On 12/07/2015 7:03 p.m., Kinkie wrote:
I tried it. Unfortunately it fails for those cases of debugs() which do not
use xstrerror, e.g.
../../src/esi/Element.h: In member function 'virtual bool
ESIElement::addElement(ESIElement::Pointer)':
../../src/esi/Element.h:64:74: error: unused
Merged to trunk as rev.14148 everything except the specific
options=NO_SSLv3 default value.
I still think its something we should be doing ASAP. But it can be a
followup later.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
Hi Christos,
If I am reading it right your earlier patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14145.patch
should already contain the fix for this bug.
Can you double-check that please?
Amos
On 10/07/2015 10:53 p.m., bugzilla-dae...@squid-cache.org wrote:
On 10/07/2015 3:18 a.m., Kinkie wrote:
Hi,
I'm going through the issues identified by Coverity Scan, in
chronological order.
This patch covers 11 defects, mostly unchecked return values. It also
converts unlinkd to c++ (original defect: using tainted strings). They have
all build-tested;
On 4/07/2015 1:48 a.m., Tsantilas Christos wrote:
I just show that I had forgot to attach the patch here.
Looks reasonable. +1.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 8/07/2015 4:28 a.m., Tsantilas Christos wrote:
Hi all,
When bumping Squid needs to send an Squid-generated error page over a
secure connection, Squid needs to generate a certificate for that
connection. Prior to these changes, several scenarios could lead to
Squid generating a
On 4/07/2015 4:09 a.m., Kinkie wrote:
Hi,
my review (copy-paste from IRC)
kinkie SBuf::size_type urlLen = ...
kinkie what about using auto?
yadi auto seems to only work sometimes.
kinkie O_O ?
In this case (./src/adaptation/icap/Options.cc) it makes the return type
non-const.
kinkie
On 2/07/2015 8:31 a.m., Alex Rousskov wrote:
On 06/30/2015 10:12 PM, Amos Jeffries wrote:
On 1/07/2015 10:11 a.m., Alex Rousskov wrote:
On 06/30/2015 09:27 AM, Amos Jeffries wrote:
* Change the tls_outgoing_options default value from disable which did
not parse previously (now does
On 1/07/2015 10:11 a.m., Alex Rousskov wrote:
On 06/30/2015 09:27 AM, Amos Jeffries wrote:
* Change the tls_outgoing_options default value from disable which did
not parse previously (now does). To setting TLS/1.0 minimum version with
SSLv3 disabled.
NAME: tls_outgoing_options
Sorry for the size of this one. The bulk of this patch is symbol
shuffling to de-duplicate the TLS settings storage and parsing code.
The actual changes are relatively small:
* Shuffle relevant AnyP::PortCfg settings into a Security::PeerOptions
member object.
- removes a lot of duplicate
On 24/06/2015 3:26 a.m., Alex Rousskov wrote:
On 06/19/2015 06:46 PM, Amos Jeffries wrote:
On 20/06/2015 4:54 a.m., Alex Rousskov wrote:
Hello,
The attached trunk patch fixes a rare but nasty problem by removing
a very old hack which shielded Squid from parsing most CONNECT responses
On 24/06/2015 2:54 a.m., Tsantilas Christos wrote:
Currently, Squid cannot redirect intercepted connections that are
subject to SslBump rules to _originserver_ cache_peer. For example,
consider Squid that enforces safe search by redirecting clients to
forcesafesearch.example.com. Consider a
On 29/06/2015 12:12 a.m., Amos Jeffries wrote:
On 24/06/2015 3:26 a.m., Alex Rousskov wrote:
On 06/19/2015 06:46 PM, Amos Jeffries wrote:
On 20/06/2015 4:54 a.m., Alex Rousskov wrote:
Hello,
The attached trunk patch fixes a rare but nasty problem by removing
a very old hack which
On 26/06/2015 7:55 a.m., Alex Rousskov wrote:
On 06/25/2015 08:13 AM, Amos Jeffries wrote:
Which is why I want to go the route of HTTP/0.9 handling. Its
clear when products encounter it and cause themselves problems.
