Re: [squid-dev] Feature: Bearer Authentication - Status of deployment

On 23/01/24 23:15, Alexandru Durlea wrote: Hi team, I have a question in regards to the Feature: _Bearer Authentication_ that is listed here: https://wiki.squid-cache.org/Features/BearerAuthentication Can see that it is marked

Re: [squid-dev] RFC: ACL clashes with Windows system entity

On 7/12/23 10:47, Francesco Chemolli wrote: Hi all,   I'm looking at improving windows portability, and we have a name clash with a Windows system header (https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl

Re: [squid-dev] RFC: Squid documentation upgrade

On 12/10/23 03:32, Alex Rousskov wrote: On 2023-10-11 02:25, Amos Jeffries wrote: Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated. So far we have a casual agreement

Re: [squid-dev] mirrors with missing files

On 1/11/23 09:59, Alex Rousskov wrote: On 2023-10-31 15:39, Francesco Chemolli wrote: Before we can migrate ..., we need to deprecate, cleanup and simplify a lot. Do you really, really _need_ to "deprecate, cleanup, and simplify a lot" in order to stop mirroring tomorrow?! Start doing new

Re: [squid-dev] squid-cache.org TLS certificate errors

the site on https:// do so under their own certificate; that's well known. Thanks for caring and for reaching out! Amos Jeffries The Squid Software Foundation On 31/10/23 22:45, Adam Majer wrote: Hi, Not really about squid, but more about the web hosting. Going to https://www.squid-cache.org

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

On 12/10/23 01:09, ngtech1...@gmail.com wrote: Hey, Not sure I understood exactly what the proposal is? To remove the ./configure --disable-follow-x-forwarded-for build option. Leaving the feature available to everyone. HTH Amos From Amos response I understand that it will be converted

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

On 11/10/23 08:19, Alex Rousskov wrote: On 2023-10-10 12:17, Francesco Chemolli wrote: what if we removed the configure option for FOLLOW_X_FORWARDED_FOR, and made it unconditionally part of Squid? Some Squid deployments will silently break AFAICT. In what way specifically? It is on

[squid-dev] RFC: Squid documentation upgrade

Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated. So far we have a casual agreement amongst the core dev team to use Markdown when reasonably possible. If anyone has issues

[squid-dev] RFC: GitHub Projects and Issues

Greetings all, You may (or not) have noticed that recently I have been experimenting with GitHub Projects. Creating a few for the major long-term efforts and assigned a number of the open PRs to them. IMO this looks like it could be a better way to track progress on incomplete features or

[squid-dev] Latest Clang build errors

Alex, since the whole IPC and SHM system is your design are you able to work on fixing the FlexibleArray build errors we are now getting with clang v15. IIRC FlexibleArray was a placeholder for std::dynarray, which is now officially dead. So if we can do an implementation which uses more

[squid-dev] 6.0.2 release update

Hi all, Squid-6 beta release schedule calls for a 6.0.2 release this coming weekend. However we have not had enough change to qualify for a new release packaging. As such I/we are going to skip this monthly release. Cheers Amos ___ squid-dev

Re: [squid-dev] RFC: policy change for header #includes

On 7/03/2023 10:14 pm, Francesco Chemolli wrote: I like this idea; I would also complement it with the directive to use header instead of whenever possible - this could also be automatically enforced That we already have. PRs doing the updates welcome. Amos

[squid-dev] RFC: policy change for header #includes

Current Policy : "  4. system C headers (with a .h suffix):     * mandatory HAVE_FOO_H wrapper " I propose using the C++17 "__has_include()" instead of HAVE_FOO_H whenever we can. Which is:  *

Re: [squid-dev] Drop cache_object protocol support

On 26/01/2023 3:30 am, Alex Rousskov wrote: On 1/25/23 07:29, Amos Jeffries wrote: On 25/01/2023 5:34 pm, Alex Rousskov wrote: On 1/24/23 20:57, Amos Jeffries wrote: Blocker #2: The squidclient tool still sends cache_object: scheme when given "mgr:" on the CLI. We need to upgrade

