On 13/02/2015 11:52 p.m., Tsantilas Christos wrote:
A new patch, which also adds a Must clause for bumping step in
Ssl::PeerConnector::initializeSsl method.
+1.
Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
On 12/02/2015 11:31 p.m., Tsantilas Christos wrote:
On 02/11/2015 09:48 PM, Amos Jeffries wrote:
On 12/02/2015 12:45 a.m., Tsantilas Christos wrote:
On 02/11/2015 01:54 AM, Amos Jeffries wrote:
On 9/02/2015 6:43 a.m., Tsantilas Christos wrote:
Bug description:
- Squid sslproxy_options
On 13/02/2015 11:51 a.m., Alex Rousskov wrote:
On 02/03/2015 07:02 PM, Amos Jeffries wrote:
My plan for the Crypto-NG / libsecurity work already in audit was to
followup with a Security::Encryptor AsyncJob that could be passed the
Comm::Connection object from a newely opened connection plus
On 13/02/2015 4:51 a.m., Tsantilas Christos wrote:
On 02/12/2015 05:33 PM, Amos Jeffries wrote:
On 13/02/2015 3:34 a.m., Tsantilas Christos wrote:
On 02/12/2015 01:48 PM, Amos Jeffries wrote:
On 12/02/2015 11:31 p.m., Tsantilas Christos wrote:
On 02/11/2015 09:48 PM, Amos Jeffries wrote
On 9/02/2015 6:43 a.m., Tsantilas Christos wrote:
Bug description:
- Squid sslproxy_options deny the use of TLSv1_2 SSL protocol:
sslproxy_options NO_TLSv1_2
- Squid uses peek mode for bumped connections.
- Web client sends an TLSv1_2 hello message and squid in peek mode,
On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
SNI information is not set on transparent bumping mode
Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.
SslBump was not forwarding SNI to servers when Squid
preview: New patch attached for review. On 27/01/2015 8:26 a.m., Alex
Rousskov wrote: On 01/14/2015 08:50 AM, Amos Jeffries wrote: This is
the first step(s) towards a generic TLS/SSL security API for Squid.
+ // BUG: ssl_client.sslContext will leak on reconfigure when Config
gets
On 7/02/2015 6:52 a.m., Markus Moeller wrote:
Amos Jeffries wrote in message news:54d49300.1080...@treenet.co.nz...
On 6/02/2015 12:03 p.m., Markus Moeller wrote:
To:
squid-...@squid-cache.org
Please update your contact to the @lists domain. That will get you past
the spam filters more
Its from the MS guys, but theres a lot of useful tips in here.
Some of the mistakes mentioned are recognisable in Squid code. Lets see
if you can spot them too :-)
http://channel9.msdn.com/Events/GoingNative/2013/Don-t-Help-the-Compiler
Amos
___
This patch converts the request-line parse method from a char* string
parser to using ::Parser::Tokenizer based processing.
* the characters for each token are now limited to the RFC 7230
compliant values. The URI is taken as a whole token and characters which
are valid in only one sub-token
The cache_peer_domain directive functionality is also provided through
cache_peer_access.
While this check appears at face value to be simpler than ACLs, the
reality is that:
* the difference is simply the time it takes to initialize and destruct
an on-stack Checklist,
* processing the checks may
Spam detection software, running on the system master.squid-cache.org,
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This patch is now at the 10-day criteria for commit. If there are no
objections I will apply it tomorrow.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUxdQJAAoJELJo5wb/XPRjFBYH/0eanB2ZQpcqmPMdVVorqhpZ
On 25/01/2015 2:32 a.m., arthurtuman...@yahoo.com wrote:
On Saturday, January 24, 2015 09:23:36 PM Amos Jeffries wrote:
Mostly by relying on TCP buffering and obeying the HTTP mandate that
client and server connections are independent.
Depends on several things...
* some of them configurable
Updated patch including all changes made after previous review.
Most significantly:
* rearranging the cascade of Tokenizer calls into if-conditional
operations with token+delimiter pairs outlining the success case
explicitly then assuming failure. Earlier patch did the opposite;
determining
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/01/2015 12:31 a.m., Tsantilas Christos wrote:
I am preparing this patch for commit, but I have many problems
with tests/testHttp1Parser tester. The most of the problems caused
because the changes I made in Http1Parser aborts immediately
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/01/2015 11:29 a.m., Alex Rousskov wrote:
On 01/14/2015 03:09 AM, Amos Jeffries wrote:
On 01/14/2015 11:25 AM, Amos Jeffries wrote:
Does the master process get exit status of *all* worker
processes and the sub-childs down N levels? It was my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/01/2015 7:21 a.m., Tsantilas Christos wrote:
I made all requested changes/fixes. The patch also ported to latest
trunk.
