httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: 2.4.18 backporting
Date Tue, 17 Nov 2015 17:18:44 GMT
Just found out that AnyEvent::TLS does not support SNI *at all*, so I am considering scrapping
these VHOST tests. All in all, I am not very happy with Protocol::HTTP2::Client. I think I
would rather call nghttp and curl from our Perl framework directly. But that would mean that
people build nghttp2 with apps and have nghttp in the $PATH...

//Stefan

> Am 17.11.2015 um 18:08 schrieb Jim Jagielski <jim@jaguNET.com>:
> 
> No issues under CentOS...
> 
>> On Nov 17, 2015, at 11:28 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>> 
>> That's cheating...
>> 
>> I'll let you know when it works for me in such a configuration.
>> 
>>> Am 17.11.2015 um 16:51 schrieb Jim Jagielski <jim@jaguNET.com>:
>>> 
>>> My perl is built against openssl 1.0.2...
>>> 
>>>> On Nov 17, 2015, at 10:43 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>> 
>>>> OK, the problem on OS X is that the default openssl is 0.98 which does not
do SNI.
>>>> 
>>>> I try to detect this in lines 14-17 by:
>>>> my $alpn_available = exists &Net::SSLeay::CTX_set_alpn_protos;
>>>> if ($alpn_available) {
>>>> $total_tests += $vhost_suite;
>>>> }
>>>> 
>>>> and change the test case expectations accordingly. That seems to fail on
your system. The test case thinks ALPN+SNI are available and wants to see "localhost" in the
response, but it is not used.
>>>> 
>>>> Unnecessary to say that the detection (and therefore the tests) work on my
OS X installation - also before 10.11.
>>>> 
>>>> Hmmm....are there SNI test cases for mod_ssl where I could see how it detects
it?
>>>> 
>>>> 
>>>>> Am 17.11.2015 um 16:30 schrieb Jim Jagielski <jim@jaguNET.com>:
>>>>> 
>>>>> Still:
>>>>> 
>>>>> t/modules/http2.t .. 26/51
>>>>> # Failed test 34 in t/modules/http2.t at line 242 fail #4
>>>>> # testing : content comparision
>>>>> # expected: '<html><body>
>>>>> # <h2>Hello World!</h2>
>>>>> # TLS_SNI="localhost"
>>>>> # </body></html>
>>>>> # '
>>>>> # received: '<html><body>
>>>>> # <h2>Hello World!</h2>
>>>>> # TLS_SNI=""
>>>>> # </body></html>
>>>>> # '
>>>>> not ok 34
>>>>> 
>>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6
>>>>> test case: VHOST001, expect 404 or 421 (using Host:): GET https://localhost:8544/misdirected
>>>>> # testing : GET https://localhost:8544/misdirected
>>>>> # expected: 421
>>>>> # received: '404'
>>>>> not ok 50
>>>>> 
>>>>> # Failed test 51 in t/modules/http2.t at line 194 fail #7
>>>>> test case: VHOST002, expect 404 or 421 (using :authority): GET https://localhost:8544/misdirected
>>>>> # Failed test 50 in t/modules/http2.t at line 194 fail #6
>>>>> # testing : GET https://localhost:8544/misdirected
>>>>> # expected: 421
>>>>> # received: '404'
>>>>> not ok 51
>>>>> 
>>>>> t/modules/http2.t .. Failed 3/51 subtests
>>>>> 
>>>>> 
>>>>>> On Nov 17, 2015, at 10:17 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>>>> 
>>>>>> OK, the change is from October 19th by me. I changed the test suite
to have
>>>>>> the test run in deterministic order. $r is a references to an array
of tests
>>>>>> and, depending on module availability, I push more elements to $r.
>>>>>> 
>>>>>> I just changed it to push @$r, { ... }
>>>>>> 
>>>>>> Please give it a try.
>>>>>> 
>>>>>>> Am 17.11.2015 um 16:06 schrieb Jim Jagielski <jim@jaguNET.com>:
>>>>>>> 
>>>>>>> I am still 10.10 but w/ Xcode 7.1.1
>>>>>>> 
>>>>>>> 
>>>>>>> <jimsys:stable/httpd-test/framework> % perl -V
>>>>>>> Summary of my perl5 (revision 5 version 20 subversion 2) configuration:
>>>>>>> 
>>>>>>> Platform:
>>>>>>> osname=darwin, osvers=14.4.0, archname=darwin-thread-multi-2level
>>>>>>> uname='darwin jimsys.local 14.4.0 darwin kernel version 14.4.0:
thu may 28 11:35:04 pdt 2015; root:xnu-2782.30.5~1release_x86_64 x86_64 '
>>>>>>> config_args='-des -Duseithreads -Dusemultiplicity=y -Duseshrplib
-Dprefix=/usr/local2 -Dvendorprefix=/usr/local2'
>>>>>>> hint=recommended, useposix=true, d_sigaction=define
>>>>>>> useithreads=define, usemultiplicity=define
>>>>>>> use64bitint=define, use64bitall=define, uselongdouble=undef
>>>>>>> usemymalloc=n, bincompat5005=undef