Re: [squid-dev] Drop cache_object protocol support

On 25/01/2023 5:34 pm, Alex Rousskov wrote: On 1/24/23 20:57, Amos Jeffries wrote: Blocker #1:  The cachemgr_passwd directly still needs to be cleanly removed, eg replaced by a manager_access ACL based mechanism. I do not see a relationship: I have not tested it, but the existing

Re: [squid-dev] Drop cache_object protocol support

On 25/01/2023 8:23 am, Alex Rousskov wrote: On 1/24/23 12:22, Eduard Bagdasaryan wrote: Today we can query cache manager in two ways: 1. with cache_object:// URL scheme 2. with an HTTP request having the 'squid-internal-mgr' path prefix. I guess that when (2) was initially added at e37bd29,

Re: [squid-dev] RFC: Switch to C++17

I support the switch. Caveat details below... On 5/12/2022 5:21 am, Francesco Chemolli wrote: I support the switch On Sun, 4 Dec 2022 at 16:18, Alex Rousskov wrote: Hello, C++17 is supported by popular modern compilers and stable distros. Squid master branch should target

Re: [squid-dev] RFC: Semaphore CI to GitHub Actions migration

Sounds good for the most part. On 20/10/22 03:25, Alex Rousskov wrote: Hello,     I plan to gradually turn Semaphore CI testing off and make GitHub Actions required. We should not babysit the same tests in two setups. Here is the current status of CI tests with regard to Semaphore and

Re: [squid-dev] Proposal: switch to always-build for some currently optional features

On 20/09/22 01:28, Francesco Chemolli wrote: Hi all,    there is a bunch of features that are currently gated at compile time: among others, I see: - adaptation (icap, ecap) - authentication - ident - delay pools - cache digests - htcp - cache digests - wccp - unlinkd I'd like to propose

Re: [squid-dev] RFC submodule repositories

On 1/08/22 03:09, Alex Rousskov wrote: On 7/31/22 00:29, Amos Jeffries wrote: When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. In my experience, git submodules

[squid-dev] RFC submodule repositories

When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. What (if any) updates do we need to make to Anubis and other infrastructure so support git submodules ? Amos

Re: [squid-dev] Errors while building 5.6 on Ubuntu 22.04

FWIW, The backport of OpenSSL 3.0 support to v5 did not apply completely clean. So it did not make v5 yet. I hope to have some time to work on it later this week, if not it might miss this point release. The patch in Debian is an earlier version of what eventually merged. Functionally

Re: [squid-dev] PR backlog

On 7/06/22 05:19, Alex Rousskov wrote: On 6/6/22 03:34, Francesco Chemolli wrote:     we have quite a big backlog of open PRs (https://github.com/squid-cache/squid/pulls?page=1=is%3Apr+is%3Aopen). How about doing a 15-days sprint and clearing it or at least trimming it significantly? I am

Re: [squid-dev] CVE-2019-12522

On 4/03/22 00:39, Eliezer Croitoru wrote: I'm still trying to understand why it's described as "exploitable" ??? It's like saying: The Linux Kernel should not be a kernel and init(or equivalent) should not run with uid 0 or 1. Why nobody complains about cockpit being a root process?? This

Re: [squid-dev] CVE-2019-12522

On 2/03/22 05:35, Adam Majer wrote: Hi all, There apparently was a CVE assigned some time ago but I cannot seem to find it being addressed. https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt The crux of the problem is that privileges are not dropped and

Re: [squid-dev] v5.4 backports

On 21/01/22 08:20, Alex Rousskov wrote: On 1/18/22 5:31 AM, Amos Jeffries wrote: The following changes accepted into v6 are also eligible for v5 but have issues preventing me scheduling them. This has conflicts I need some assistance resolving. So will not being doing the backport myself

Re: [squid-dev] RFC: Adding a new line to a regex

candidate. Details below. On 1/21/22 12:42 PM, Amos Jeffries wrote: On 20/01/22 10:32, Alex Rousskov wrote: We have a use case where a regex in squid.conf should contain/match a new line [...] This email discusses the problem and proposes how to add a new line (and other special characters) to reg

