lua if you need Lua

Re: Please help for a solution like secure_link

The concat isn't available in 1.8 any substitution? Mon Jul 01 17:56:56 GMT+02:00 2019 Aleksandar Lazic : > Hi Tim. > > Am 01.07.2019 um 17:48 schrieb Tim Düsterhus: > > Aleks, > > > > Am 01.07.19 um 16:16 schrieb Aleksandar Lazic: > >> My Idea is to use something like this in haproxy but I'm n

Re[2]: The case for changing the documentation syntax

Yes, either reStructuredText or Markdown would be okay. They both have a very intuitive syntax, so newcomers would pick it up and become productive with it quickly. It is quite easy to learn either one. -- Original Message -- From: "Aleksandar Lazic" To: "Nick Ramirez" ; "haproxy@for

Re: Invalid blank line in master socket output when run in non-admin level

That's great to hear, thanks very much for the fast turnaround! On Mon, Jul 1, 2019 at 6:56 AM William Lallemand wrote: > > On Mon, Jul 01, 2019 at 11:16:21AM +0200, William Lallemand wrote: > > Hi Daniel, > > > > On Sat, Jun 29, 2019 at 03:16:06PM +0200, William Lallemand wrote: > > > > > > I'l

Re: The case for changing the documentation syntax

Hi Nick. Am 01.07.2019 um 17:01 schrieb Nick Ramirez: > Hello all, > > I'd like to propose something radical, but that will greatly help us in terms > of > documentation. (And documentation is very important when it comes to people > choosing whether to use a piece of software, as I am sure you

Re: Please help for a solution like secure_link

Hi Tim. Am 01.07.2019 um 17:48 schrieb Tim Düsterhus: > Aleks, > > Am 01.07.19 um 16:16 schrieb Aleksandar Lazic: >> My Idea is to use something like this in haproxy but I'm not sure if haproxy >> only or haproxy+lua is the way to go? > > If you are fine with sha1 then it's theoretically possibl

Re: Please help for a solution like secure_link

Aleks, Am 01.07.19 um 16:16 schrieb Aleksandar Lazic: > My Idea is to use something like this in haproxy but I'm not sure if haproxy > only or haproxy+lua is the way to go? If you are fine with sha1 then it's theoretically possible with HAProxy only: > http-request set-var(txn.sha1) url_pa

The case for changing the documentation syntax

Hello all, I'd like to propose something radical, but that will greatly help us in terms of documentation. (And documentation is very important when it comes to people choosing whether to use a piece of software, as I am sure you agree!) First, the problem: Our documentation at https://gith

Please help for a solution like secure_link

Hi. I try to implement with haproxy 1.8 the following solution. https://aws.amazon.com/fr/blogs/networking-and-content-delivery/serving-private-content-using-amazon-cloudfront-aws-lambdaedge/ https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/ https://nginx.org/en/docs/http/n

Re: Invalid blank line in master socket output when run in non-admin level

On Mon, Jul 01, 2019 at 11:16:21AM +0200, William Lallemand wrote: > Hi Daniel, > > On Sat, Jun 29, 2019 at 03:16:06PM +0200, William Lallemand wrote: > > > > I'll take a look at the code on monday to see if it's easily fixable. > > > > The attached patch should fix your problem. > > Regards

Re: 1.9 external health checks fail suddenly

On 2019-07-01 10:11, Veiko Kukk wrote: Hi Sometimes (infrequently) all external checks hang and time out: * Has happened with versions 1.9.4 and 1.9.8 on multiple servers with nbproc 1 and nbthread set to (4-12) depending on server. * Happens infrequently, last one happened after 10 days of upti

Re: 1.9 external health checks fail suddenly

Hello, On Mon, 1 Jul 2019 at 12:14, Lukas Tribus wrote: > > Hello Veiko, > > > On Mon, 1 Jul 2019 at 12:12, Veiko Kukk wrote: > > > > Hi > > > > Sometimes (infrequently) all external checks hang and time out: > > * Has happened with versions 1.9.4 and 1.9.8 on multiple servers with > > nbproc 1

Re: 1.9 external health checks fail suddenly

Hello Veiko, On Mon, 1 Jul 2019 at 12:12, Veiko Kukk wrote: > > Hi > > Sometimes (infrequently) all external checks hang and time out: > * Has happened with versions 1.9.4 and 1.9.8 on multiple servers with > nbproc 1 and nbthread set to (4-12) depending on server. > * Happens infrequently, last

1.9 external health checks fail suddenly

Hi Sometimes (infrequently) all external checks hang and time out: * Has happened with versions 1.9.4 and 1.9.8 on multiple servers with nbproc 1 and nbthread set to (4-12) depending on server. * Happens infrequently, last one happened after 10 days of uptime. * External checks are written in p

Re: Invalid blank line in master socket output when run in non-admin level

Hi Daniel, On Sat, Jun 29, 2019 at 03:16:06PM +0200, William Lallemand wrote: > > I'll take a look at the code on monday to see if it's easily fixable. > The attached patch should fix your problem. Regards, -- William Lallemand >From 3dffa809d35e6380a958d657e10b9c1885836070 Mon Sep 17 00:00:

Re: [BUG] memory leak with treads and stick-table/peers

Hi, no more leak after "BUG/MINOR: memory: Set objects size for pools in the per-thread cache" ++ Manu > Le 5 juin 2019 à 16:13, Emmanuel Hocdet a écrit : > > >> Le 5 juin 2019 à 16:07, Emmanuel Hocdet > > a écrit : >> >> Hi Frederic >> >>> Le 5 juin 2019 à 15:44,