Okay, +1 for commit
FYI: Alex, kinkie, and myself had a debate on IRC and came to an
agreement for calling the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is the first step(s) towards a generic TLS/SSL security API for
Squid.
Creates the basic security/libsecurity.la library and Security::
namespace infrastructure. Symbols provided by this API are always
available instead of conditionally compiled
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/01/2015 7:37 a.m., Tsantilas Christos wrote:
On 01/12/2015 07:22 PM, Amos Jeffries wrote: On 12/01/2015 6:02
a.m., Tsantilas Christos wrote:
Hi all, this patch moves pid file managment from coordinator
process to master process
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/01/2015 11:19 p.m., Kinkie wrote:
On Tue, Jan 13, 2015 at 3:09 AM, Amos Jeffries wrote:
On 13/01/2015 8:51 a.m., Kinkie wrote:
Hello, the attached patch changes some users of splay to
std::set. The aim is to get more predictable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/01/2015 8:51 a.m., Kinkie wrote:
Hello, the attached patch changes some users of splay to std::set.
The aim is to get more predictable (if not necessarily better)
performance and leverage a cleaner API resulting in more readable
code.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 31/12/2014 11:40 p.m., Tsantilas Christos wrote:
On 12/31/2014 09:54 AM, Alex Rousskov wrote:
On 12/30/2014 06:19 PM, Amos Jeffries wrote:
On 31/12/2014 7:30 a.m., Alex Rousskov wrote:
Amos, if on_first_request_error is converted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry for the noise, please ignroe.
Just testing to see if my mailer is receiving squid mail again after
RBL issues.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUrQqJAAoJELJo5wb/XPRj1HYIAIP7Ru3FRPDZ4eT4XY59DJCb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/01/2015 10:44 p.m., Kinkie wrote:
Hi, something is looking weird with cachemgr output (and has been
for a while, at least before rev 13809.
1. ACLs are not newline-separated
acl CONNECT method CONNECT acl Safe_ports port 80 21 443 70
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/01/2015 6:27 a.m., Markus Moeller wrote:
Hi Amos,
The problem is that the wrong input size is used for the decoding.
base64_decode_update(ctx, dstLen,
static_castuint8_t*(input_token.value), input_token.length,
b64Token)
You need to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/01/2015 10:52 a.m., Kinkie wrote:
While working on splayfix, I am checking the places where clang
complains that tests are always true (or false).
In comm.cc there's this one: void commStartSslClose(const
FdeCbParams params) {
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/01/2015 11:25 p.m., Kinkie wrote:
Hi, splay uses lots of C-isms still, which make recent clang fail
the build badly.
Things like: SplayNodefoo *root = NULL root-insert(data)
The attached patch : - migrates all clients from using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 31/12/2014 7:30 a.m., Alex Rousskov wrote:
On 10/21/2014 11:29 AM, Tsantilas Christos wrote:
- Adds on_first_request_error, a new ACL-driven squid.conf
directive that can be used to establish a blind TCP tunnel
which relays all bytes from/to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This adds a rotate=N option to access_log directive to set per-log
what the retained log count will be. At present it is only used by the
stdio: logging module, which is also the only one to use
logfile_rotate directive.
If this option is absent (as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 29/12/2014 10:03 a.m., Eliezer Croitoru wrote:
I noticed that some products do use a session ID and I am not sure
about the plans inside squid. Until now I noticed the session ID in
reverse proxies error pages and on some logging output.
What
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/12/2014 6:37 p.m., Eliezer Croitoru wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
OK if you are not aware of that then I'm not the only one that day
dreaming.
Eliezer
On 12/23/2014 05:10 AM, Kinkie wrote:
I am not aware of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 10:05 p.m., Kinkie wrote:
Hi,
the msntauth helper is triggering some race condition in
Makefile.am, needlessly failing many builds. Furthermore, it still
follows the obsolete authentication + authorization are one and the
same
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 9:44 p.m., Amos Jeffries wrote:
With the hint of Markus recent patch containing tab indentation, I
have looked at why our sourcemaintenance script did not already
clean it up.