Re: [squid-dev] RFC: Adding a new line to a regex

On 20/01/22 10:32, Alex Rousskov wrote: Hello, We have a use case where a regex in squid.conf should contain/match a new line (i.e. ASCII LF). I do not know whether there are similar use cases with the existing squid.conf regex directives, but that is not important because we are adding a

Re: [squid-dev] RFC: Adding a new line to a regex

On 21/01/22 07:27, Eduard Bagdasaryan wrote: I would concur with Alex that (4) is preferable: It does not break old configurations, re-uses existing mechanisms and allows to apply it only when/where required. I have one more option for your consideration: escaping with a backtick (e.g., `n)

[squid-dev] v5.4 backports

The following changes accepted into v6 are also eligible for v5 but have issues preventing me scheduling them. This has conflicts I need some assistance resolving. So will not being doing the backport myself. If you are interested please open a PR against v5 branch for the working backport

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 27/12/21 10:11, Alex Rousskov wrote: On 12/26/21 10:30 AM, Francesco Chemolli wrote: On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: If we manage to and agree on what platforms to "support" and on removing code dedicated to unsupported platforms, great! If we fail, I would like to

Re: [squid-dev] Squid does not accept WCCP of Cisco router since CVE 2021-28116

On 6/12/21 12:11, Andrej Mikus wrote: Hi, I would like to find some information about wccp servers (routers, firewalls, etc) that are officially supported and therefore tested for compatibility. I thought there would be this kind of page published in squid wiki but failed to locate one. Since

Re: [squid-dev] RFC: Categorize level-0/1 messages

On 21/10/21 16:16, Alex Rousskov wrote: On 10/20/21 3:14 PM, Amos Jeffries wrote: On 21/10/21 4:22 am, Alex Rousskov wrote: To facilitate automatic monitoring of Squid cache.logs, I suggest to adjust Squid code to divide all level-0/1 messages into two major categories -- "problem mes

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 5/12/21 22:44, Francesco Chemolli wrote: Hi all, continuing the conversation from https://github.com/squid-cache/squid/pull/942#issuecomment-986055422 to a bigger forum The discussion started out of a number of PRs meant to remove explicit support for obsolete platforms such as OSF/1,

Re: [squid-dev] request for change handling hostStrictVerify

On 1/11/21 20:59, kk wrote: On Saturday, October 30, 2021 01:14 GMT, Alex Rousskov wrote: On 10/29/21 8:37 PM, Amos Jeffries wrote: > On 30/10/21 11:09, Alex Rousskov wrote: >> On 10/26/21 5:46 PM, kk wrote: >> >>> - Squid enforces the Client to use SNI >>&g

Re: [squid-dev] request for change handling hostStrictVerify

On 30/10/21 11:09, Alex Rousskov wrote: On 10/26/21 5:46 PM, k...@sudo-i.net wrote: - Squid enforces the Client to use SNI - Squid lookup IP for SNI (DNS resolution). - Squid forces the client to go to the resolved IP AFAICT, the above strategy is in conflict with the "SECURITY NOTE"

Re: [squid-dev] RFC: Categorize level-0/1 messages

On 21/10/21 4:22 am, Alex Rousskov wrote: Hello, Nobody likes to be awaken at night by an urgent call from NOC about some boring Squid cache.log message the NOC folks have not seen before (or miss a critical message that was ignored by the monitoring system). To facilitate automatic

Re: [squid-dev] Incoming breaking changes to OpenSSL API

On 20/09/21 7:16 pm, Francesco Chemolli wrote: Hi all, Fedora Rawhide has upgraded openssl to version 3, and the results can be seen at https://build.squid-cache.org/job/anybranch-arm64-matrix/COMPILER=gcc,OS=fedora-rawhide,label=arm64/10/console For example: In file included from

Re: [squid-dev] Squid 4.13: too much memory used for ACL url_regex when big list file used

On 17/08/21 5:45 am, Meridoff wrote: Hello, I have simplest squid config with such acl: acl a1 url_regex "/tmp/urls.txt" In /tmp/urls.txt there are about 220 000 URL regexps, most of them in such form (example): ^(https?|ftp)://([a-z0-9.-]+\.)?nicebox\.pro(/.*)?$ OR

