On 10/07/2014 10:26 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thank you for the details and your patience putting up with me.
I will try to provide more informations, when I am posting a patch.
+1 for commit with the following polish...
in src/ssl/gadgets.h
On 11/05/2014 06:01 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/05/2014 2:21 a.m., Amos Jeffries wrote:
I have just announced the change in 3.4.5 regarding C++11 support
and accompanied it with a notice that GCC verion 4.8 is likely to
become the minimum version
On 11/05/2014 02:31 PM, Kinkie wrote:
MAYBE this could be mitigated by providing RPMs for RHEL6/CentOS 6
that are built on a custom server with a recent gcc but older
libraries?
What do you guys think?
Instead of providing squid packages, we may have more success if we
provide g++ packages
On 11/04/2014 03:52 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/11/2014 8:05 a.m., Tsantilas Christos wrote:
This patch try to polish helpers queue to: 1. Make the queue limit
configurable, with the default set to 2*n_max. 2. Move common queue
limit checks
I am re-posting the patch.
There are not huge changes.
Regards,
Christos
On 11/07/2014 10:54 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/11/2014 6:59 a.m., Tsantilas Christos wrote:
Hi all,
This patch is a fix for bug 4067:
http://bugs.squid-cache.org
patch applied to trunk as revno:13697
Regards,
Christos
On 11/10/2014 12:14 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2014 11:06 p.m., Tsantilas Christos wrote:
On 11/10/2014 09:36 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE- Hash
On 11/10/2014 03:53 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Most of the uses of CbDataList appear to be abusing it for regular
list storage without any real need for CBDATA to be involved at all.
+1
This replaces several of the simpler uses of CbDataList in
On 11/18/2014 01:27 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/11/2014 6:10 a.m., Tsantilas Christos wrote:
On 11/16/2014 01:05 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 16/11/2014 7:38 a.m., Tsantilas Christos wrote
The compiler has right
On 11/18/2014 05:23 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Y'all may have noticed the clang 3.5 errors.
lib/MemPoolChunked.cc:370:10: error: 'this' pointer cannot be null in
well-defined C++ code; pointer may be assumed to always
On 11/19/2014 02:45 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did that fix solve the issue for you?
Yes, please commit to trunk!
Amos
On 13/11/2014 4:06 p.m., Amos Jeffries wrote:
On 13/11/2014 5:34 a.m., Tsantilas Christos wrote:
The following patch
Hi all,
In many cases HITs logged with zero response times. The logging entries
are correct, those transaction took less than a millisecond. However, to
better monitor Squid performance and to optimize things further, a user
may want to see more precise response time measurements logged.
On 11/21/2014 07:43 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/11/2014 4:08 a.m., Tsantilas Christos wrote:
The compiler has right
I know the cimpilers right about it being garbage. Its just the code
looks like there are things in those templates which
I attached a patch for bug 4033 in squid bugzila:
http://bugs.squid-cache.org/attachment.cgi?id=3101action=diff
If no objection I will apply it to trunk.
Regards,
Christos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
If there is not any objection I will apply the last patch to trunk...
On 11/24/2014 02:36 PM, Tsantilas Christos wrote:
This is a new patch for url_rewrite_timeout feature.
Changes over the last patch:
- The tools/helper-mux/helper-mux fixed to work with the new helpers
request-id
Hi all,
I am attaching a new patch for the pconn_lifetime feature. A first
patch has posted in mailing list and discussed under the mail thread
with the same title 1-2 months ago.
This patch is similar to the old one posted, with a small fix to better
handle pipelined connections:
1.
On 12/15/2014 02:20 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/12/2014 5:30 a.m., Tsantilas Christos wrote:
Hi all,
If an SSL connection is peeked, it is currently not possible to
deny it with http_access. For example, the following configuration
denies all
On 12/16/2014 01:07 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you are happy enough this is a solid patch it can go in ASAP and I
will release a 3.5 beta to test it.
patch applied to trunk
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22
On 12/18/2014 03:14 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks to the issue behind rev.13760 (Support http_access denials of
SslBump 'peeked' connections.) I intend to release a new beta approx.
20hrs from this writing. I hope this will be the final beta.
If
If there is not any objection I will apply this patch to trunk.
On 12/15/2014 12:39 PM, Tsantilas Christos wrote:
Hi all,
I am attaching a new patch for the pconn_lifetime feature. A first
patch has posted in mailing list and discussed under the mail thread
with the same title 1-2 months ago
Patch applied to trunk (revno: 13780).
On 12/23/2014 08:52 PM, Tsantilas Christos wrote:
If there is not any objection I will apply this patch to trunk.
On 12/15/2014 12:39 PM, Tsantilas Christos wrote:
Hi all,
I am attaching a new patch for the pconn_lifetime feature. A first
patch has
Bug description:
- Squid sslproxy_options deny the use of TLSv1_2 SSL protocol:
sslproxy_options NO_TLSv1_2
- Squid uses peek mode for bumped connections.
