You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2015/11/17 10:48:54 UTC
svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Author: icing
Date: Tue Nov 17 09:48:54 2015
New Revision: 1714742
URL: http://svn.apache.org/viewvc?rev=1714742&view=rev
Log:
update STATUS
Modified:
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015
@@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch
(trunk works, meant to ease review)
+1: ylavic, minfrin
+ icing: test 3 fails for me in t/security/CVE-2005-3357.t
*) core/mod_ssl:
- master conn_rec* addition to conn_rec
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Stefan Eissing <st...@greenbytes.de>.
Hmm, just testing for Jim, I see the same error on 2.5-DEV on my OS X machine:
t/security/CVE-2005-3357.t ..
1..3
# Running under perl version 5.018002 for darwin
# Current time local: Tue Nov 17 16:00:55 2015
# Current time GMT: Tue Nov 17 15:00:55 2015
# Using Test.pm version 1.26
# Using Apache/Test.pm version 1.40
# URL is http://localhost:8534/
ok 1
# testing : Expected bad request from 'GET http://localhost:8534/'
# expected: 400
# received: '400'
ok 2
# testing : errordoc content was served
# expected: qr/(?^:welcome to localhost)/
# received: '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
# <html><head>
# <title>400 Bad Request</title>
# </head><body>
# <h1>Bad Request</h1>
# <p>Your browser sent a request that this server could not understand.<br />
# </p>
# <p>Additionally, a 400 Bad Request
# error was encountered while trying to use an ErrorDocument to handle the request.</p>
# </body></html>
# '
not ok 3
# Failed test 3 in t/security/CVE-2005-3357.t at line 51
Failed 1/3 subtests
Test Summary Report
-------------------
t/security/CVE-2005-3357.t (Wstat: 0 Tests: 3 Failed: 1)
Failed test: 3
Files=1, Tests=3, 0 wallclock secs ( 0.02 usr 0.00 sys + 0.37 cusr 0.15 csys = 0.54 CPU)
Result: FAIL
Failed 1/1 test programs. 1/3 subtests failed.
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Stefan Eissing <st...@greenbytes.de>.
I can check that change on the test setup and meditate about the docs phrasing a bit...
> Am 19.11.2015 um 14:11 schrieb Yann Ylavic <yl...@gmail.com>:
>
> On Thu, Nov 19, 2015 at 2:04 PM, Stefan Eissing
> <st...@greenbytes.de> wrote:
>>>
>>> Hmm, then r1709587 swithed it back to "H2Direct on for http:, off for
>>> https: requests", whereas the commit states "H2Direct off, on when h2c
>>> is in Protocols".
>>> What's the status exactly?
>>
>> The status in trunk is as documented in trunk ;-)
>>
>> H2Direct, unless set otherwise, is enabled if and only if a server has "Protocols h2c".
>
> Is that what "H2Direct on for http:, off for https: requests" means? oO
> (I prefer the commit message terms in this case :p )
>
>>
>> The reason for enabling it also for "h2" hosts in the test framework is to enable
>> tests to run on machines that do not have SSL+ALPN in the perl tests. This is true
>> for OS X, unfortunately.
>
> The tests framework enables it unconditionally provided mod_http2 is loaded.
>
> Was thinking of something like:
>
> Index: t/conf/http2.conf.in
> ===================================================================
> --- t/conf/http2.conf.in (revision 1715025)
> +++ t/conf/http2.conf.in (working copy)
> @@ -6,10 +6,11 @@
> <IfModule http2_module>
>
> LogLevel http2:debug
> - H2Direct on
>
> <VirtualHost h2c>
> Protocols h2c http/1.1
> + # Should be implicit with h2c
> + #H2Direct on
>
> <IfModule @CGI_MODULE@>
> <Directory @SERVERROOT@/htdocs/modules/h2>
> @@ -32,6 +33,7 @@
>
> <VirtualHost localhost:h2>
> Protocols h2 http/1.1
> + H2Direct on
>
> SSLEngine on
> SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
> @@ -74,6 +76,7 @@
>
> <VirtualHost test.example.org:h2>
> Protocols h2 http/1.1
> + H2Direct on
>
> SSLEngine on
> SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
> @@ -91,6 +94,7 @@
>
> <VirtualHost test2.example.org:h2>
> Protocols http/1.1 h2
> + H2Direct on
> </VirtualHost>
>
> <VirtualHost test-ser.example.org:h2>
> --
>
>>
>> The doc in 2.4.x is not updated as the http2 modules is not updated, as I am waiting
>> for the proposed core-protocols changes to be backported.
>
> Working on it ;)
>
>
> Thanks,
> Yann.
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Nov 19, 2015 at 2:04 PM, Stefan Eissing
<st...@greenbytes.de> wrote:
>>
>> Hmm, then r1709587 swithed it back to "H2Direct on for http:, off for
>> https: requests", whereas the commit states "H2Direct off, on when h2c
>> is in Protocols".
>> What's the status exactly?
>
> The status in trunk is as documented in trunk ;-)
>
> H2Direct, unless set otherwise, is enabled if and only if a server has "Protocols h2c".