Re: [squid-dev] Coding Style updates

On 15/08/21 3:44 am, Alex Rousskov wrote: On 8/12/21 8:31 PM, Amos Jeffries wrote: I am aware that Factory ... prefers the one-line style. Factory does not prefer the one-line style. The existence of such a style requirement on Factory developers, and thus need for Squid code to match

Re: [squid-dev] Coding Style updates

On 13/08/21 4:28 am, Alex Rousskov wrote: On 8/12/21 12:42 AM, Amos Jeffries wrote: 1) return type on separate line from function definition. Current style requirement:   template<...>   void   foo(...)   {     ...   } AFAIK, this based on GNU project style preferences from t

[squid-dev] Coding Style updates

Hi all, Now that we have astyle 3.1 for style enforcement we can take advantage of it to perform a few code style change that older versions could not. Before I do any work testing they work I'd like to review the relevant details of our style guidelines and see if we actually want to keep

Re: [squid-dev] Compilling squid

On 23/07/21 6:00 pm, phenom252525 wrote: Hello again, I wrote to you not long ago. I have a question, since I am a novice linux user, I would like to learn how to compile and install the latest squid from source, for example squid 4.15. I have Ubuntu server installed on 18.04.05 with latest

Re: [squid-dev] Strategy about build farm nodes

On 4/05/21 2:29 am, Alex Rousskov wrote: On 5/3/21 12:41 AM, Francesco Chemolli wrote: - we want our QA environment to match what users will use. For this reason, it is not sensible that we just stop upgrading our QA nodes, I see flaws in reasoning, but I do agree with the conclusion -- yes,

Re: [squid-dev] squid-5.0.5-20210223-r4af19cc24 difference in behaviors between openbsd and linux

On 29/03/21 6:16 am, Eliezer Croitoru wrote: Hey Robert, I am not sure I understood what is the meaning of the description: openbsd: Requiring client certificates. linux: Not requiring any client certificates @Eliezer: They are startup messages Squid prints in cache.log when a TLS server

Re: [squid-dev] Extremely questionable code in Basic authentication module

On 25/03/21 10:18 am, Joshua Rogers wrote: Hi there, I was looking at the file src/auth/basic/UserRequest.cc, in function Auth::Basic::UserRequest::module_direction:     case Auth::Ok:         if (user()->expiretime + static_cast(Auth::SchemeConfig::Find("basic"))->credentialsTTL <=

Re: [squid-dev] Questionable default 'range_offset_limit ' option

On 19/03/21 6:13 pm, Joshua Rogers wrote: Hi there, According to http://www.squid-cache.org/Doc/config/range_offset_limit/ , 'range_offset_limit' is by default 'none'. This directive is an access control like http_access, but

Re: [squid-dev] Squid Windows: System Requirements/Metrics

Hi Anuj, The details we have about Squid for Windows can all be found at . You may want to also look at the Diladele website linked from that wiki page for any details they have found in relation to their Windows packages. Amos

Re: [squid-dev] rfc1738.c

On 30/10/20 12:17 am, Damian Wojslaw wrote: Helo I've been recently following the PR that addresses issue with authentication in cachemgr.cc. It was mentioned that rfc1738_do_escape could use changing so it doesn't return static buffer. The latest Squid have AnyP::Uri::Encode() whic uses a

Re: [squid-dev] Jenkins situation

On 5/08/20 1:26 pm, Amos Jeffries wrote: > Hi all, > > With the recent Jenkins randomly failing builds due to git pull / fetch > failures I am having to selectively disable the PR Jenkins block on PR > merging for some hrs. Previous "normal" situation appears to be

[squid-dev] Jenkins situation

Hi all, With the recent Jenkins randomly failing builds due to git pull / fetch failures I am having to selectively disable the PR Jenkins block on PR merging for some hrs. Please do not mark any PRs with "M-cleared-for-merge" until further notice. I will do this myself with coordination on

