stage_for_upstream/v2.7f has been created on github. https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7f https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7f.zip
I feel there's a strong case to add the = and - characters back to safe_url handling in http.c. (redirect_reply) It's here: Pretty: https://github.com/goochjj/pound/commit/a2863b0248d4809771be54518ec6a8a6ebc9db8b Raw: https://github.com/goochjj/pound/commit/a2863b0248d4809771be54518ec6a8a6ebc9db8b.patch And I say "add back" because 2.6 allowed these characters, while 2.7 does not. We've had multiple requests related to this. (github + mailing list) Personally, I like all the changes in my branch and I think they should all be considered. We've had mailing list issues requesting IncludeDir, ThreadModel, CertDir, and OrURLs, all of which people are using but don't exist in the official 2.7 branch. But if nothing else, the patch above should be added. Also, given the DH implementation in pound official 2.7e (Looks like 2048 bit was added)... Could someone please test this against ssllabs? I implemented my DH patch the way I did because it seemed like no matter what I threw at pound, the dh_tmp_callback never returns a bits value >1024. That's why I skipped the callback entirely when I implemented it in pcidss/v2.6 and the stage_for_upstream branches. SSL labs was still showing 1024bit, even when I made 2048bit keys available. Joe On 12/8/14, 8:58 AM, Robert Segall wrote: > This is to announce the release of Pound v2.7e. This is an experimental > version. Changes since version 2.7d: > > Enhancements: > - added support for elliptical curve encryption > - added support for larger DH keys > - added protocol version in X-SSL-cipher (Tom Fitzhenry) > > Bug fixes: > - fixed potential memory leak on client certificates (Frank Schmirler) > - fixed alt names problem (Joe Gooch) > - removed debugging messages > > Many thanks to all contributors. > > The software is at version 2.7e (beta quality). Further testing > (especially under heavy loads), improvements and suggestions are > welcome. > > Unless somebody comes up with some urgent changes, this should be considered > a 2.7 release candidate -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
