Description of problem: I am tryring to run Hitch with http2 support (Hitch 1.4.4 supports http2 with ALPN). Hitch from EPEL does not supports ALPN. Is this fixable? Version-Release number of selected component (if applicable): hitch 1.4.4 OpenSSL 1.0.2k How reproducible: Hitch from EPEL7, OpenSSL 1.0.2 compiled from original sources. Steps to Reproduce: 1. Install Hitch from EPEL. 2. Compile OpenSSL from original sources. 3. git clone https://github.com/varnish/hitch.git 4. cd hitch/src/tests/ 5. export TESTDIR=`pwd`/; export PATH=$PATH:`pwd`/../:`pwd`/../util/ 6. ./test16-proxy-v2-alpn.sh Actual results: {npn} Warning: Hitch has been compiled against a version of OpenSSL without ALPN support. ./test16-proxy-v2-alpn.sh: line 18: type: parse_proxy_v2: not found FAILED: Unable to find parse_proxy_v2 OpenSSL 1.0.2k 26 Jan 2017 Expected results: ALP supported. Additional info: -
When RHEL ships OpenSSL 1.0.2 (being tracked in bug 1276310), Hitch can probably be recompiled against the new OpenSSL to fix this issue.
ALPN is available from OpenSSL-1.0.2. RHEL7 and clones have OpenSSL-1.0.1. So Support for ALPN requires a change in the RHEL7 OpenSSL package. Ref bz #1276310 Mark that Red Hat does listen well to paying customers. So if you do have a business case, or really need this in production on a supported RHEL7 based system, ask you local RedHat contact. See https://access.redhat.com/solutions/2740151 If RHEL7 gets support for ALPN, I will make sure the hitch EPEL package can make use of this as well. Ingvar
With the new openssl that is released for rhel7, ALPN support should be available. While openssl-1.0.2k is released for rhel7, it is not yet for centos7, on which epel is built. The update is in the centos sources, but there has not been any build for centos7 yet. I will roll a new build of hitch for epel7 when centos gets the update. To test ALPN support while waiting for centos to be updated, install openssl-1.0.2k-8.el7 (rebuild from centos or scientific linux sources, or get the package from a vendor like red hat or scientific linux), and rebuild the epel package against it. References: bz #1276310 https://access.redhat.com/errata/RHBA-2017:1929 http://ftp.scientificlinux.org/linux/scientific/7/ Ingvar
EPEL packages are built on RHEL hosts, and they have already been updated to 7.4. As for CentOS 7.4 openssl packages, they can be downloaded from the CR repository, https://wiki.centos.org/AdditionalResources/Repositories/CR
(In reply to Anssi Johansson from comment #4) > EPEL packages are built on RHEL hosts, and they have already been updated to > 7.4. > > As for CentOS 7.4 openssl packages, they can be downloaded from the CR > repository, https://wiki.centos.org/AdditionalResources/Repositories/CR Ah, great. I did not know that. Thanks, then, I'll roll a new relase for epel7 quite soon. Ingvar
hitch-1.4.6-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37113f0c2e
hitch-1.4.6-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37113f0c2e
hitch-1.4.6-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.