httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: 2.4.18 backporting
Date Tue, 17 Nov 2015 15:43:17 GMT
OK, the problem on OS X is that the default openssl is 0.98 which does not do SNI.

I try to detect this in lines 14-17 by:
my $alpn_available = exists &Net::SSLeay::CTX_set_alpn_protos;
if ($alpn_available) {
    $total_tests += $vhost_suite;
}

and change the test case expectations accordingly. That seems to fail on your system. The
test case thinks ALPN+SNI are available and wants to see "localhost" in the response, but
it is not used.

Unnecessary to say that the detection (and therefore the tests) work on my OS X installation
- also before 10.11.

Hmmm....are there SNI test cases for mod_ssl where I could see how it detects it?


> Am 17.11.2015 um 16:30 schrieb Jim Jagielski <jim@jaguNET.com>:
> 
> Still:
> 
> t/modules/http2.t .. 26/51
> # Failed test 34 in t/modules/http2.t at line 242 fail #4
> # testing : content comparision
> # expected: '<html><body>
> # <h2>Hello World!</h2>
> # TLS_SNI="localhost"
> # </body></html>
> # '
> # received: '<html><body>
> # <h2>Hello World!</h2>
> # TLS_SNI=""
> # </body></html>
> # '
> not ok 34
> 
> # Failed test 50 in t/modules/http2.t at line 194 fail #6
> test case: VHOST001, expect 404 or 421 (using Host:): GET https://localhost:8544/misdirected
> # testing : GET https://localhost:8544/misdirected
> # expected: 421
> # received: '404'
> not ok 50
> 
> # Failed test 51 in t/modules/http2.t at line 194 fail #7
> test case: VHOST002, expect 404 or 421 (using :authority): GET https://localhost:8544/misdirected
> # Failed test 50 in t/modules/http2.t at line 194 fail #6
> # testing : GET https://localhost:8544/misdirected
> # expected: 421
> # received: '404'
> not ok 51
> 
> t/modules/http2.t .. Failed 3/51 subtests
> 
> 
>> On Nov 17, 2015, at 10:17 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>> 
>> OK, the change is from October 19th by me. I changed the test suite to have
>> the test run in deterministic order. $r is a references to an array of tests
>> and, depending on module availability, I push more elements to $r.
>> 
>> I just changed it to push @$r, { ... }
>> 
>> Please give it a try.
>> 
>>> Am 17.11.2015 um 16:06 schrieb Jim Jagielski <jim@jaguNET.com>:
>>> 
>>> I am still 10.10 but w/ Xcode 7.1.1
>>> 
>>> 
>>> <jimsys:stable/httpd-test/framework> % perl -V
>>> Summary of my perl5 (revision 5 version 20 subversion 2) configuration:
>>> 
>>> Platform:
>>>  osname=darwin, osvers=14.4.0, archname=darwin-thread-multi-2level
>>>  uname='darwin jimsys.local 14.4.0 darwin kernel version 14.4.0: thu may 28 11:35:04
pdt 2015; root:xnu-2782.30.5~1release_x86_64 x86_64 '
>>>  config_args='-des -Duseithreads -Dusemultiplicity=y -Duseshrplib -Dprefix=/usr/local2
-Dvendorprefix=/usr/local2'
>>>  hint=recommended, useposix=true, d_sigaction=define
>>>  useithreads=define, usemultiplicity=define
>>>  use64bitint=define, use64bitall=define, uselongdouble=undef
>>>  usemymalloc=n, bincompat5005=undef
>>> Compiler:
>>>  cc='cc', ccflags ='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include -I/opt/local/include',
>>>  optimize='-O3',
>>>  cppflags='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include -I/opt/local/include'
>>>  ccversion='', gccversion='4.2.1 Compatible Apple LLVM 6.1.0 (clang-602.0.53)',
gccosandvers=''
