[PATCH 0/1] enabling ssl keylog for LibreSSL 3.5.0

found during QUIC Interop for LibreSSL Ilya Shipitsin (1): BUILD: SSL: enable TLS key material logging if built with LibreSSL>=3.5.0 include/haproxy/openssl-compat.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.40.1

[PATCH 1/1] BUILD: SSL: enable TLS key material logging if built with LibreSSL>=3.5.0

LibreSSL implements TLS key material since 3.5.0, let's enable it --- include/haproxy/openssl-compat.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 7fb153810..ed162031c 100644 --- a/include/haproxy/o

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

On Tue, May 23, 2023 at 04:57:05PM +0200, Willy Tarreau wrote: > Hi Ilya, > > On Sun, May 21, 2023 at 12:57:21PM +0200, ??? wrote: > > Hello, > > > > that exclude was only needed for pre-3.6.0 LibreSSL, while support was > > added in > > 3.6.0, so every released LibreSSL supports that, n

Fwd: couple of questions on QUIC Interop

Forgot to reply to all! Forwarded Message Subject: Re: [EXTERNAL] couple of questions on QUIC Interop Date: Tue, 23 May 2023 17:12:26 +0200 From: Frederic Lecaille To: Илья Шипицин On 5/22/23 12:00, Илья Шипицин wrote: > Hello, Hello, > I played with QUIC Interop suite (for

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

also, there'll be a patch for unlocking haproxy/openssl-compat.h at master · haproxy/haproxy · GitHub for LibreSSL soon (it was too boring to run QUIC Interop without keylog) вт, 23 мая 2023 г. в 17:06, Илья Шип

Re: [PATCH] DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt

On Mon, May 22, 2023 at 01:11:13PM -0500, Mariam John wrote: > From: Mariam John > > Fix a minor typo in the description of the `ssl_bc` sample fetch method > described under > Section `7.3.4. Fetching samples at Layer 5` in configuration.txt. Changed > `other` to `to`. Good catch, now applied

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

oops. btw, not enabling chacha20_poly1305 leads to LibreSSL api usage incostistance QUIC regression on LibreSSL-3.7.2 (HAProxy) · Issue #860 · libressl/portable (github.com) it is claimed that OpenSSL does not check for null deref as well, so Libr

Re: [PATCH] re-enable EVP_chacha20_poly1305() for LibreSSL

Hi Ilya, On Sun, May 21, 2023 at 12:57:21PM +0200, ??? wrote: > Hello, > > that exclude was only needed for pre-3.6.0 LibreSSL, while support was > added in > 3.6.0, so every released LibreSSL supports that, no need to keep "ifdef" While I'm probably not the one who will be the best to

Re: Drain L4 host that fronts a L7 cluster

Hi Abhijeet, On Mon, May 22, 2023 at 12:30:52PM -0700, Abhijeet Rastogi wrote: > Hi Willy, > > Thank you for the response. It's great to know that this might be > considered as a feature request in future versions, pending > prioritization though. > > Could you comment on why this isn't already

Re: maint, drain: the right approach

On Tue, May 23, 2023 at 11:21:28AM +0200, Thomas Pedoussaut wrote: > > On 23/05/2023 11:14, Matteo Piva wrote: > > Seems that it's considered an expected behavior to consider > > optimistically the server as UP > > when leaving MAINT mode, even if the L4 health checks are not completed yet. To be

Re: maint, drain: the right approach

On 23/05/2023 11:14, Matteo Piva wrote: Seems that it's considered an expected behavior to consider optimistically the server as UP when leaving MAINT mode, even if the L4 health checks are not completed yet. I consider that a quite annoying feature, but maybe I'm approaching at this in a wr

Re: maint, drain: the right approach

> Hi Matteo, Hi Aurelien, thanks for your reply on my issue > > Once the activity on the underlying service has been completed and they > > are starting up, I switch back from MAINT to READY (without waiting the > > service to be really up). > > The haproxy backend got immediately back in

Re: maint, drain: the right approach

Hi Matteo, > Once the activity on the underlying service has been completed and they > are starting up, I switch back from MAINT to READY (without waiting the > service to be really up). > The haproxy backend got immediately back in the roundrobin pool, even if > the L4 and L7 checks are still val

Re: maint, drain: the right approach

Hi all, still trying to figure out the right way to to this. Any suggestions to share with me? Thanks, Matteo - Messaggio originale - Da: "Matteo Piva" A: "HAProxy" Inviato: Giovedì, 11 maggio 2023 11:04:11 Oggetto: maint, drain: the right approach Hi, I'm trying to get