Sigh. You are repeating essentially the same argument as before. Any
let's
On 26/06/2015 5:36 a.m., Kinkie wrote:
Hi,
judging from the latest builds (jenkins was stuck for a while) it seems
that there's serious issues with std::atomic in libc++-6.4 with clang.
Any objections to deprecating these OS/compiler combinations for trunk? gcc
works fine.
None, here.
workaround for people having this issue you
found since related parse should be on by default IIRC.
On Wed, Jun 24, 2015 at 10:12 PM, Alex Rousskov wrote:
On 06/24/2015 05:26 AM, Amos Jeffries wrote:
On 24/06/2015 5:55 p.m., Alex Rousskov wrote:
This temporary trunk fix adds support
On 24/06/2015 5:55 p.m., Alex Rousskov wrote:
Hello,
This temporary trunk fix adds support for request URIs containing
'|' characters. Such URIs are used by popular Amazon product (and
probably other) sites: /images/I/ID1._RC|ID2.js,ID3.js,ID4.js_.js
Without this fix, all requests for
On 20/06/2015 4:54 a.m., Alex Rousskov wrote:
Hello,
The attached trunk patch fixes a rare but nasty problem by removing
a very old hack which shielded Squid from parsing most CONNECT responses.
Currently, Squid blindly forwards cache peer CONNECT responses to
clients when possible.
On 18/06/2015 11:42 p.m., James Hunter wrote:
Hi,
I've been looking to inject special JavaScript code into every HTML page
my squid proxy receives via HTTPS connections, this is for an
application where the users will be fully aware of the injection.
Lets start with how this is a truly
On 13/06/2015 11:46 p.m., Ulisses_Trolez wrote:
I'm using the users own the same squid not use NTLM.
Then it would be a bug you? I'll have to wait for the pfsense carry the
version 3.5 or can downgrade to an earlier version?
If it is bug 2907 then it affects all unpatched Squid versions. It
On 10/06/2015 2:50 a.m., Amos Jeffries wrote:
This adds a class Http1::Tokenizer, which inherits from
::Parser::Tokenizer and presents additional HTTP-specific token parsing
methods.
At present it extends for the quoted-string, 1#( token/ quoted-string ),
and qdtext constructs from RFC 7230
Absent objections I have applied this to trunk as rev.14114
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 7/06/2015 2:41 a.m., Nathan Hoad wrote:
Hello,
Attached is a patch making the changes recommended by Christos. I've
done as described, creating a Ssl::configureUnconfiguredSslContext
function, rather than making the changes to Ssl::configureSSL.
Christos, can you please review and apply
On 12/06/2015 4:56 p.m., Alex Rousskov wrote:
Fixed segmentation fault when freeing https_port clientca on reconfigure
or exit.
AnyP::PortCfg::clientCA list was double-freed, because the SSL context
takes ownership of the STACK_OF(X509_NAME) supplied via
SSL_CTX_set_client_CA_list(), but
On 5/06/2015 6:51 a.m., Paulo Matias wrote:
adds support for Ephemeral Elliptic Curve Diffie-Hellman (EECDH)
key exchange, which allows for forward secrecy with better performance than
traditional ephemeral DH.
Applied to trunk (Squid-4) as rev.14115.
Amos
On 13/06/2015 2:52 p.m., Ulisses_Trolez wrote:
Hi , Staff !
I am using squid 3.4.10_2 in a pfsense 2.2.2 and have in some crashes
moments in acess.log the squid logs because of the squid process be 100%
At that moment freezes customer navigation, returning in minutes later.
Hardware that
On 13/06/2015 1:54 a.m., Eray Aslan wrote:
Is there any particular reason we are shipping and building libltdl in
squid tarballs? Problem I am facing is when I run autoreconf,
libtoolize blindly copies over am__api_version -which has the automake
version libtool was compiled with and not the
This adds a class Http1::Tokenizer, which inherits from
::Parser::Tokenizer and presents additional HTTP-specific token parsing
methods.