It turns out there was a triplet of bugs which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 7:27 a.m., Tsantilas Christos wrote:
Currently peek-and-splice mode have the following bug: 1) When the
certificate validation procedure found that the certificate is
invalid, splice action is selected and the certificate validator
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 7:27 a.m., Tsantilas Christos wrote:
Okay. transparent is good there.
A) Consider that CONNECT is always attempted being bumped, but non-TLS
protocols exist within CONNECT.
Also non-TLS protocols over port 443.
Also SSL v1 / v2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 2:02 p.m., Markus Moeller wrote:
Hi Amos,
Apologies I have a minor update.
Bulk if this seems to be whitespace changes that shoudl be caught by
our maintenance astyle. I am leaving that and talking only the logic
changed lines,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks to the issue behind rev.13760 (Support http_access denials of
SslBump 'peeked' connections.) I intend to release a new beta approx.
20hrs from this writing. I hope this will be the final beta.
If there are any outstanding issues that need to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/12/2014 6:16 a.m., Tsantilas Christos wrote:
On 12/18/2014 03:14 PM, Amos Jeffries wrote: Thanks to the issue
behind rev.13760 (Support http_access denials of SslBump 'peeked'
connections.) I intend to release a new beta approx. 20hrs from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/12/2014 1:16 p.m., Markus Moeller wrote:
Hi Amos,
Thank you for the feedback and suggestions.I did some cleanup
using cppcheck too. Regarding the optarg check I was under the
impression that getopt just makes sure optarg is never
. Isn't
that the case ?
Thank you Markus
Amos Jeffries wrote in message
news:548e20c8.1030...@treenet.co.nz...
On 15/12/2014 8:31 a.m., Markus Moeller wrote:
Hi Amos, Could you check and add the following patch please ?
They should improve performance on high load systems by reducing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you are happy enough this is a solid patch it can go in ASAP and I
will release a 3.5 beta to test it.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUkBKDAAoJELJo5wb/XPRjKGIH/0c8c9aCU+pTYRAayy94/kvF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/12/2014 5:30 a.m., Tsantilas Christos wrote:
Hi all,
If an SSL connection is peeked, it is currently not possible to
deny it with http_access. For example, the following configuration
denies all plain HTTP requests as expected but allows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Applied to trunk as rev.13754
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUiVf6AAoJELJo5wb/XPRja4cH+gPdZmPdZpCdaDhRaSoReHI9
Nqgyb+wvBifjuJ38OMnyJWIYuVlM0H2cMRJvA4CyyyTZnlXBCUchmMv7J58HcDc3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/11/2014 5:38 p.m., Alex Rousskov wrote:
On 11/17/2014 05:56 PM, Amos Jeffries wrote:
For now the detection is only added during parsing of regex
tokens or files.
And it should probably stay that way: We cannot easily add support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/11/2014 6:29 a.m., Tsantilas Christos wrote:
+1 from me.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUdAhRAAoJELJo5wb/XPRjTNIIAMPL58Ns4mdw28oYE2njw3hw
pointers for certain causes.
splay.h needs a serious revamp.
I've gone through now and dropped all the if() and asserts depending
on this==NULL or this!=NULL conditionals. Will apply that when clang
3.5 confirms teh build works.
Amos
On 11/18/2014 05:23 AM, Amos Jeffries wrote:
Y'all may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did that fix solve the issue for you?
Amos
On 13/11/2014 4:06 p.m., Amos Jeffries wrote:
On 13/11/2014 5:34 a.m., Tsantilas Christos wrote:
The following patch is fixing it:
=== modified file 'src/http/one/Parser.cc' ---
src/http/one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/11/2014 7:35 a.m., Tsantilas Christos wrote:
Hi all,
In many cases HITs logged with zero response times. The logging
entries are correct, those transaction took less than a
millisecond. However, to better monitor Squid performance and to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/11/2014 5:55 a.m., Alfonso Ali wrote:
On 11/16/2014 06:14 AM, Amos Jeffries wrote:
What exactly are those use-cases please? Accounting what
exactly?
We have a lot of sites classified in some categories (tech,
health, culture, etc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/11/2014 6:10 a.m., Tsantilas Christos wrote:
On 11/16/2014 01:05 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 16/11/2014 7:38 a.m., Tsantilas Christos wrote:
Hi all,
This patch adds the url_rewrite_timeout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sadly, just a few days before the countdown reached stable we had 3
pretty major regression bugs reported.
- - delay_parameters parsing is fixed already.
- - regex parsing fix should be in audit shortly.
