[trafficserver] branch 9.0.x updated: Updated ChangeLog
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new b58aaa9 Updated ChangeLog b58aaa9 is described below commit b58aaa9de8da43e55a8e94811dae4398f3fbdfde Author: Leif Hedstrom AuthorDate: Sat Oct 5 15:22:21 2019 -0600 Updated ChangeLog --- CHANGELOG-9.0.0 | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG-9.0.0 b/CHANGELOG-9.0.0 index 748314d..79959cd 100644 --- a/CHANGELOG-9.0.0 +++ b/CHANGELOG-9.0.0 @@ -794,6 +794,7 @@ Changes with Apache Traffic Server 9.0.0 #5935 - Perform a SSL quiet shutdown when close-notify is not sent #5939 - Remove hard coded filename in error message #5955 - Fix debug output for global_user_agent_header. + #5956 - Turn on certificate verification, in permissive mode for now #5959 - Clear api set bit to avoid crash in following redirect. #5961 - Clarify docs on the change from redirect_enabled. #5962 - Removed hardcoded sni.yaml configuration filename in logs
[trafficserver] branch 9.0.x updated: Turn on certificate verification, in permissive mode for now
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new 2d142ef Turn on certificate verification, in permissive mode for now 2d142ef is described below commit 2d142efd025d7e48d6a6ac0c7b7eb3792ceb2440 Author: Leif Hedstrom AuthorDate: Tue Sep 24 11:30:38 2019 -0600 Turn on certificate verification, in permissive mode for now (cherry picked from commit 04982180df1de9996e9df207bae37ba200882096) --- configs/records.config.default.in | 2 +- doc/admin-guide/files/records.config.en.rst | 2 +- mgmt/RecordsConfig.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/records.config.default.in b/configs/records.config.default.in index 61028b0..df417bc 100644 --- a/configs/records.config.default.in +++ b/configs/records.config.default.in @@ -163,7 +163,7 @@ CONFIG proxy.config.reverse_proxy.enabled INT 1 # https://docs.trafficserver.apache.org/records.config#client-related-configuration # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_multicert.config.en.html ## -CONFIG proxy.config.ssl.client.verify.server.policy STRING DISABLED +CONFIG proxy.config.ssl.client.verify.server.policy STRING PERMISSIVE CONFIG proxy.config.ssl.client.verify.server.properties STRING ALL CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES [...] diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index e4d94c6..c8284d5 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -3349,7 +3349,7 @@ SSL Termination Client-Related Configuration -.. ts:cv:: CONFIG proxy.config.ssl.client.verify.server.policy STRING DISABLED +.. ts:cv:: CONFIG proxy.config.ssl.client.verify.server.policy STRING PERMISSIVE :reloadable: :overridable: diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 71214fb..92adf0f 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1098,7 +1098,7 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.client.verify.server", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.client.verify.server.policy", RECD_STRING, "DISABLED", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.client.verify.server.policy", RECD_STRING, "PERMISSIVE", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.client.verify.server.properties", RECD_STRING, "ALL", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} ,
[trafficserver] branch master updated: Turn on certificate verification, in permissive mode for now
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 0498218 Turn on certificate verification, in permissive mode for now 0498218 is described below commit 04982180df1de9996e9df207bae37ba200882096 Author: Leif Hedstrom AuthorDate: Tue Sep 24 11:30:38 2019 -0600 Turn on certificate verification, in permissive mode for now --- configs/records.config.default.in | 2 +- doc/admin-guide/files/records.config.en.rst | 2 +- mgmt/RecordsConfig.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/records.config.default.in b/configs/records.config.default.in index 61028b0..df417bc 100644 --- a/configs/records.config.default.in +++ b/configs/records.config.default.in @@ -163,7 +163,7 @@ CONFIG proxy.config.reverse_proxy.enabled INT 1 # https://docs.trafficserver.apache.org/records.config#client-related-configuration # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_multicert.config.en.html ## -CONFIG proxy.config.ssl.client.verify.server.policy STRING DISABLED +CONFIG proxy.config.ssl.client.verify.server.policy STRING PERMISSIVE CONFIG proxy.config.ssl.client.verify.server.properties STRING ALL CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES [...] diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index e4d94c6..c8284d5 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -3349,7 +3349,7 @@ SSL Termination Client-Related Configuration -.. ts:cv:: CONFIG proxy.config.ssl.client.verify.server.policy STRING DISABLED +.. ts:cv:: CONFIG proxy.config.ssl.client.verify.server.policy STRING PERMISSIVE :reloadable: :overridable: diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 71214fb..92adf0f 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1098,7 +1098,7 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.client.verify.server", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.client.verify.server.policy", RECD_STRING, "DISABLED", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.client.verify.server.policy", RECD_STRING, "PERMISSIVE", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.client.verify.server.properties", RECD_STRING, "ALL", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} ,
[trafficserver] branch 8.0.x updated: Concurrent SRV request failures
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.0.x by this push: new 36ac629 Concurrent SRV request failures 36ac629 is described below commit 36ac62973735f311d41c5dcd63e8c0a2ff22b777 Author: Vijay Mamidi AuthorDate: Sat Oct 5 00:23:06 2019 -0700 Concurrent SRV request failures (cherry picked from commit bf0140612866699d174355c6f95f886463090c33) --- iocore/hostdb/HostDB.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc index 6dcf7ea..b70238e 100644 --- a/iocore/hostdb/HostDB.cc +++ b/iocore/hostdb/HostDB.cc @@ -1605,7 +1605,7 @@ HostDBContinuation::probeEvent(int /* event ATS_UNUSED */, Event *e) } if (action.continuation && r) { - reply_to_cont(action.continuation, r.get()); + reply_to_cont(action.continuation, r.get(), is_srv()); } // If it suceeds or it was a remote probe, we are done
[trafficserver] branch 9.0.x updated: Concurrent SRV request failures
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/9.0.x by this push: new 5fe0b79 Concurrent SRV request failures 5fe0b79 is described below commit 5fe0b79170de26f1887e2edd4fde370208c836ec Author: Vijay Mamidi AuthorDate: Sat Oct 5 00:23:06 2019 -0700 Concurrent SRV request failures (cherry picked from commit bf0140612866699d174355c6f95f886463090c33) --- iocore/hostdb/HostDB.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc index 991071c..512781f 100644 --- a/iocore/hostdb/HostDB.cc +++ b/iocore/hostdb/HostDB.cc @@ -1556,7 +1556,7 @@ HostDBContinuation::probeEvent(int /* event ATS_UNUSED */, Event *e) } if (action.continuation && r) { - reply_to_cont(action.continuation, r.get()); + reply_to_cont(action.continuation, r.get(), is_srv()); } // If it succeeds or it was a remote probe, we are done
[trafficserver] branch master updated: Concurrent SRV request failures
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new bf01406 Concurrent SRV request failures bf01406 is described below commit bf0140612866699d174355c6f95f886463090c33 Author: Vijay Mamidi AuthorDate: Sat Oct 5 00:23:06 2019 -0700 Concurrent SRV request failures --- iocore/hostdb/HostDB.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc index 991071c..512781f 100644 --- a/iocore/hostdb/HostDB.cc +++ b/iocore/hostdb/HostDB.cc @@ -1556,7 +1556,7 @@ HostDBContinuation::probeEvent(int /* event ATS_UNUSED */, Event *e) } if (action.continuation && r) { - reply_to_cont(action.continuation, r.get()); + reply_to_cont(action.continuation, r.get(), is_srv()); } // If it succeeds or it was a remote probe, we are done