- 26 Sep, 2023 3 commits
-
-
Jérome Perrin authored
We configure haproxy with "verify optional", which makes haproxy request a client certificate, but accept the case where client does not present a certificate, but as described in [1], if client present a certificate and this certificate can not be verified, handshake is aborted. This is not what we want, we want to treat the case of a non verified certificate same as the case of the absence of certificate. This configures haproxy accordingly, using "crt-ignore-err all" to allow handshake anyway. Once this was fixed, there was a remaining problem with client_cert_verified acl, haproxy acl are OR, but this rule was supposed to be a AND (client present a certificate AND it is verified), this was rewritten to use inline condition which are AND. [1]: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.1-verify Also adjust test_x_forwarded_for_stripped_when_no_certificate to assert that there is no X-Forwarded-For header at all when no client certificate.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 22 Sep, 2023 3 commits
-
-
Titouan Soulard authored
-
Titouan Soulard authored
-
Jérome Perrin authored
-
- 20 Sep, 2023 1 commit
-
-
Jérome Perrin authored
-
- 18 Sep, 2023 1 commit
-
-
Titouan Soulard authored
-
- 14 Sep, 2023 3 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
-
- 13 Sep, 2023 1 commit
-
-
Thomas Gambier authored
See merge request !1404
-
- 12 Sep, 2023 2 commits
-
-
Titouan Soulard authored
-
Jérome Perrin authored
-
- 04 Sep, 2023 9 commits
-
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Lu Xu authored
- activate cu_config_link parameter - update cu-config.xml - add supervision log and nc session log
-
- 01 Sep, 2023 6 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 31 Aug, 2023 3 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
we should definitely get rid of this old golang version by upgrading gitlab
-
- 30 Aug, 2023 8 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
This is needed for Debian 12
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
This is needed on Debian12 so that binutils can recognize the system libraries. Without this upgrade we have the following error when trying to build gcc8.5 on Debian12: /opt/slapgrid/shared/binutils/ea3cf4e44b2944e805d9fe6387a4eeb0/bin/ld: /lib/x86_64-linux-gnu/libc.so.6: unknown type [0x13] section `.relr.dyn'
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Jérome Perrin authored
This "simple" approach of using LD_PRELOAD to inject errors when using inotify no longer works on glibc 2.34 and it's now much more complicated, as we can see in discussions from https://stackoverflow.com/questions/15599026/how-can-i-intercept-dlsym-calls-using-ld-preload or code from https://gitlab.com/torkel104/libstrangle/-/commit/720f0ba2ce4423ce5f3e7ebe135e126007365bac This test was for reproduction of a very specific problem that does not happen so much on modern linux which has a much higher limit of inotify watches, the easiest is to remove this test now.
-