>>>>>>> Compiler:
>>>>>>> cc='cc', ccflags ='-fno-common -DPERL_DARWIN -fno-strict-aliasing
-pipe -fstack-protector -I/usr/local/include -I/opt/local/include',
>>>>>>> optimize='-O3',
>>>>>>> cppflags='-fno-common -DPERL_DARWIN -fno-strict-aliasing -pipe
-fstack-protector -I/usr/local/include -I/opt/local/include'
>>>>>>> ccversion='', gccversion='4.2.1 Compatible Apple LLVM 6.1.0 (clang-602.0.53)',
gccosandvers=''
>>>>>>> intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
>>>>>>> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
>>>>>>> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
>>>>>>> alignbytes=8, prototype=define
>>>>>>> Linker and Libraries:
>>>>>>> ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector
-L/usr/local/lib -L/opt/local/lib'
>>>>>>> libpth=/usr/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.1.0/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib
/opt/local/lib
>>>>>>> libs=-lgdbm -ldbm -ldl -lm -lutil -lc
>>>>>>> perllibs=-ldl -lm -lutil -lc
>>>>>>> libc=, so=dylib, useshrplib=true, libperl=libperl.dylib
>>>>>>> gnulibc_version=''
>>>>>>> Dynamic Linking:
>>>>>>> dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags='
'
>>>>>>> cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup
-L/usr/local/lib -L/opt/local/lib -fstack-protector'
>>>>>>> 
>>>>>>>> On Nov 17, 2015, at 9:59 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>>>>>> 
>>>>>>>> Hmm, what perl version is that? Works on my OS X (El 10.11)
with perl -v:
>>>>>>>> 
>>>>>>>> This is perl 5, version 18, subversion 2 (v5.18.2) built
for darwin-thread-multi-2level
>>>>>>>> (with 2 registered patches, see perl -V for more detail)
>>>>>>>> 
>>>>>>>> //Stefan
>>>>>>>> 
>>>>>>>>> Am 17.11.2015 um 15:44 schrieb Jim Jagielski <jim@jaguNET.com>:
>>>>>>>>> 
>>>>>>>>> Doing a quick tst I get:
>>>>>>>>> 
>>>>>>>>> t/modules/http2.t .. push on reference is experimental
at t/modules/http2.t line 319.
>>>>>>>>> Dubious, test returned 255 (wstat 65280, 0xff00)
>>>>>>>>> No subtests run
>>>>>>>>> 
>>>>>>>>> Test Summary Report
>>>>>>>>> -------------------
>>>>>>>>> t/modules/http2.t (Wstat: 65280 Tests: 0 Failed: 0)
>>>>>>>>> Non-zero exit status: 255
>>>>>>>>> Parse errors: No plan found in TAP output
>>>>>>>>> Files=1, Tests=0,  1 wallclock secs ( 0.02 usr  0.01
sys +  0.31 cusr  0.06 csys =  0.40 CPU)
>>>>>>>>> Result: FAIL
>>>>>>>>> Failed 1/1 test programs. 0/0 subtests failed.
>>>>>>>>> 
>>>>>>>>> This is on OSX
>>>>>>>>> 
>>>>>>>>>> On Nov 17, 2015, at 8:12 AM, Jim Jagielski <jim@jaguNET.com>
wrote:
>>>>>>>>>> 
>>>>>>>>>> I will.
>>>>>>>>>> 
>>>>>>>>>>> On Nov 17, 2015, at 7:47 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>>>>>>>>>> 
>>>>>>>>>>> For the 2.4.18 backporting, can I find people
here willing to look at:
>>>>>>>>>>> 
>>>>>>>>>>> *) core/mod_ssl: 
>>>>>>>>>>> - master conn_rec* addition to conn_rec
>>>>>>>>>>> - minor mmn bump
>>>>>>>>>>> - improved ALPN and Upgrade handling
>>>>>>>>>>> - allowing requests for servers whose TLS configuration
is compatible
>>>>>>>>>>> to the SNI server ones
>>>>>>>>>>> - disabling TLS renegotiation for slave connections
>>>>>>>>>>> changes are necessary for update modules/http2
>>>>>>>>>>> trunk patch: http://svn.apache.org/r1708107
>>>>>>>>>>>        http://svn.apache.org/r1709587
>>>>>>>>>>>        http://svn.apache.org/r1709602
>>>>>>>>>>>        http://svn.apache.org/r1709995
>>>>>>>>>>>        http://svn.apache.org/r1710231
>>>>>>>>>>>        http://svn.apache.org/r1710419
>>>>>>>>>>>        http://svn.apache.org/r1710572
>>>>>>>>>>>        http://svn.apache.org/r1710583
>>>>>>>>>>>        + manual addition of "conn_rec *master;"
>>>>>>>>>>> 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/2.4.17-protocols.patch
>>>>>>>>>>> branch mergeable to 2.4.x: ^/httpd/httpd/branches/2.4.17-protocols-changes
>>>>>>>>>>> +1: icing
>>>>>>>>>>> 
>>>>>>>>>>> ? This is needed to backport the current mod_http2.
If someone could find the time to look at this, please? Thanks!
>>>>>>>>>>> 
>>>>>>>>>>> Cheers,
>>>>>>>>>>> 
>>>>>>>>>>> Stefan
>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
> 


Mime
View raw message