At present it extends for the quoted-string, 1#( token/ quoted-string ),
and qdtext constructs from RFC 7230 and RFC 1945.
It can also cope with charset and
On 8/06/2015 8:34 p.m., Amos Jeffries wrote:
On 2/06/2015 11:21 a.m., Amos Jeffries wrote:
Remove several performance regressions incurred in earlier Parser-NG
updates by refactoring the class ChunkedCodingParser to a class
Http1::TeChunkedParser which parses an SBuf I/O buffer for chunked
On 2/06/2015 11:21 a.m., Amos Jeffries wrote:
Remove several performance regressions incurred in earlier Parser-NG
updates by refactoring the class ChunkedCodingParser to a class
Http1::TeChunkedParser which parses an SBuf I/O buffer for chunked
encoding data and (for now) copies the chunk
In order to support PROXY protocol on HTTPS inbound traffic we will be
needing Squid to peek at the initial client connection bytes and
process the PROXY header.
There is no need for the decryption to enter into the picture and in
current trunk Squid the bytes can be relayed in the BIO buffer to
This gets a +1 from me.
NP: It seems a little bit odd to be setting a flag this way rather than
with flags= like all the others. However it needs to be at a default to
begin with and then set definitively OFF only after the first handshake
completes.
Christos, do you agree?
Amos
On 5/06/2015
Actually two more and you may want to test these after changing.
1) The 'dhfile' pointer must now never be freed. Since it is either a
pointer into tls_dh or eecdhCurve allocated memory.
- It should simply be set to dhfile=NULL where it was free()'d, and now
also when the tls_dh and/or
On 2/06/2015 1:08 p.m., Amos Jeffries wrote:
On 2/06/2015 12:23 p.m., Alex Rousskov wrote:
On 06/01/2015 05:33 PM, Amos Jeffries wrote:
On 21/05/2015 3:22 a.m., Amos Jeffries wrote:
This is an attempt to improve the MimeIcon reliability when filesystem
I/O errors or others cause the icon data
On 21/05/2015 3:22 a.m., Amos Jeffries wrote:
This is an attempt to improve the MimeIcon reliability when filesystem
I/O errors or others cause the icon data to not be loadable.
The loading process is re-worked to guarantee that once the
MimeIon::created callback occurs it will result
On 28/05/2015 7:41 p.m., Tsantilas Christos wrote:
I am attaching a new patch for trunk which renames the noteClsure() to
noteClosureXXX().
If it is OK, I will post the squid-3.5 patch to.
It seems I mistook what Alex has been using the XXX() for.
What I'm thinking of for a long term fix
On 26/05/2015 9:00 p.m., Tsantilas Christos wrote:
Hi all,
This patch allow user_cert and ca_cert ACLs to match arbitrary
stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
example, should be able to match certificates that have
1.3.6.1.4.1.1814.3.1.14 OID in the
On 26/05/2015 9:26 p.m., Tsantilas Christos wrote:
On 05/26/2015 12:10 PM, Amos Jeffries wrote:
On 26/05/2015 9:00 p.m., Tsantilas Christos wrote:
Hi all,
This patch allow user_cert and ca_cert ACLs to match arbitrary
stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings
On 15/05/2015 2:19 p.m., Amos Jeffries wrote:
Overall the default behaviour is changed from enumerating the protocols
wanted. To limiting the unwanted.
* sslversion= parameter is removed from documentation.
* sslversion= code logics is converted from setting the SSL_*_method()
function
On 30/04/2015 5:11 p.m., Nathan Hoad wrote:
Hello,
I am running Squid with SSL bump in bump and splice mode, and I've
observed that this mode does not append the signing certificate or any
chained certificates to the certificate chain presented to the client.
