Hi,
HAProxy 2.3-dev5 was released on 2020/09/25. It added 104 new commits
after version 2.3-dev4.
Willy has finally finished the first part of the listeners rework and
pushed a bunch of patches. First, the listener and bind_conf structures
have been reorganized to better suite the new design. The listening socket
settings have been moved in a dedicated structure, inlined in the
bind_conf. Thanks to this change, it has been possible to split the
listeners into the listener part and the receiver part. The protocols have
then been reworked to have a listener callback function, responsible to
start a listener and a bind callback function, responsible to bind the
receiver. Both were previously performed by the same callback function. In
addition, common functions used for a given address familily (INET4, INET6,
UNIX...) have been regrouped into a new structure, proto_fam, and
referenced in the protocols. And the last be not the least, the
str2sa_range() function, responsible to parse addresses, has been totally
refactored to be less ambiguous. This function was full of exceptions to
guess the calling context. Now, it is the caller responsibility to provide
desired parsing options.
All this description is probably a bit cryptic and it does not do Willy's
work justice. It was amazingly hard and painful to unmangle. But, it was a
mandatory step to add the QUIC support. The next changes to come in this
area are about the way listeners, receivers and proxies are started,
stopped, paused or resumed.
On his part, William has removed the support of the multi certificates
bundle, to load each certificate in a separate SSL_CTX. This was
implemented with openssl 1.0.2 to load different certificates (RSA, ECDSA
and DSA) for the same SNI host, in the same SSL_CTX, before the
client_hello callback was available. It is now a deprecated way to do and
a mess to maintain. He has also fixed a bug about the verifyhost option
which should be case insensitive.
Still on the SSL part, Olivier has fixed a crash when we were waiting for
the availability of the crypto engine. In its FD handler function, the I/O
callback function was called directly with a NULL tasklet, leading to a
crash. Now, a tasklet wakeup is performed.
The "path-only" option has been added to "balance uri" to have a
consistent way to balance H1 and H2 requests, based on the path, excluding
any authority part.
Finally, the usual set of fixes. Two memory leaks during configuration
parsing have been fixed, thanks to Amaury and Eric. A subtle bug has been
fixed in the smp_prefetch_htx() function causing the "method" sample fetch
to fail for unknown method. And so on.
Thanks to everyone working on this release.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse: http://discourse.haproxy.org/
Slack channel: https://slack.haproxy.org/
Issue tracker: https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.3/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog: http://www.haproxy.org/download/2.3/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Amaury Denoyelle (1):
BUG/MINOR: config: Fix memory leak on config parse listen
Brad Smith (1):
BUILD: makefile: change default value of CC from gcc to cc
Christopher Faulet (1):
BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch
Eric Salama (1):
BUG/MINOR: Fix memory leaks cfg_parse_peers
Ilya Shipitsin (4):
CLEANUP: Update .gitignore
BUILD: introduce possibility to define ABORT_NOW() conditionally
CI: travis-ci: help Coverity to recognize abort()
CI: travis-ci: split asan step out of running tests
Miroslav Zagorac (1):
BUILD: trace: include tools.h
Olivier Houchard (1):
BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly.
Tim Duesterhus (3):
DOC: Fix typo in iif() example
BUG/MINOR: Fix type passed of sizeof() for calloc()
CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc'
William Lallemand (13):
BUG/MINOR: ssl: verifyhost is case sensitive
BUG/MINOR: ssl/crt-list: crt-list could end without a \n
MEDIUM: ssl: remove bundle support in crt-list and directories
MEDIUM: ssl/cli: remove support for multi certificates bundle
MINOR: ssl: crtlist_dup_ssl_conf() duplicates a ssl_bind_conf
MINOR: ssl: crtlist_entry_dup() duplicates a crtlist_entry
MEDIUM: ssl: emulates the multi-cert bundles in the crtlist
MEDIUM: ssl: emulate multi-cert bundles loading in standard loading
CLEANUP: ssl: remove test on "multi" variable in ckch functions
CLEANUP: ssl/cli: remove test on 'multi' variable in CLI functions
CLEANUP: ssl: remove utility functions for