>>>  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
>>>  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
>>>  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
>>>  alignbytes=8, prototype=define
>>> Linker and Libraries:
>>>  ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector -L/usr/local/lib
-L/opt/local/lib'
>>>  libpth=/usr/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib
/opt/local/lib
>>>  libs=-lgdbm -ldbm -ldl -lm -lutil -lc
>>>  perllibs=-ldl -lm -lutil -lc
>>>  libc=, so=dylib, useshrplib=true, libperl=libperl.dylib
>>>  gnulibc_version=''
>>> Dynamic Linking:
>>>  dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
>>>  cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/usr/local/lib
-L/opt/local/lib -fstack-protector'
>>> 
>>>> On Nov 17, 2015, at 9:59 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>> 
>>>> Hmm, what perl version is that? Works on my OS X (El 10.11) with perl -v:
>>>> 
>>>> This is perl 5, version 18, subversion 2 (v5.18.2) built for darwin-thread-multi-2level
>>>> (with 2 registered patches, see perl -V for more detail)
>>>> 
>>>> //Stefan
>>>> 
>>>>> Am 17.11.2015 um 15:44 schrieb Jim Jagielski <jim@jaguNET.com>:
>>>>> 
>>>>> Doing a quick tst I get:
>>>>> 
>>>>> t/modules/http2.t .. push on reference is experimental at t/modules/http2.t
line 319.
>>>>> Dubious, test returned 255 (wstat 65280, 0xff00)
>>>>> No subtests run
>>>>> 
>>>>> Test Summary Report
>>>>> -------------------
>>>>> t/modules/http2.t (Wstat: 65280 Tests: 0 Failed: 0)
>>>>> Non-zero exit status: 255
>>>>> Parse errors: No plan found in TAP output
>>>>> Files=1, Tests=0,  1 wallclock secs ( 0.02 usr  0.01 sys +  0.31 cusr
 0.06 csys =  0.40 CPU)
>>>>> Result: FAIL
>>>>> Failed 1/1 test programs. 0/0 subtests failed.
>>>>> 
>>>>> This is on OSX
>>>>> 
>>>>>> On Nov 17, 2015, at 8:12 AM, Jim Jagielski <jim@jaguNET.com>
wrote:
>>>>>> 
>>>>>> I will.
>>>>>> 
>>>>>>> On Nov 17, 2015, at 7:47 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>>>>> 
>>>>>>> For the 2.4.18 backporting, can I find people here willing to
look at:
>>>>>>> 
>>>>>>> *) core/mod_ssl: 
>>>>>>> - master conn_rec* addition to conn_rec
>>>>>>> - minor mmn bump
>>>>>>> - improved ALPN and Upgrade handling
>>>>>>> - allowing requests for servers whose TLS configuration is compatible
>>>>>>> to the SNI server ones
>>>>>>> - disabling TLS renegotiation for slave connections
>>>>>>> changes are necessary for update modules/http2
>>>>>>> trunk patch: http://svn.apache.org/r1708107
>>>>>>>            http://svn.apache.org/r1709587
>>>>>>>            http://svn.apache.org/r1709602
>>>>>>>            http://svn.apache.org/r1709995
>>>>>>>            http://svn.apache.org/r1710231
>>>>>>>            http://svn.apache.org/r1710419
>>>>>>>            http://svn.apache.org/r1710572
>>>>>>>            http://svn.apache.org/r1710583
>>>>>>>            + manual addition of "conn_rec *master;"
>>>>>>> 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/2.4.17-protocols.patch
>>>>>>> branch mergeable to 2.4.x: ^/httpd/httpd/branches/2.4.17-protocols-changes
>>>>>>> +1: icing
>>>>>>> 
>>>>>>> ? This is needed to backport the current mod_http2. If someone
could find the time to look at this, please? Thanks!
>>>>>>> 
>>>>>>> Cheers,
>>>>>>> 
>>>>>>> Stefan
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
> 


Mime
View raw message