With old bump mode, Squid
This is an attempt to improve the MimeIcon reliability when filesystem
I/O errors or others cause the icon data to not be loadable.
The loading process is re-worked to guarantee that once the
MimeIon::created callback occurs it will result in a valid StoreEntry in
the cache representing the
Is this project alive, dead, or stuck on a wishlist somewhere?
Not that I have any interest in seeing its completion, just more user
queries about getting post-cache AV scanning to work (sigh).
Amos
___
squid-dev mailing list
On 8/05/2015 8:23 p.m., Amos Jeffries wrote:
Pull the IcmpConfig object out of the global SquidConfig structure and
updates it to processing its own parse logics. Bringing it inline with
the per-component configuration design in SourceLayout and HotConf projects.
This allows us to use SBuf
FYI.
Amos
On 15/05/2015 11:07 a.m., rfc-editor wrote:
A new Request for Comments is now available in online RFC libraries.
RFC 7540
Title: Hypertext Transfer Protocol Version 2
(HTTP/2)
Author: M. Belshe,
FYI.
Amos
On 15/05/2015 11:07 a.m., rfc-editor wrote:
A new Request for Comments is now available in online RFC libraries.
RFC 7541
Title: HPACK: Header Compression for HTTP/2
Author: R. Peon,
H. Ruellan
Status:
Looks good. Applied to trunk as rev.14071.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 13/05/2015 7:30 a.m., Alex Dowad wrote:
Hi,
I'm just questioning whether removing xstrerror is really desirable in cases
where it is called without any intervening library function call which could
overwrite errno. Amos, are you sure that's what you want to do?
I am. It's just a
On 8/05/2015 5:53 p.m., Amos Jeffries wrote:
On 1/05/2015 5:48 p.m., Alex Dowad wrote:
Dear Squid devs,
Please have a look at the attached patch. Your feedback will be appreciated.
Sorry for the lag. Looks better than before.
NP: I'm holding off on approving until I can clear up whats
On 7/05/2015 9:59 p.m., Alex Dowad wrote:
When included, musl libc's sys/signal.h issues a compiler warning
stating that signal.h should be used directly instead. If gcc is
treating all warnings as errors, this breaks the build.
glibc's sys/signal.h does not contain any definitions; all it
On 3/06/2014 9:54 p.m., Kinkie wrote:
Hi,
this patch extracts the stdint compat to a compat/xstdint.h header,
and references that from strtoll.c and Tokenizer.cc;
Full farm tested, it introduces no regressions.
For the record this was superceded by squid-3.5-13806
Amos
Pull the IcmpConfig object out of the global SquidConfig structure and
updates it to processing its own parse logics. Bringing it inline with
the per-component configuration design in SourceLayout and HotConf projects.
This allows us to use SBuf for storing the pinger program details and
avoid
On 9/05/2015 3:56 a.m., Tsantilas Christos wrote:
I found the following problem in squid-trunk and squid-3.5:
- Squid calls peer_select to retrieve server destinations addresses
- The peer_select returns two ip addresses, the first is an ipv6
address the second one is an ipv4.
- The
On 8/05/2015 10:52 p.m., Nathan Hoad wrote:
Hello,
Attached is a patch that adds notes from cached ACL helpers to request
objects.
Without this patch, when you have an external ACL that replies with
notes, they are only added onto the HTTP request that kicked off the
external ACL
Its done. SSLv3 is now a MUST NOT use protocol from RFC 7525
(http://tools.ietf.org/html/rfc7525)
It's time for us to start ripping out from trunk all features and hacks
supporting its use. Over the coming days I will be submitting patches to
remove the squid.conf settings, similar to SSLv2
On 1/05/2015 5:48 p.m., Alex Dowad wrote:
Dear Squid devs,
Please have a look at the attached patch. Your feedback will be appreciated.
Sorry for the lag. Looks better than before.
