Re: crashes with 2.0.14

2020-06-09 Thread Sander Hoentjen
. 2020 г. в 15:13, Sander Hoentjen <mailto:san...@hoentjen.eu>>: Is there anybody with a clue? If I need to supply more info I can do so, of course. Kind regards, Sander On 6/2/20 4:12 PM, Sander Hoentjen wrote: > Hi list, > > Some time ago

Re: crashes with 2.0.14

2020-06-09 Thread Sander Hoentjen
Is there anybody with a clue? If I need to supply more info I can do so, of course. Kind regards, Sander On 6/2/20 4:12 PM, Sander Hoentjen wrote: Hi list, Some time ago (around april 21st) we were using 1.8.13 and we switched from nbthread = 1 to nbthread = 4 This seemed stable for us

Re: kernel panics after updating to 2.0

2019-12-06 Thread Sander Hoentjen
On 12/6/19 10:20 AM, Pavlos Parissis wrote: On Παρασκευή, 6 Δεκεμβρίου 2019 9:23:24 Π.Μ. CET Sander Hoentjen wrote: Hi list, After updating from 1.8.13 to 2.0.5 (also with 2.0.10) we are seeing kernel panics on our production servers. I haven't been able to trigger them on a test server

kernel panics after updating to 2.0

2019-12-06 Thread Sander Hoentjen
an idea what might be going on here? Kind regards, Sander Hoentjen Dec 2 21:17:08 hostname [2409002.997008] NMI watchdog: Watchdog detected hard LOCKUP on cpu 12 Dec 2 21:17:08 hostname Dec 2 21:17:08 hostname [2409002.999146] Kernel panic - not syncing: Hard LOCKUP Dec 2 21:17:08 hostname

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-05-24 Thread Sander Hoentjen
On 05/23/2018 09:48 PM, Lukas Tribus wrote: > Hello, > > > On 23 May 2018 at 18:29, Emeric Brun wrote: >> This issue was due to openssl-1.1.1 which re-seed after an elapsed time or >> number of request. >> >> If /dev/urandom is used as seeding source when haproxy is chrooted

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-05-23 Thread Sander Hoentjen
On 05/22/2018 04:31 PM, Sander Hoentjen wrote: > On 05/22/2018 04:19 PM, Emeric Brun wrote: >> Hi Sander, >> >> On 05/22/2018 02:04 PM, Sander Hoentjen wrote: >>> On 05/22/2018 12:04 PM, Lukas Tribus wrote: >>>> Hello, >>>> >>>> O

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-05-22 Thread Sander Hoentjen
On 05/22/2018 04:19 PM, Emeric Brun wrote: > Hi Sander, > > On 05/22/2018 02:04 PM, Sander Hoentjen wrote: >> On 05/22/2018 12:04 PM, Lukas Tribus wrote: >>> Hello, >>> >>> On 22 May 2018 at 11:48, Sander Hoentjen <san...@hoentjen.eu> wrote: >>

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-05-22 Thread Sander Hoentjen
On 05/22/2018 12:04 PM, Lukas Tribus wrote: > Hello, > > On 22 May 2018 at 11:48, Sander Hoentjen <san...@hoentjen.eu> wrote: >> I did, but I still experience the same issues. What is your exact >> haproxy version you tested with? Mine is 1.8.8 >> Built with Ope

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-05-22 Thread Sander Hoentjen
On 05/19/2018 04:55 PM, Lukas Tribus wrote: > Hello, > > > On 19 April 2018 at 11:09, Sander Hoentjen <san...@hoentjen.eu> wrote: >> I just tried 1.1.1-pre5, and I still have the same issue. > I'm running 1.1.1-pre6 now with good results. You may want to check t

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-04-19 Thread Sander Hoentjen
Hi Lucas, On 04/17/2018 04:27 PM, Lukas Tribus wrote: > Hello Sander, > > > On 16 April 2018 at 10:55, Sander Hoentjen <san...@hoentjen.eu> wrote: >> Reading my email again it looks like somehow I messed up part of it, >> retrying: >> >> Hi all, >>

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-04-16 Thread Sander Hoentjen
10:27 AM, Sander Hoentjen wrote: > Hi all, > > I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after 1 hour > running haproxy stops accepting new SSL connections. When I restart it > works again for almost(?) exactly 1 hour, then stops. > Any idea what might be causin

Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

2018-04-13 Thread Sander Hoentjen
] trace     [COMP] compression     [SPOE] spoe Regards, Sander Hoentjen

Re: [PATCH] MINOR: ssl: ocsp response with 'revoked' status is correct

2017-10-23 Thread Sander Hoentjen
et0_status() returns the status of single or -1 if an error occurred." With this change, the -1 case is not handled correctly anymore it seems? I am not sure if it will ever happen, but I have attached a patch for it. Regards, Sander >From 3ed07896ac1f5730dc34900988ae255c7462f8ff Mon Sep 17

Re: Certificate order

2017-04-21 Thread Sander Hoentjen
On 04/21/2017 07:27 AM, Willy Tarreau wrote: > On Thu, Apr 20, 2017 at 11:33:17PM +0200, Lukas Tribus wrote: >> Hello, >> >> >> Am 20.04.2017 um 15:05 schrieb Sander Hoentjen: >>> A new patch, that puts the order like this: >>> config: >>>

Re: Certificate order

2017-04-20 Thread Sander Hoentjen
Now with patch attached, thanks Fred :) On 04/20/2017 03:05 PM, Sander Hoentjen wrote: > A new patch, that puts the order like this: > config: > crt A crt B > > if A contains wildcard, but not exact match, then wildcard is used. > if A contains exact match, exact match is used.

Re: Certificate order

2017-04-20 Thread Sander Hoentjen
, and B contains exact match, then wildcard is used. This last one is different behavior from what is implemented now. On 04/18/2017 12:09 PM, Sander Hoentjen wrote: > > On 04/18/2017 11:52 AM, Willy Tarreau wrote: >> Hi Daniel, >> >> On Tue, Apr 18, 2017 at 11:25:43AM +0200

Re: Certificate order

2017-04-18 Thread Sander Hoentjen
On 04/18/2017 11:52 AM, Willy Tarreau wrote: > Hi Daniel, > > On Tue, Apr 18, 2017 at 11:25:43AM +0200, Daniel Schneller wrote: >> Hi! >> >> Not being very familiar with the code, so I thought I'd ask before something >> changes unexpectedly :) >> I asked about certificate ordering a while ago,

Re: Certificate order

2017-04-18 Thread Sander Hoentjen
<http://www.centerdevice.de> > > Geschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina, > Michael Rosbach, Handelsregister-Nr.: HRB 18655, > HR-Gericht: Bonn, USt-IdNr.: DE-815299431 > > >> On 10. Apr. 2017, at 20:02, Sander Hoentjen <san...@hoentjen.eu >> <m

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
This is a corrected patch against 1.7.5. On 04/10/2017 05:00 PM, Sander Hoentjen wrote: > No scratch that, this is wrong. > > On 04/10/2017 04:57 PM, Sander Hoentjen wrote: >> The attached patch against haproxy 1.7.5 honours crt order also for >> wildcards. >> >&g

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
No scratch that, this is wrong. On 04/10/2017 04:57 PM, Sander Hoentjen wrote: > The attached patch against haproxy 1.7.5 honours crt order also for > wildcards. > > On 04/07/2017 03:42 PM, Sander Hoentjen wrote: >> Hi Sander, >> >> On 04/06/2017 02:06 PM, San

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
The attached patch against haproxy 1.7.5 honours crt order also for wildcards. On 04/07/2017 03:42 PM, Sander Hoentjen wrote: > Hi Sander, > > On 04/06/2017 02:06 PM, Sander Klein wrote: >> Hi Sander, >> >> On 2017-04-06 10:45, Sander Hoentjen wrote: >>> Hi gu

Re: Certificate order

2017-04-07 Thread Sander Hoentjen
Hi Sander, On 04/06/2017 02:06 PM, Sander Klein wrote: > Hi Sander, > > On 2017-04-06 10:45, Sander Hoentjen wrote: >> Hi guys, >> >> We have a setup where we sometimes have multiple certificates for a >> domain. We use multiple directories for that and wou

Certificate order

2017-04-06 Thread Sander Hoentjen
Hi guys, We have a setup where we sometimes have multiple certificates for a domain. We use multiple directories for that and would like the following behavior: - Look in dir A for any match, use it if found - Look in dir B for any match, use it if found - Look in dir .. etc This works great,