httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: ssl renegotiate
Date Wed, 10 Feb 2016 12:22:16 GMT
Big oups, sorry! I was just doing a bisection. Happy I can stop that.

Thanks a bunch,

Rainer

Am 10.02.2016 um 12:31 schrieb Stefan Eissing:
> With r1729581, all seems fine again in handshake land.
>
> Stefan
>
>> Am 09.02.2016 um 21:54 schrieb Stefan Eissing <stefan.eissing@greenbytes.de>:
>>
>> Testing in trunk, 2.4.x seems to be fine. It's the httpd/test/mod_h2/trunk test cases
(do not expect you to get that running). I will take a closer look tomorrow as there is more
fishy than just the renegotiation. I see more failures than that. I will try an earlier mod_ssl
tomorrow and try to narrow it down.
>>
>> Cheers,
>>
>> Stefan
>>
>>> Am 09.02.2016 um 21:47 schrieb Rainer Jung <rainer.jung@kippdata.de>:
>>>
>>> Am 09.02.2016 um 20:03 schrieb Stefan Eissing:
>>>>
>>>>> Am 09.02.2016 um 19:58 schrieb Rainer Jung <rainer.jung@kippdata.de>:
>>>>>
>>>>> Am 09.02.2016 um 19:20 schrieb Stefan Eissing:
>>>>>> Ah, closer look revealed that the first test was a cipher renegotiation
using HTTP/1.1. That no longer works, but the slave connection checks do. So, false alarm
on that front. Will disable the renegotiation tests that fail for now until the 1.1.0 openssl
work is done...
>>>>>>
>>>>>> Sorry for the confusion.
>>>>>>
>>>>>>> Am 09.02.2016 um 19:11 schrieb Stefan Eissing <stefan.eissing@greenbytes.de>:
>>>>>>>
>>>>>>> With the new renegotiate code, I get failures in trunk for my
tests that expect renegotiation to fail on slave connections. Rainer, not sure how this works
now. Can you have a look?
>>>>>
>>>>> No problem, thanks for doing tests as well. Yes, the cipher change reneg
is still expected to fail (only when using OpenSSL 1.1.0).
>>>>
>>>> Was using OpenSSL 1.0.2 in my tests...
>>>
>>> That's strange then, because I didn't (intentionally) change the behavior for
pre 1.1.0. Instead I tried to keep the code the same in that case and postpone any cleanups
(let pre-1.1.0 use the same code as 1.1.0) to the time 1.1.0 runs fine.
>>>
>>> So could it be something else? Is it a test case which is part of the test suite?
If yes, which one? Which version (trunk or 2.4) did you test. I would try to reproduce here.
>>>
>>> Regards,
>>>
>>> Rainer

Mime
View raw message