NP: I'm holding off on approving until I can clear up whats happened to
IPv6 in 3.5.4. I'm pretty certain its
On 29/04/2015 8:29 p.m., Alex wrote:
Dear Amos Jefferies,
Thanks for accepting my recent patches for Squid. Here are several other
minor patches -- if I should send these to a Squid mailing list, please let
me know.
Thanks,
Alex Dowad
Hi Alex,
In future please send patches
On 27/04/2015 5:35 a.m., Kinkie wrote:
Hi all,
I've set up a Debian Jessie node and added it to the farm; building
trunk on it was successful using both gcc and clang. If noone objects,
I'll add it to the build jobs for trunk and 3.5 .
WFM, Debian Jesse should be identical build
On 16/04/2015 5:35 p.m., Alex Rousskov wrote:
On 04/15/2015 06:17 AM, Amos Jeffries wrote:
Squid currently has several version options to set the SSL/TLS
protocol version.
http(s)_port ... version=
cache_peer ... sslversion
sslproxy_version ...
However,
1) the option configures
On 16/04/2015 8:51 p.m., Tsantilas Christos wrote:
A more complete patch.It handles the cases where the snprintf return an
error.
If no objections I will apply this one to trunk.
+1.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
Squid currently has several version options to set the SSL/TLS
protocol version.
http(s)_port ... version=
cache_peer ... sslversion
sslproxy_version ...
However,
1) the option configures version X-only. Which does not follow with
current best practice of most other TLS enabled software
On 16/04/2015 2:33 a.m., Tsantilas Christos wrote:
Despite the must match comment, MAX_AUTHTOKEN_LEN in
auth/UserRequest.h got out of sync with similar constants in Negotiate
helpers. A 32KB buffer cannot fit some helper requests (e.g., those
carrying Privilege Account Certificate information
On 16/04/2015 4:11 a.m., Kinkie wrote:
Hi,
the following patch enables using libc++ in place of libstdc++.
This is necessary with recent clang++ on some platforms, such as
FreeBSD 9.3 and reportedly newer MacOS.
With this patch squid builds using clang-3.5 and libc++; the make
check still
On 16/03/2015 4:32 a.m., Eliezer Croitoru wrote:
Hey Amos,
The setup I have used to test the proxy protocol is:
- 192.168.10.0/24 network.
- 192.168.10.131 basic forward proxy client(firefox)
- 192.168.10.151 haproxy+squid host
The haproxy is listening on port 13128 which is open on the
On 15/04/2015 9:16 p.m., naishal0748 wrote:
I have setup squid transparent proxy with following configurations in
centos
6.2 :
eth0 - LAN Network
eth1 - WAN1 - IP - 192.168.3.15 - Gateway IP - 192.168.3.1
eth2 - WAN2 - IP - 192.168.5.15 - Gateway IP - 192.168.5.1 (Default
Gateway)
I want
On 11/04/2015 1:32 a.m., Tsantilas Christos wrote:
Applied to trunk as r14008, r14009
The acl renamed to ssl::server_name
FYI: r14008-14010 ported as 3.5-r13795.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
On 11/04/2015 10:01 p.m., Tsantilas Christos wrote:
Patch applied as r14012.
I am attaching the t13 patch for squid-3.5 too.
I've backported the server_name ACL patch before this one and your 3.5
patch does not seem to apply well on top of it.
However the regular backport method bzr merge
On 11/04/2015 1:49 a.m., Tsantilas Christos wrote:
I am attaching patch for trunk and squid-3.5
Thank you. Looks pretty good now.
On 04/09/2015 04:13 PM, Amos Jeffries wrote:
* Ssl::Bio::sslFeatures::parseV3Hello()
- similar issues with s/Client Hello/ClientHello/ and SSL Extension
On 10/04/2015 1:06 a.m., Tsantilas Christos wrote:
Hi all,
I am reposting this patch. It is updated to the latest squid-trunk.
