Bug 809599 - Next Protocol Negotiation support
Next Protocol Negotiation support
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: httpd (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Kaluža
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-03 14:17 EDT by Michał Piotrowski
Modified: 2016-03-18 06:58 EDT (History)
9 users (show)

See Also:
Fixed In Version: httpd-2.4.2-7.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-18 06:58:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michał Piotrowski 2012-04-03 14:17:04 EDT
Hi,

Please consider adding the following patch to mod_ssl
https://issues.apache.org/bugzilla/attachment.cgi?id=28513

This patch adds support for Next Protocol Negotiation needed by SPDY https://fedoraproject.org/wiki/Features/F18SPDY

Patch is currently reviewed
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210

Best regards,
Michal
Comment 2 Joe Orton 2012-05-01 09:50:35 EDT
There you go, Michal.   If you get to test that out, please leave a comment.
Comment 3 Michał Piotrowski 2012-05-01 13:21:51 EDT
Hi,

Thank you very much. Currently I have a short vacation - I'll test it after 2012-V-07.

Best regards,
Michal
Comment 4 Michał Piotrowski 2012-05-07 09:59:26 EDT
Hi,

I need to get working mod_spdy for F18 to test if NPN works. I've got some problems with mod_spdy - I will try to resolve them quickly.

Best regards,
Michal
Comment 5 Michał Piotrowski 2012-06-13 08:41:19 EDT
Hi,

Unfortunately I can not test it until mod_spdy gets support for httpd 2.4.

Best regards,
Michal
Comment 6 Fedora End Of Life 2013-04-03 16:26:24 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 7 Scott Shambarger 2014-04-13 22:38:20 EDT
As Google hasn't bothered to update mod_spdy to support Apache 2.4 yet, someone has forked the project on github and patched it to work (the changes are fairly minor).

See: https://github.com/eousphoros/mod-spdy

I've installed the generated mod_ssl (with NPN support) and mod_spdy and it works very well on my Fedora 20 system (ssllabs shows full support, and developer logs in Firefox show correct spdy/3.1 negotiation.  (Current trunk also has the fix for the heartbleed bug)

Might be worth testing/updating mod_ssl to support NPN so we can track future SSL fixes without an out of tree module.

If you need, I can post the patch to mod_ssl to add NPN support so it can be easily added to the RPM.
Comment 8 Joe Orton 2014-04-14 03:58:42 EDT
Scott, we have an old version of the NPN patches from httpd trunk in Fedora httpd already.  The API got redesigned though in http://svn.apache.org/r1487772
- is that what is required to work with the forked mod_spdy?
Comment 9 Scott Shambarger 2014-04-14 15:50:05 EDT
Checked the mod_ssl patch in the mod_spdy fork above, and it's using the hook (older) API.  Not sure how much would need to change to get mod_spdy to use the newer callback interface, but it's not "core" to the spdy code if I'm reading it right (the protocol negotiation is done before the meat of the mod_spdy code gets called).

Would you prefer to use the newer callback interface?  If so, I could look at forking/porting the mod_spdy code... (time allowing :)
Comment 10 Joe Orton 2014-04-14 16:02:10 EDT
I would prefer to use the newer interface, but it's not a big deal.  Matthew Steele at Google had reviewed the API rewrite, might be worth talking to him about it:

http://marc.info/?t=136983840600001&r=1&w=4
Comment 11 Scott Shambarger 2014-04-14 16:51:19 EDT
I guess either would work... wouldn't expect that apache would ship 2.4 with NPN added as they'll probably wait for 2.6.

Safest option would be for mod_ssl to add a "provides" feature that mod_spdy can "require" ("mod_ssl(npn-hook)" perhaps? not sure of the correct syntax) and then if the api is ever updated, mod_spdy would need to be upgraded or removed.

Noticed that installing the current mod_spdy with a non-npn mod_ssl issues an error in the ssl_error_log, but doesn't prevent the module from loading (or apache from starting) -- https pages just never finish the connection and hang; not ideal.
Comment 12 Peter Robinson 2014-05-08 05:24:42 EDT
So google has now released mod_spdy to the apache project so it's possible for it to now be packaged. Likely best as a separate package.

http://svn.apache.org/viewvc/httpd/mod_spdy/
Comment 13 Scott Shambarger 2014-05-08 15:31:53 EDT
Took a quick look, and the released mod appears to be using the old hook api.  Haven't had a chance to build/install this new release and give it a spin yet.

BTW: I don't see the mod_ssl patches for npn in the httpd-2.4.9-2.fc20 source... I used the mod_ssl build from the git link in comment 7 for my current testing, but if the default mod_ssl had the patched module, it'd make it easier to ship mod_spdy as an optional/non-conflicting package :)
Comment 14 Fedora Admin XMLRPC Client 2014-06-30 05:53:37 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 15 Jan Kurik 2015-07-15 11:10:24 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Comment 16 Jan Kaluža 2015-07-20 08:07:41 EDT
Hi,

I'm triaging httpd bugs in Fedora and I've been checking the story behind this bug for some time. How actual is it now?

The NPN has been replaced by ALPN and NPN support has been removed from httpd completely in <https://svn.apache.org/viewvc?view=revision&revision=1676004>.

What's the plan here now?
Comment 17 Michał Piotrowski 2015-08-17 07:06:06 EDT
Hi,

I think that this bug can be closed.

Best regards,
Michal
Comment 18 Joe Orton 2016-03-18 06:58:03 EDT
ALPN works with mod_ssl/mod_http2 in Fedora 23 (httpd 2.4.18).

Note You need to log in before you can comment on or make changes to this bug.