Re: [squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

On 30/07/20 6:41 am, Alex Rousskov wrote: > On 7/15/20 3:14 PM, Alex Rousskov wrote: > >> I propose to add a new tls_key_log directive to record TLS >> pre-master secret (and related encryption details) for to- and >> from-Squid TLS connections. This very useful triage feature is common >>

Re: [squid-dev] TR: SQUID-4.12 build ACL_HELPER

On 28/07/20 1:26 am, Ferdinand Michael wrote: > Hello, > >   > > I have a problem with the compilation everything works except the > ACL_helpers. > I doubt that statement is correct. This line: checking for ldap.h... (cached) no Says that a previous test for LDAP library dev files (eg by

Re: [squid-dev] OpenSSL 3.0 support at last

On 24/07/20 3:24 am, Christos Tsantilas wrote: > On 23/7/20 7:08 π.μ., Amos Jeffries wrote: >> Hi guys, >> >> OpenSSL 3.0 with their new GPL compatible license is becoming available >> now in Debian and that means we can finally auto-enable all OpenSSL >&g

[squid-dev] OpenSSL 3.0 support at last

Hi guys, OpenSSL 3.0 with their new GPL compatible license is becoming available now in Debian and that means we can finally auto-enable all OpenSSL features when building against that version. I am starting test build now to see how much breakage we have to work through for a basic compile. Is

Re: [squid-dev] RFC: making TrieNode less memory-hungry

On 20/06/20 9:13 am, Francesco Chemolli wrote: > Hi all, >   I'm looking at the TrieNode code, and while it's super fast, it's > quite memory-hungry: each node uses 2kb of RAM for the children index > and any moderately-sized Trie has plenty of nodes. On the upside, it's > blazing fast. > > How

[squid-dev] Proposed focus for Squid-6

I have been asked a few weeks ago about what the "goal for Squid-6" is going to be. The last few version we have focused on C++11 optimizations and code upgrades. While the code is not entirely C++11 (and may never be) new additions are routinely using and upgrading code to the improved language

Re: [squid-dev] RFC: Modernizing sources using clang-tidy

On 20/04/20 2:02 pm, Alex Rousskov wrote: > Hello, > > Squid sources contain a lot of poorly written, obsolete, and > inconsistent code that (objectively) complicates development and > (unfortunately) increases tensions among developers during review. > > Some of those problems can be solved

Re: [squid-dev] Squid command

On 27/05/20 2:25 pm, pic rat rat wrote:> Dear sir, > > We've found problem of squid program after config in squid.conf > "ssl-bump generate-host-certificates=on," I hope that comma ',' is not in your config file. If it is that would be the problem. > service is not run, however I remove

Re: [squid-dev] cppunit -> googletest / gmock?

On 31/05/20 5:27 am, Francesco Chemolli wrote: > Hi all, >    starting from a PR in a conversation with Alex about our current > approach to unit testing being painful, I've checked what alternatives > would we have and how practical would they be. > > An easy first option would be

Re: [squid-dev] squid master build with alternate openssl fails

On 10/05/20 7:53 pm, Amos Jeffries wrote: > On 10/05/20 7:02 pm, Christos Tsantilas wrote: >> On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >>> Does this change resolve the issue for you? >> >> It is a step but this is not enough. >> >> I am attaching a pat

Re: [squid-dev] squid master build with alternate openssl fails

On 10/05/20 7:02 pm, Christos Tsantilas wrote: > On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >> Does this change resolve the issue for you? > > It is a step but this is not enough. > > I am attaching a patch which finally solved the issue. However still it > is not enough,

Re: [squid-dev] squid master build with alternate openssl fails

On 9/05/20 2:58 am, Alex Rousskov wrote: > On 5/8/20 10:12 AM, Christos Tsantilas wrote: > >> Squid master 699ade2d fails to build with an alternate OpenSsl, when the >> "--with-openssl=/path/to/openssl" is used. > > Francesco, builds with custom OpenSSL paths are not that uncommon, > especially