In a discussion with Amos (the period the squid-dev was down):
1) The server_name should be renamed to tls_server_name or
ssl::server_name
2) There is a bug
On 9/04/2015 3:12 a.m., Tsantilas Christos wrote:
Hi all,
This patch fixes HttpStateData::readReply to retry read from server in
the case of EINPROGRESS, EAGAIN or similar errors
This bug mostly affects SSL bumped connections. The
HttpStateData::readReply will not retry read from server
On 29/03/2015 11:34 p.m., Eliezer Croitoru wrote:
OK so the build was done on CentOS and it's running but the translations
seems to not be installed?
The output at:
http://paste.ngtech.co.il/pt5ohxsev#line-1
Are you building with --enable-translation ?
By default only the base templates/
A slightly updated version that seems to avoid high-speed issues found
in the earlier patch has been merged as trunk rev.13995
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 25/03/2015 8:35 p.m., Tsantilas Christos wrote:
On 03/21/2015 07:45 AM, Amos Jeffries wrote:
On 21/03/2015 10:47 a.m., Alex Rousskov wrote:
On 03/20/2015 12:11 PM, Amos Jeffries wrote:
On 21/03/2015 4:35 a.m., Alex Rousskov wrote:
On 03/20/2015 02:06 AM, Amos Jeffries wrote:
On 18/03/2015
myself.
http://www.squid-cache.org/Support/mailing-lists.html#squid-dev
Amos Jeffries
Squid Software Foundation
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 26/03/2015 7:20 a.m., Kinkie wrote:
Hi,
I've managed to fix the FreeBSD 9.3 build node:
gcc now uses gcc-4.9; it is a bit messy in resolving needed libraries,
but it should be stable
clang has clang-3.6 available, however in order to have it work it
also requires to use libc++ in place
[re-send now the mailer is workign again in case you didnt get the first
one]
On 7/03/2015 7:38 a.m., Alex Rousskov wrote:
On 01/21/2015 05:03 AM, Amos Jeffries wrote:
On 22/01/2015 12:57 a.m., Tsantilas Christos wrote:
I am posting a new patch.
This patch include fixes to follow Squid
On 18/03/2015 6:21 a.m., Tsantilas Christos wrote:
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing with resuming SSL/TLS sessions. Without
these changes, SslBump usually terminates all resuming sessions with an
error because such sessions do
On 18/03/2015 6:21 a.m., Tsantilas Christos wrote:
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing with resuming SSL/TLS sessions. Without
these changes, SslBump usually terminates all resuming sessions with an
error because such sessions do
On 21/03/2015 4:35 a.m., Alex Rousskov wrote:
On 03/20/2015 02:06 AM, Amos Jeffries wrote:
On 18/03/2015 6:21 a.m., Tsantilas Christos wrote:
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing with resuming SSL/TLS sessions. Without
On 13/03/2015 9:07 p.m., Eliezer Croitoru wrote:
I started testing squid 3.5.2 with the proxy protocol and I have setup a
basic haproxy settings for it.
http://ngtech.co.il/paste/1287/
copy of the logs at:
http://www1.ngtech.co.il/paste/1288/
While testing I started first haproxy with
Second try. Lets see if this goe through...
On 25/02/2015 9:29 a.m., Tsantilas Christos wrote:
Hi all,
This patch adds server_name ACL matching server name(s) obtained from
various sources such as CONNECT request URI, client SNI, and SSL server
certificate CN.
During each SslBump step,
On 10/03/2015 5:41 a.m., Alex Rousskov wrote:
On 03/07/2015 10:04 PM, Amos Jeffries wrote:
Proposal 2)
We are developing Squid with an incremental development process. The
initial major version number is effectively meaningless in that process.
We should move from the major.minor.patch
On 25/02/2015 9:29 a.m., Tsantilas Christos wrote:
Hi all,
This patch adds server_name ACL matching server name(s) obtained from
various sources such as CONNECT request URI, client SNI, and SSL server
certificate CN.
