Bug 1452029 - Hitch without ALPN support
Summary: Hitch without ALPN support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: hitch
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ingvar Hagelund
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: rhel7-openssl1.0.2
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-18 07:59 UTC by Rodrigo Rodríguez
Modified: 2017-09-26 20:52 UTC (History)
2 users (show)

Fixed In Version: hitch-1.4.6-4.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-26 20:52:25 UTC


Attachments (Terms of Use)

Description Rodrigo Rodríguez 2017-05-18 07:59:48 UTC
Description of problem:
I am tryring to run Hitch with http2 support (Hitch 1.4.4 supports http2 with ALPN). Hitch from EPEL does not supports ALPN. Is this fixable?

Version-Release number of selected component (if applicable):
hitch 1.4.4
OpenSSL 1.0.2k


How reproducible:
Hitch from EPEL7, OpenSSL 1.0.2 compiled from original sources.

Steps to Reproduce:
1. Install Hitch from EPEL.
2. Compile OpenSSL from original sources.
3. git clone https://github.com/varnish/hitch.git
4. cd hitch/src/tests/
5. export TESTDIR=`pwd`/; export PATH=$PATH:`pwd`/../:`pwd`/../util/
6. ./test16-proxy-v2-alpn.sh

Actual results:
{npn} Warning: Hitch has been compiled against a version of OpenSSL without ALPN support.
./test16-proxy-v2-alpn.sh: line 18: type: parse_proxy_v2: not found
FAILED: Unable to find parse_proxy_v2
OpenSSL 1.0.2k  26 Jan 2017

Expected results:
ALP supported.

Additional info:
-

Comment 1 Anssi Johansson 2017-05-18 08:15:22 UTC
When RHEL ships OpenSSL 1.0.2 (being tracked in bug 1276310), Hitch can probably be recompiled against the new OpenSSL to fix this issue.

Comment 2 Ingvar Hagelund 2017-05-18 08:29:32 UTC
ALPN is available from OpenSSL-1.0.2. RHEL7 and clones have OpenSSL-1.0.1. So Support for ALPN requires a change in the RHEL7 OpenSSL package.

Ref bz #1276310

Mark that Red Hat does listen well to paying customers. So if you do have a business case, or really need this in production on a supported RHEL7 based system, ask you local RedHat contact. See https://access.redhat.com/solutions/2740151

If RHEL7 gets support for ALPN, I will make sure the hitch EPEL package can make use of this as well.

Ingvar

Comment 3 Ingvar Hagelund 2017-09-04 13:56:26 UTC
With the new openssl that is released for rhel7, ALPN support should be available.

While openssl-1.0.2k is released for rhel7, it is not yet for centos7, on which epel is built. The update is in the centos sources, but there has not been any build for centos7 yet. I will roll a new build of hitch for epel7 when centos gets the update.

To test ALPN support while waiting for centos to be updated, install openssl-1.0.2k-8.el7 (rebuild from centos or scientific linux sources, or get the package from a vendor like red hat or scientific linux), and rebuild the epel package against it.

References:
bz #1276310
https://access.redhat.com/errata/RHBA-2017:1929
http://ftp.scientificlinux.org/linux/scientific/7/

Ingvar

Comment 4 Anssi Johansson 2017-09-04 14:05:45 UTC
EPEL packages are built on RHEL hosts, and they have already been updated to 7.4.

As for CentOS 7.4 openssl packages, they can be downloaded from the CR repository, https://wiki.centos.org/AdditionalResources/Repositories/CR

Comment 5 Ingvar Hagelund 2017-09-04 18:00:55 UTC
(In reply to Anssi Johansson from comment #4)
> EPEL packages are built on RHEL hosts, and they have already been updated to
> 7.4.
> 
> As for CentOS 7.4 openssl packages, they can be downloaded from the CR
> repository, https://wiki.centos.org/AdditionalResources/Repositories/CR

Ah, great. I did not know that. Thanks, then, I'll roll a new relase for epel7 quite soon.

Ingvar

Comment 6 Fedora Update System 2017-09-04 18:08:02 UTC
hitch-1.4.6-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37113f0c2e

Comment 7 Fedora Update System 2017-09-07 12:18:10 UTC
hitch-1.4.6-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37113f0c2e

Comment 8 Fedora Update System 2017-09-26 20:52:25 UTC
hitch-1.4.6-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.