Re: [squid-dev] squid master build with alternate openssl fails

Does this change resolve the issue for you? diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 7f5a72e5b..5860b690e 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -188,9 +188,9 @@ AC_DEFUN([SQUID_OPTIONAL_LIB],[ squid_auto_lib=`echo $1|tr "\-" "_"`

Re: [squid-dev] RFC: cacheMatchAcl

On 4/04/20 7:49 pm, Francesco Chemolli wrote: > I am not sure about what you recommend to do here. > This cache is IMO over complicated and it breaks layering. > I’m mostly done in a PR replacing the dlink with a std::list but without > changing the overall design. It does kill a few tens of lines

Re: [squid-dev] RFC: cacheMatchAcl

On 4/04/20 3:34 am, Alex Rousskov wrote: > On 4/3/20 7:25 AM, Francesco Chemolli wrote: > >>   I'm looking at places where to improve things a bit, and I stumbled >> across cacheMatchAcl . It tries hard to be generic, but it is only ever >> used in ACLProxyAuth::matchProxyAuth . Would it make

Re: [squid-dev] squid.conf future

On 25/02/20 6:11 am, Alex Rousskov wrote: > On 2/24/20 3:11 AM, Amos Jeffries wrote: > >> While doing some polish to cf_gen tool (PR #558) I am faced with some >> large code edits to get that tool any more compliant with our current >> guidelines. With that comes the quest

[squid-dev] squid.conf future

Hi all, While doing some polish to cf_gen tool (PR #558) I am faced with some large code edits to get that tool any more compliant with our current guidelines. With that comes the question of whether that more detailed work is worth doing at all ... For the future I am considering a switch of

Re: [squid-dev] Want to integrate squid github to Jenkins CI

On 23/01/20 2:45 am, Justin Michael Schwartzbeck wrote: > The SHA list sounds great. Thanks for that. I notice that 4.10 is not > there? Is it not considered "stable" officially? > Ah, seems a small bug in our server scripts. Fixed now. Amos ___

Re: [squid-dev] Want to integrate squid github to Jenkins CI

On 22/01/20 5:30 pm, Justin Michael Schwartzbeck wrote: > Hi Amos, thanks for replying. > > So I guess maybe I need to narrow this down a little bit more. Is there > some programmatic way that I can get the *latest stable release* > *version* and *source download link*? > Right now I can do this

Re: [squid-dev] Want to integrate squid github to Jenkins CI

On 21/01/20 12:52 pm, agent_js03 wrote: > Hi all, > > I am putting together a squid + content filter solution using docker and > kubernetes. > Right now I am setting up a CI system in Jenkins so that when there is a new > release of squid, it will pull the code, build a new container,and then >

Re: [squid-dev] Efficient FD annotations

On 8/01/20 3:39 am, Alex Rousskov wrote: > On 1/7/20 1:39 AM, Amos Jeffries wrote: >> On 7/01/20 4:28 am, Alex Rousskov wrote: >>> For the record: The ideas below are superseded by the concept of the >>> code context introduced in commit ccfbe8f, including the >>

Re: [squid-dev] Timeouts for abandoned negative reviews

On 9/01/20 11:20 am, Alex Rousskov wrote: > Hello, > > Squid GitHub pull requests have the following problem: A core > developer can stall PR progress by submitting a negative review and then > ignoring the PR (despite others reminding them that the reviewer action > is required). Such

Re: [squid-dev] Efficient FD annotations

On 7/01/20 4:28 am, Alex Rousskov wrote: > For the record: The ideas below are superseded by the concept of the > code context introduced in commit ccfbe8f, including the > fde::codeContext field. --Alex > If you want to go that way (replace fde:note with fde:codeContext) we are going to have to

Re: [squid-dev] Squid-5 status update and RFI

On 31/12/19 3:01 am, Alex Rousskov wrote: > On 12/30/19 4:46 AM, Amos Jeffries wrote: >> >> The v5 branch will be bumped to master HEAD >> commit in a few hours then the documentation update PRs for stage 2 will >> proceed. > > I would wait for all pending v5