- - crash one still needs to be adopted by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/11/2014 12:31 p.m., Eliezer Croitoru wrote:
I wanted to build an ubuntu build node but there is nothing under
the BuildFarm namespace about ubuntu. I was looking for an article
like the BuildFarm/CentosInstall which will hold the basic steps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since we updated the squid.conf ConfigParser it is now possible to
handle regex patterns containing quoted-pair (\-escaped) characters
properly.
This patch adds support by detecting the '\' characters as token
delimiters, and explicitly skipping the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Y'all may have noticed the clang 3.5 errors.
lib/MemPoolChunked.cc:370:10: error: 'this' pointer cannot be null in
well-defined C++ code; pointer may be assumed to always convert to
true [-Werror,-Wundefined-bool-conversion]
include/splay.h:228:9:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 1:33 p.m., Amos Jeffries wrote:
On 14/11/2014 5:08 a.m., Amos Jeffries wrote:
Coadvisor tests underway now.
Coadvisor run on the branch fails with a strange error, then
proceeds to failure/violation a lot of the compliance tests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This patch contains what I originally planned to be 2 steps:
1) convert the HTTP server read buffer to an SBuf using the same design
and Comm::Read API implemented previousy for the client connections.
The buffer remains default initialized at 16KB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 5:08 a.m., Amos Jeffries wrote:
Coadvisor tests underway now.
Coadvisor run on the branch fails with a strange error, then proceeds
to failure/violation a lot of the compliance tests.
XactInfo.cc:29: soft assertion (theId = 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/11/2014 5:34 a.m., Tsantilas Christos wrote:
The following patch is fixing it:
=== modified file 'src/http/one/Parser.cc' ---
src/http/one/Parser.cc 2014-09-14 12:43:00 + +++
src/http/one/Parser.cc 2014-11-12 16:31:08 +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 6:12 a.m., Eliezer Croitoru wrote:
Just to make sure... I will try to build this week the 3.5 2 beta
as a RPM since the 3.4.9 is now on the countdown release(exit 0 and
needs more testing). What about the open bugs at the 3.4 in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2014 10:02 a.m., Tsantilas Christos wrote:
I am re-posting the patch. There are not huge changes.
Looking over this in more detail...
Whats the point of having buildHttpRequest() a separate method from
processRequest() ?
The documentation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 1/11/2014 3:51 p.m., Amos Jeffries wrote:
RFC 6176 prohibits use of SSLv2.
https://tools.ietf.org/html/rfc6176
Applied to trunk as rev.13695
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUYG3wAAoJELJo5wb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/04/2014 03:52 AM, Amos Jeffries wrote:
On 4/11/2014 8:05 a.m., Tsantilas Christos wrote:
This patch try to polish helpers queue to: 1. Make the queue
limit configurable, with the default set to 2*n_max. 2. Move
common queue limit checks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This has now landed in trunk as rev.13688.
Now that this initial structural piece is in place the TODO list
contains several followup steps, any one of which can follow in parallel:
* rewrite the request-line parse method using SBuf/Tokenizer
* add
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/11/2014 1:27 a.m., Marcus Kool wrote:
On 11/05/2014 02:01 AM, Amos Jeffries wrote: On 6/05/2014 2:21
a.m., Amos Jeffries wrote:
I have just announced the change in 3.4.5 regarding C++11
support and accompanied it with a notice that GCC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/11/2014 9:02 a.m., Eliezer Croitoru wrote:
I am building squid RPMs and I wanted to use the default base repos
as a vector point for the relevant package requirements.
In CentOS 6.5 and back the default is to not have epel which
contains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 31/10/2014 10:06 p.m., Kinkie wrote:
I suspect that the mailing list is configured to reply to sender by
default. Please everyone reply all when answering, we'll check and
fix the mailing list configuration asap.
Maybe just Henriks subscription
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
RFC 6176 prohibits use of SSLv2.
https://tools.ietf.org/html/rfc6176
Remove the documentation and support for configuring Squid with
SSLv2-only.
Explicitly enable the SSL_NO_SSLv2 option when provided by the library
to prevent implicit fallback.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/10/2014 9:12 p.m., Tsantilas Christos wrote:
On 10/21/2014 04:29 PM, Amos Jeffries wrote:
2) All changes in src/tunnel.cc seem to be needless.
Some changes are required!
- tunnelStartShovelling() should *always* be the entrypoint
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/10/2014 8:40 p.m., Tianyin Xu wrote:
Thanks, Amos!