- Web client sends an TLSv1_2 hello message and squid in peek mode,
forwards the client hello message to server
- Web
SNI information is not set on transparent bumping mode
Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.
SslBump was not forwarding SNI to servers when Squid obtained SNI from
an intercepted client while peeking
the shutdown procedure.
Regards,
Christos
On 01/12/2015 07:22 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2015 6:02 a.m., Tsantilas Christos wrote:
Hi all,this patch moves pid file managment from coordinator
process to master process.
This move
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/01/2015 7:21 a.m., Tsantilas Christos wrote:
I made all requested changes/fixes. The patch also ported to latest
trunk.
Okay, +1 for commit
FYI: Alex, kinkie, and myself had a debate on IRC and came to an
agreement for calling the new directive
Patch applied to trunk as r13853
On 01/14/2015 06:00 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/01/2015 7:21 a.m., Tsantilas Christos wrote:
I made all requested changes/fixes. The patch also ported to latest
trunk.
Okay, +1 for commit
FYI: Alex
On 01/21/2015 12:17 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/01/2015 10:57 p.m., Tsantilas Christos wrote:
On 01/20/2015 02:55 AM, Alex Rousskov wrote:
On 01/16/2015 08:51 AM, Amos Jeffries wrote:
On 16/01/2015 11:29 a.m., Alex Rousskov wrote:
In SMP
file on exit.
On 01/21/2015 12:17 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/01/2015 10:57 p.m., Tsantilas Christos wrote:
On 01/20/2015 02:55 AM, Alex Rousskov wrote:
On 01/16/2015 08:51 AM, Amos Jeffries wrote:
On 16/01/2015 11:29 a.m., Alex Rousskov wrote
On 01/20/2015 02:55 AM, Alex Rousskov wrote:
On 01/16/2015 08:51 AM, Amos Jeffries wrote:
On 16/01/2015 11:29 a.m., Alex Rousskov wrote:
In SMP, there is only one Coordinator process, created by the
Master process.
All SMP kids (Coordinator, workers, and diskers) are started by
the Master
On 02/11/2015 09:48 PM, Amos Jeffries wrote:
On 12/02/2015 12:45 a.m., Tsantilas Christos wrote:
On 02/11/2015 01:54 AM, Amos Jeffries wrote:
On 9/02/2015 6:43 a.m., Tsantilas Christos wrote:
Bug description:
- Squid sslproxy_options deny the use of TLSv1_2 SSL protocol
On 02/17/2015 02:49 AM, Amos Jeffries wrote:
On 14/02/2015 8:25 a.m., Amos Jeffries wrote:
On 13/02/2015 11:52 p.m., Tsantilas Christos wrote:
A new patch, which also adds a Must clause for bumping step in
Ssl::PeerConnector::initializeSsl method.
Was applied as trunk rev.13928
yep
Hi all,
I am getting assertions while squid.conf parsed using the latest squid
sources. Looks that the reason is the splay trees. Is it possible that
this patch causes these bugs?
I am seeing this problem when an acl localhost src 127.0.0.1/32 line
is parsed (duplicate value?) or when
Hi all,
I am posting a new patch. Sorry for the delay but the patch was a
little old, and many changes required..
This patch updated to apply to the latest squid sources, and uses the
new http parser.
This patch modify the http parser to reject a method which include non
alphanumeric
On 01/12/2015 07:22 PM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2015 6:02 a.m., Tsantilas Christos wrote:
Hi all, this patch moves pid file managment from coordinator
process to master process.
This move is the first step necessary to avoid the following
On 02/09/2015 02:26 PM, Amos Jeffries wrote:
On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
SNI information is not set on transparent bumping mode
Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.
SslBump
On 02/12/2015 01:48 PM, Amos Jeffries wrote:
On 12/02/2015 11:31 p.m., Tsantilas Christos wrote:
On 02/11/2015 09:48 PM, Amos Jeffries wrote:
On 12/02/2015 12:45 a.m., Tsantilas Christos wrote:
On 02/11/2015 01:54 AM, Amos Jeffries wrote:
On 9/02/2015 6:43 a.m., Tsantilas Christos wrote
On 02/12/2015 05:33 PM, Amos Jeffries wrote:
On 13/02/2015 3:34 a.m., Tsantilas Christos wrote:
On 02/12/2015 01:48 PM, Amos Jeffries wrote:
On 12/02/2015 11:31 p.m., Tsantilas Christos wrote:
On 02/11/2015 09:48 PM, Amos Jeffries wrote:
On 12/02/2015 12:45 a.m., Tsantilas Christos wrote
On 01/01/2015 01:47 AM, Alex Rousskov wrote:
On 11/09/2014 02:02 PM, Tsantilas Christos wrote:
void
Http::Server::processParsedRequest(ClientSocketContext *context)
{
+if (!buildHttpRequest(context))
+return;
+
+if (Config.accessList.forceRequestBodyContinuation
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing with resuming SSL/TLS sessions. Without
these changes, SslBump usually terminates all resuming sessions with an
error because such sessions do not include server certificates,
preventing Squid
A patch which solves this problem applied to trunk as rev13984.