Re: [squid-dev] Squid-5 status update and RFI

Summary: <https://wiki.squid-cache.org/ReleaseProcess#General_Release_Process_Guidelines> Stage 1 is now complete. The v5 branch will be bumped to master HEAD commit in a few hours then the documentation update PRs for stage 2 will proceed. On 5/09/19 10:37 pm, Amos Jeffries wrote

Re: [squid-dev] PRs ready for merge

On 11/10/19 11:41 am, Alex Rousskov wrote: > Hi Amos, > > I believe the following two PRs are ready to go in. I added the > corresponding comments and labels to these PRs. I did not hear from you > since then, and I do not know whether you are OK with these PRs going in > or just unaware of

[squid-dev] Squid-5 status update and RFI

Hi all, A request today for backporting large changes to v4 has prompted me to take a look at where Squid-5 is in terms of being ready for branching. As of a few weeks ago it passed the criteria for feature count. There are 3 new major or higher bugs right now, 23 new ones in total already

Re: [squid-dev] Fix handling of tiny invalid responses in v4

On 3/07/19 3:51 am, Alex Rousskov wrote: > Hi Amos, > > Do you plan to commit the following v5/master fix to v4? If that is > your plan, then what is the current ETA and do you need help with > porting or testing these changes to/in v4? > I plan to spend most of the next 4 days on Squid

[squid-dev] HTTP body/payload Digest mechanism

Hi all, The HTTPbis Working Group has adopted the following feature specification for delivering resource/representation Digest checksums into HTTP. I know some of you were interested earlier in relation to Content-MD5 (being

[squid-dev] Absence

Hi guys, I will be effectively offline for the next few days. There are some PR needing my review or re-review. As well as backports to v4. I intend to get to them as soon as I am back. Cheers Amos ___ squid-dev mailing list

[squid-dev] Squid-5 status update

Hi all, So being January and fielding questions about when v5 will be released I have taken a look at the state of trunk/HEAD/master code to see whether or not there is enough change to be worth a new Squid series. Right now things are looking close but not quite enough. The details I am

Re: [squid-dev] [RFC] Do we want paranoid_hit_validation?

On 9/01/19 4:01 am, Alex Rousskov wrote: > On 1/8/19 1:50 AM, Amos Jeffries wrote: >> On 8/01/19 4:58 pm, Alex Rousskov wrote: >>> This particular validation does not require checksums or other expensive >>> computations. It does not require disk I/O. The code sim

Re: [squid-dev] [RFC] Do we want paranoid_hit_validation?

On 8/01/19 4:58 pm, Alex Rousskov wrote: > Hello, > > Squid has a few bugs that may result in rock cache corruption. > Factory is working on fixing those bugs. During that work, we have added > support for validating rock disk cache entry metadata at the time of a > cache hit. > > This

Re: [squid-dev] how i can make each user to use only specify port in squid proxy

ar whether the problem you are currently seeing is going to help you reach your actual goal or just a problem on the way to an irrelevant situation. Please provide more precise details about what you are doing when you re-post to squid-users. That will greatly improve any assistance people ca

Re: [squid-dev] TLS 1.3 0rtt

On 16/11/18 3:07 am, Marcus Kool wrote: > After reading > https://www.privateinternetaccess.com/blog/2018/11/supercookey-a-supercookie-built-into-tls-1-2-and-1-3/ > I am wondering if the TLS 1.3 implementation in Squid will have an > option to disable the 0rtt feature so that user tracking is

Re: [squid-dev] modify source code and change the name from "squid" to other name

On 2/10/18 9:36 AM, --Ahmad-- wrote: > just curious to do and tell my friends i have some thing uniqe :) > Renaming source code is not unique. Squid-2.6 and Squid-2.7 were actually a fork of the main Squid source code. "Lusca" is the name of a proxy forked off Squid-2.7. "SquidNT" is another old

Re: [squid-dev] Converting squid to library

On 05/08/18 18:57, Manju Prabhu wrote: > Hi Amos, > Sure, thanks.  > > Initially, I am planning to try to use f-stack. Something, similar > to  > https://github.com/F-Stack/f-stack/blob/master/doc/F-Stack_Nginx_APP_Guide.md > F-stack provides wrappers around POSIX APIs.\ > So, apart from squid

Re: [squid-dev] How to rewrite URL in squid proxy server according to client's custom request header?