One more question. I see test-builds.sh tries to run the tests in
the test-suites at the top directory. What's the difference
between the test under src/tests and test-suites?
I'm a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
+1
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUMjsQAAoJELJo5wb/XPRjfIYIAKeBoBH1tyKGr7d0/cyd/nRh
+vuuSCDNajhF4Vr8i9X/zFsn+uXd/jA2EdXrnXWtP3/RspaupZyxqZiY8OrKGVXO
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In absence of feedback this will be applied in a few days for use in 3.5.
Amos
On 30/09/2014 8:58 p.m., Amos Jeffries wrote:
Begin the process of conversion for IdentStateData to an AsyncJob.
Referencing it as a 'job' below
* convert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/10/2014 5:48 a.m., Tsantilas Christos wrote:
Browser vendors will get rid of SSL certificates that use SHA-1 to
generate the hash that is then signed by the CA. For example,
Google Chrome will start to show an insecure sign for
certificates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Should be good now.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUMTrZAAoJELJo5wb/XPRjxtYIAOOuQq3Owya9wOHViMIrUG27
QL50zcZTM5Ua1fP4poXg9H7D99H9iB9GXEbW+GVz3BChV+PDGvT8OKGpWtLk2XSs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/09/2014 7:38 p.m., Tsantilas Christos wrote:
On 09/02/2014 03:51 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 2/09/2014 4:49 a.m., Tsantilas Christos wrote:
Hi all,
This patch add a new configuration option
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 1/09/2014 2:48 a.m., Amos Jeffries wrote:
On 19/08/2014 10:12 p.m., Amos Jeffries wrote:
Updated patch. I believe this covers everything so far,
including the 16-bit alignment and segmented TCP packet issues.
Amos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/09/2014 4:49 a.m., Tsantilas Christos wrote:
Hi all,
This patch add a new configuration option the 'pconn_lifetime' to
allow users set the desired maximum lifetime of a persistent
connection.
When set, Squid will close a now-idle
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 27/08/2014 11:08 p.m., Tsantilas Christos wrote:
Hi all,
The total server time is not computed in some cases, for example
for CONNECT requests. An other example case is when server-first
bumping mode is used and squid connects to SSL peer,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/08/2014 10:12 p.m., Amos Jeffries wrote:
Updated patch. I believe this covers everything so far, including
the 16-bit alignment and segmented TCP packet issues.
Amos
If there are no objections I will apply this soon.
Amos
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 27/08/2014 9:00 a.m., Alex Rousskov wrote:
On 08/07/2014 Alex Rousskov wrote on [PATCH] Native FTP Relay
thread:
Changes to the general code used by the Native FTP Relay code:
* The user- and origin-facing code restructured as agreed
On 23/08/2014 9:34 a.m., Amos Jeffries wrote:
On 23/08/2014 6:02 a.m., Alex Rousskov wrote:
On 08/21/2014 11:54 PM, Amos Jeffries wrote:
Update:
* FTP and Kerberos patches are in and building fine.
(build farm has some internal issues clouding the state)
* I am punting Bearer and Parser
On 24/08/2014 12:01 p.m., Amos Jeffries wrote:
On 24/08/2014 3:59 a.m., Alex Rousskov wrote:
If the proposed changes take a few months to implement, then yes, I
agree, we should not wait. If it is a matter of a week or two, I suggest
doing it now. This is your call though.
It should
On 23/08/2014 5:41 a.m., Alex Rousskov wrote:
On 08/20/2014 09:16 PM, Amos Jeffries wrote:
Future versions of autoconf/automake will be auto-enabling their
subdir-objects feature. This impacts Squid in a few ways, the largest
being how we perform unit testing.
At present our unit tests link
On 24/08/2014 3:59 a.m., Alex Rousskov wrote:
If the proposed changes take a few months to implement, then yes, I
agree, we should not wait. If it is a matter of a week or two, I suggest
doing it now. This is your call though.
It should be a relatively quick job. I will give it a shot
On 23/08/2014 6:02 a.m., Alex Rousskov wrote:
On 08/21/2014 11:54 PM, Amos Jeffries wrote:
Update:
* FTP and Kerberos patches are in and building fine.
(build farm has some internal issues clouding the state)
* I am punting Bearer and Parser-NG off into 3.6 series. Some design
decisions
On 19/08/2014 10:08 p.m., Amos Jeffries wrote:
On 10/08/2014 10:37 p.m., Markus Moeller wrote:
Apologies. I must have overlooked it. Here is the updated patch
This one looks much better. If there are no objections I will apply it
shortly.