During each SslBump step, Squid improves its understanding of a true
On 8/03/2015 6:34 a.m., Tsantilas Christos wrote:
On 03/07/2015 07:18 AM, Amos Jeffries wrote:
On 7/03/2015 12:18 a.m., Tsantilas Christos wrote:
SMP workers in trunk start without root privileges. This results in
startup failures when workers need to use a privileged port (e.g., 443
On 20/10/2014 10:38 a.m., Amos Jeffries wrote:
Kinkie brought up the idea of a Squid 4.x release in IRC.
I have mentioned to a few clients who asked when 4.0 would be out that
we will probably want it to be a big reason, like changing the
language was between the 2.x to 3.x versions.
I
On 7/03/2015 12:18 a.m., Tsantilas Christos wrote:
SMP workers in trunk start without root privileges. This results in
startup failures when workers need to use a privileged port (e.g., 443)
or other root-only features such as TPROXY.
This bug added with my Moved PID file management from
Contains three changes required before we can upgrade the ICAP message
parser:
* Convert the ICAP read buffer to an SBuf.
* Remove the double-buffering hack used to comm_read() ICAP responses as
c-string then convert to MemBuf for parsing.
* Revert the HttpMsg parser API from MemBuf to c-string
This has been applied as trunk rev.13954
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
Merged as trunk rev.13952.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
Merged to trunk as rev.13951.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 2015-02-25 10:02, Tsantilas Christos wrote:
Squid closes the SSL client connection with Failed to start fake
CONNECT request for ssl spliced connection. This happens especially
often when the pipeline_prefetch configuration parameter is set to 0
(i.e., default).
When a transparent SSL
On 21/02/2015 7:20 p.m., Amos Jeffries wrote:
When delay pools are active on a CONNECT tunnel and the pool is drained
the I/O loop cycles very often transferring 1 byte until the pool is
topped-up at the end of the second.
Instead of looping constantly trying to read 1 byte at a time, add
On 22/02/2015 2:31 p.m., Eliezer Croitoru wrote:
On 22/02/2015 02:46, Amos Jeffries wrote:
The response to a HEAD request is supposed to be exactly identical to a
response to the GET, but with the body/payload/entity cropped off. Even
the Content-Length headers etc should be present saying
Applied to trunk as rev.13946
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
If there are no objections I would like to merge this.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 24/01/2015 8:37 a.m., Amos Jeffries wrote:
Updated patch including all changes made after previous review.
Most significantly:
* rearranging the cascade of Tokenizer calls into if-conditional
operations with token+delimiter pairs outlining the success case
explicitly then assuming
On 22/02/2015 12:31 p.m., Eliezer Croitoru wrote:
From what I understand, the HTTP protocol and some RFC docs that was
mentioned in the list allow or provide a way to utilize Digest header
and\or Link headers which might contain some digest data.
So the first question is about the current
On 18/02/2015 3:58 a.m., Anna Jonna Armannsdottir wrote:
Hi everybody!
My question may be rather theoretical, but in essence I need to know if
Squid really has a flaw regarding latency for connections where
keepalive is on.
At ApacheCon 2014, Bryan Call presented slides where slides nr.
On 18/02/2015 11:35 a.m., Markus Moeller wrote:
Hi Amos,
Apologies this based on an observation that if KRB5 checks are fine but
GSSAPI not the PAC section would be compiled but the main part of the
helper not which did not make sense.
in
On 17/02/2015 11:57 a.m., Markus Moeller wrote:
Hi Amos,
Please find attached a patch to replace error_message with
krb5_get_error_message.
in .../ext_kerberos_ldap_group_acl.8:
* just a note that the - characters need to be \-escaped. Ican do a
followup docs patch on this since all
On 14/02/2015 8:25 a.m., Amos Jeffries wrote:
On 13/02/2015 11:52 p.m., Tsantilas Christos wrote:
A new patch, which also adds a Must clause for bumping step in
Ssl::PeerConnector::initializeSsl method.
Was applied as trunk rev.13928
Amos
801 - 900 of 974 matches
Mail list logo