On 01/08/18 08:27, Abu Noman wrote: > How can I rewrite the destination in Squid proxy server according to the > client's request header? > This is a usage question. Please followup in squid-users mailing list. The answer is yes and no. No - Squid does not do any re-writing. It calls a helper

Re: [squid-dev] Converting squid to library

On 02/08/18 18:32, Manju Prabhu wrote: > Hi, > I plan to use Squid for ssl-proxy in my project. However, I have my own > data-path and TCP stack I want to try it out with for performance > reasons. The TCP stack could be in user-space for example, if I use DPDK. > > * Is there any potential

Re: [squid-dev] Squid versioning

On 31/07/18 05:11, Lubos Uhliarik wrote: > Hey all, > > I wanted to ask, how is it now with squid versioning. Is configuration from > version 4.1 backward > compatible with version 4.0? Maybe, but don't count on it. 4.0.z are betas where things are slightly broken at points. 4.y (with y > 0)

Re: [squid-dev] Allowing the admin to decide if a specific DNS+ip is ok for caching.

On 19/07/18 04:56, Eliezer Croitoru wrote: > Hey Squid-Dev’s, > >   > > Currently Squid-Cache forces Host Header Forgery on http and https requests. > > -  https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery > Forces? no. Prevents. > Squid is working properly or “the best”

Re: [squid-dev] Terminating ICAP requests for aborted HTTP requests

On 12/07/18 03:46, Alex Rousskov wrote: > On 07/11/2018 07:54 AM, Steve Hill wrote: > >> the HTTP client had made a request which has been forwarded onto >> the web server, the web server has started responding, Squid is sending >> the response body to the RESPMOD ICAP service and is forwarding

[squid-dev] Squid-3.5 future

Hi all, Now that Squid-4 has finally achieved a stable release its time to formally deprecated support for Squid-3.5 series. As per policy Squid-3.5 is officially deprecated as of today. I would normally release a final 3.5 tarball alongside the 4.1 tarball. But due to time constraints have

Re: [squid-dev] Support lower case http/ spn format for realmd/adcli join support.

On 28/06/18 08:24, Mike Surcouf wrote: > Thanks Amos for your comprehensive reply..  open SSH requires lower case > host/ and as you say windows doesn't seem to care so they solved it for > that case but seems that uppercase is the convention for HTTP. >   Do you have an official reference for

Re: [squid-dev] Support lower case http/ spn format for realmd/adcli join support.

On 27/06/18 06:53, Mike Surcouf wrote: > Correction > >> supports lowercases all SPNs > > should read > > lowercases all SPNs (you don’t have an option) > > so it always produces http/hostn...@realm.com > > This is a conscious decision by the adcli team > >

[squid-dev] Squid-4.1 (stable)

The latest Squid-4 beta has now passed 14 days with no new major bugs being reported. That means I can start the final countdown for the Squid-4.1 release. Unless something new comes up I intend to bundle that release on 2018-06-30. Amos ___

Re: [squid-dev] squid to assign dedicated ip to clients behind same network/router

[ this dev list is not appropriate for proxy usage questions. Please address questions and requests for help using Squid to the squid-users mailign list. ] On 12/06/18 07:48, desis wrote: > > I have successfully installed squid server (On Centos) .. My servers has Which version of Squid on

Re: [squid-dev] Squid test-suite / benchmarks

On 17/06/18 20:36, Stoica Bogdan Alexandru wrote: > Hi all, > > > I’ve asked the same questions on the squid-user distribution list, but > perhaps is better to ask the developers. > >   > > We’re a small research team interested in benchmarking Squid for a > research project. > > In short, we

Re: [squid-dev] Squid-4 status update

Hi everybody, So far as I am aware these are the only remaining issues blocking stable release: * Bug 4710 - crash with on_unsupported_protocol and eCAP This may already be gone. I have not been able to reproduce it in the current v4 code. If we dont have confirmation that it is still

  1   2   3   4   5   6   7   8   9   10   >