Amos
Applied as trunk rev.13538
Amos
Update:
* FTP and Kerberos patches are in and building fine.
(build farm has some internal issues clouding the state)
* I am punting Bearer and Parser-NG off into 3.6 series. Some design
decisions may take a while to resolve and re-audit.
* PROXY protocol and Splice/Peek appear to be almost
On 20/08/2014 9:27 a.m., Alex Rousskov wrote:
On 06/15/2014 05:00 AM, Tsantilas Christos wrote:
On 06/13/2014 10:46 PM, Alex Rousskov wrote:
On 04/25/2014 01:46 AM, Amos Jeffries wrote:
On 25/04/2014 12:56 p.m., Alex Rousskov wrote:
Do not leak fake SSL certificate context cache when
On 21/08/2014 3:19 a.m., Steve Hill wrote:
On 20/08/14 15:41, Alex Rousskov wrote:
This is probably fixed in trunk r13533. The problem may not be limited
to self-signed certificates. See the change log for details.
Ahh damn, I didn't check the trunk! :)
Yes, it looks like it will solve
Future versions of autoconf/automake will be auto-enabling their
subdir-objects feature. This impacts Squid in a few ways, the largest
being how we perform unit testing.
At present our unit tests link to objects in $(top_srcdir)/src/tests/
and sometimes from other src/foo/ directories. The
On 13/08/2014 11:46 a.m., Alex Rousskov wrote:
Hello,
The attached patch avoids assertions on large FTP commands and
cleans up both general and FTP-specific error handling code during
request parsing. Please see the patch preamble for technical details.
Thank you,
Alex.
I've
On 10/08/2014 10:37 p.m., Markus Moeller wrote:
Apologies. I must have overlooked it. Here is the updated patch
This one looks much better. If there are no objections I will apply it
shortly.
Amos
Updated patch. I believe this covers everything so far, including the
16-bit alignment and segmented TCP packet issues.
Amos
=== modified file 'doc/release-notes/release-3.5.sgml'
--- doc/release-notes/release-3.5.sgml 2014-08-11 16:09:06 +
+++ doc/release-notes/release-3.5.sgml 2014-08-12
On 13/08/2014 11:20 p.m., Tsantilas Christos wrote:
Hi all,
This is a first patch which implements the Peek-and-Splice feature
described in wiki:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
The goal of this patch is to make SSL bumping decision after the origin
server name is
On 11/08/2014 4:32 p.m., Alex Rousskov wrote:
On 08/05/2014 08:31 PM, Amos Jeffries wrote:
I am adding proxy_protocol_access as the first access control, reverting
follow_x_forwarded_for for the second.
Great. I think this is a much simpler/cleaner design.
+} else if (strcmp
On 11/08/2014 6:59 a.m., Christian wrote: Hi,
link of 'squid-3.4.6' points to outdeated
'http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html' which is
version 3.4.5
seems that Releasenotes.html did not get updated to reflect 3.4.6.
Cheers
Thank you. This should be fixed with
On 11/08/2014 11:30 a.m., Alex Rousskov wrote:
On 08/10/2014 06:11 AM, Amos Jeffries wrote:
snip
* please use tok.prefix(CharacterSet::ALPHA) to parse the FTP command
instead of BlackSpace. Then explicit delimiter check to validate the input.
- RFC 959 is clear:
The command codes
On 10/08/2014 2:44 p.m., Alex Rousskov wrote:
On 08/08/2014 11:13 AM, Amos Jeffries wrote:
On 9/08/2014 4:57 a.m., Alex Rousskov wrote:
On 08/08/2014 09:48 AM, Amos Jeffries wrote:
Audit results (part 1):
* Please apply CharacterSet updates separately.
* Please apply Tokenizer API updates
= ldap_first_attribute...
+ for (char *attr = ldap_first_attribute...
- int il; for (il = 0; ...
+ for (int il = 0; ...
Otherwise it looks okay.
Amos
Markus
-Original Message- From: Amos Jeffries Sent: Friday, August 08,
2014 1:28 PM To: squid-dev@squid-cache.org ; Markus
On 5/08/2014 3:22 a.m., Alex Rousskov wrote:
On 07/31/2014 03:29 AM, Amos Jeffries wrote:
A garbage collection TTL cleanup_interval is configurable and removes
cache entries which have been stale for at least 1 hr.
While some old code still uses periodic cleanup, I think we should avoid
901 - 1000 of 4540 matches
Mail list logo