Is that what "H2Direct on for http:, off for https: requests" means? oO
(I prefer the commit message terms in this case :p )
>
> The reason for enabling it also for "h2" hosts in the test framework is to enable
> tests to run on machines that do not have SSL+ALPN in the perl tests. This is true
> for OS X, unfortunately.
The tests framework enables it unconditionally provided mod_http2 is loaded.
Was thinking of something like:
Index: t/conf/http2.conf.in
===================================================================
--- t/conf/http2.conf.in (revision 1715025)
+++ t/conf/http2.conf.in (working copy)
@@ -6,10 +6,11 @@
<IfModule http2_module>
LogLevel http2:debug
- H2Direct on
<VirtualHost h2c>
Protocols h2c http/1.1
+ # Should be implicit with h2c
+ #H2Direct on
<IfModule @CGI_MODULE@>
<Directory @SERVERROOT@/htdocs/modules/h2>
@@ -32,6 +33,7 @@
<VirtualHost localhost:h2>
Protocols h2 http/1.1
+ H2Direct on
SSLEngine on
SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
@@ -74,6 +76,7 @@
<VirtualHost test.example.org:h2>
Protocols h2 http/1.1
+ H2Direct on
SSLEngine on
SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
@@ -91,6 +94,7 @@
<VirtualHost test2.example.org:h2>
Protocols http/1.1 h2
+ H2Direct on
</VirtualHost>
<VirtualHost test-ser.example.org:h2>
--
>
> The doc in 2.4.x is not updated as the http2 modules is not updated, as I am waiting
> for the proposed core-protocols changes to be backported.
Working on it ;)
Thanks,
Yann.
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 19.11.2015 um 13:58 schrieb Yann Ylavic <yl...@gmail.com>:
>
> On Thu, Nov 19, 2015 at 1:26 PM, Yann Ylavic <yl...@gmail.com> wrote:
>>
>> Am I right to assume "H2Direct off" is the defaut now (in 2.5-dev and
>> upcoming 2.4.18, trunk docs seem not updated, and [1] suggests this is
>> from r1708107)?
>
> Hmm, then r1709587 swithed it back to "H2Direct on for http:, off for
> https: requests", whereas the commit states "H2Direct off, on when h2c
> is in Protocols".
> What's the status exactly?
The status in trunk is as documented in trunk ;-)
H2Direct, unless set otherwise, is enabled if and only if a server has "Protocols h2c".
The reason for enabling it also for "h2" hosts in the test framework is to enable
tests to run on machines that do not have SSL+ALPN in the perl tests. This is true
for OS X, unfortunately.
The doc in 2.4.x is not updated as the http2 modules is not updated, as I am waiting
for the proposed core-protocols changes to be backported.
//Stefan
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Nov 19, 2015 at 1:26 PM, Yann Ylavic <yl...@gmail.com> wrote:
>
> Am I right to assume "H2Direct off" is the defaut now (in 2.5-dev and
> upcoming 2.4.18, trunk docs seem not updated, and [1] suggests this is
> from r1708107)?
Hmm, then r1709587 swithed it back to "H2Direct on for http:, off for
https: requests", whereas the commit states "H2Direct off, on when h2c
is in Protocols".
What's the status exactly?
Thanks,
Yann.
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Wed, Nov 18, 2015 at 6:21 PM, Yann Ylavic <yl...@gmail.com> wrote:
>
> The problem was about "HTTP spoken on HTTPS port" handling in
> ssl_io_filter_input() not prepared to AP_MODE_INIT from
> process_connection() and AP_MODE_SPECULATIVE read for H2Direct.
Btw, when http2 tests are enabled, could me make some specific test(s)
case(s) for "H2Direct on" and leave the default for all the other
tests (either implicit or explicit "H2Direct off")?
Am I right to assume "H2Direct off" is the defaut now (in 2.5-dev and
upcoming 2.4.18, trunk docs seem not updated, and [1] suggests this is
from r1708107)?
[1] https://www.mail-archive.com/dev@httpd.apache.org/msg63547.html
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Tue, Nov 17, 2015 at 3:50 PM, Yann Ylavic <yl...@gmail.com> wrote:
> On Tue, Nov 17, 2015 at 10:48 AM, <ic...@apache.org> wrote:
>>
>> Modified: httpd/httpd/branches/2.4.x/STATUS
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>> +++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015
>> @@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>> 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch
>> (trunk works, meant to ease review)
>> +1: ylavic, minfrin
>> + icing: test 3 fails for me in t/security/CVE-2005-3357.t
>
> I can't reproduce this (with 2.4.x and this patch only)...
Finally got it.
The problem was about "HTTP spoken on HTTPS port" handling in
ssl_io_filter_input() not prepared to AP_MODE_INIT from
process_connection() and AP_MODE_SPECULATIVE read for H2Direct.
I fixed it in r1715023 by extending the NON_SSL_* state machine,
please review...
Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Tue, Nov 17, 2015 at 10:48 AM, <ic...@apache.org> wrote:
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015
> @@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
> 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch
> (trunk works, meant to ease review)
> +1: ylavic, minfrin
> + icing: test 3 fails for me in t/security/CVE-2005-3357.t
I can't reproduce this (with 2.4.x and this patch only)...
Can you provide the ./TEST -v output and maybe the trace logs?