The patch is different that the patch I posted here.
It just adds enter_suid() calls after the writePidFile and removePidFile()
inside the watch_child() function.
Regards,
Christos
On 03/09/2015 11:09 AM, Tsantilas Christos
SMP workers in trunk start without root privileges. This results in
startup failures when workers need to use a privileged port (e.g., 443)
or other root-only features such as TPROXY.
This bug added with my Moved PID file management from Coordinator to
Master patch.
The problem is inside
On 03/07/2015 07:18 AM, Amos Jeffries wrote:
On 7/03/2015 12:18 a.m., Tsantilas Christos wrote:
SMP workers in trunk start without root privileges. This results in
startup failures when workers need to use a privileged port (e.g., 443)
or other root-only features such as TPROXY.
This bug
Squid closes the SSL client connection with Failed to start fake
CONNECT request for ssl spliced connection. This happens especially
often when the pipeline_prefetch configuration parameter is set to 0
(i.e., default).
When a transparent SSL connection is peeked and then spliced in step2,
Hi Amos,
I make a new patch for squid-3.5. Use this one it should be OK.
It include changes from r14013.
On 04/13/2015 03:49 PM, Amos Jeffries wrote:
On 11/04/2015 10:01 p.m., Tsantilas Christos wrote:
Patch applied as r14012.
I am attaching the t13 patch for squid-3.5 too.
I've
A new patch for Secure ICAP.
This is synced with the latest trunk.
Also handles Amos requests.
Regards,
Christos
On 04/10/2015 04:51 AM, Amos Jeffries wrote:
On 10/04/2015 2:43 a.m., Tsantilas Christos wrote:
This patch adds support for ICAP services that require SSL/TLS transport
If there is not any objection I will apply this patch to trunk.
On 04/15/2015 07:11 PM, Tsantilas Christos wrote:
Hi all,
I am attaching which fixes pconn_lifetime feature.
We had a long discussion for this feature, which is resulted to the
patch r13780, but unfortunately, Measurement
Patch applied to trunk as r14046.
On 04/27/2015 06:40 PM, Tsantilas Christos wrote:
If there is not any objection I will apply this patch to trunk.
On 04/15/2015 07:11 PM, Tsantilas Christos wrote:
Hi all,
I am attaching which fixes pconn_lifetime feature.
We had a long discussion
I found the following problem in squid-trunk and squid-3.5:
- Squid calls peer_select to retrieve server destinations addresses
- The peer_select returns two ip addresses, the first is an ipv6
address the second one is an ipv4.
- The FwdState creates a Comm::ConnOpener object which fails
Despite the must match comment, MAX_AUTHTOKEN_LEN in
auth/UserRequest.h got out of sync with similar constants in Negotiate
helpers. A 32KB buffer cannot fit some helper requests (e.g., those
carrying Privilege Account Certificate information in the client's
Kerberos ticket). Each truncated
Hi all,
I am attaching which fixes pconn_lifetime feature.
We had a long discussion for this feature, which is resulted to the
patch r13780, but unfortunately, Measurement Factory customers reported
problems:
1. Squid closed connections with partially received requests when they
reached
applied to trunk as r14021
I am also attaching the patch for squid-3.5, the trunk patch does not
apply cleanly.
On 04/16/2015 02:32 PM, Amos Jeffries wrote:
On 16/04/2015 8:51 p.m., Tsantilas Christos wrote:
A more complete patch.It handles the cases where the snprintf return an
error
Patch applied as r14012.
I am attaching the t13 patch for squid-3.5 too.
On 04/11/2015 06:18 AM, Amos Jeffries wrote:
On 11/04/2015 1:49 a.m., Tsantilas Christos wrote:
I am attaching patch for trunk and squid-3.5
Thank you. Looks pretty good now.
On 04/09/2015 04:13 PM, Amos Jeffries
This patch adds support for ICAP services that require SSL/TLS transport
connections.
To mark an ICAP service as secure, use an icaps:// service URI
scheme when listing your service via an icap_service directive.
Squid uses port 11344 for Secure ICAP by default, following another
popular
I will
post the patch for squid-3.5 too.
Regards,
Christos
On 03/17/2015 07:21 PM, Tsantilas Christos wrote:
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing with resuming SSL/TLS sessions. Without
these changes, SslBump usually
should
agree and use one prefix for all of these features to not confuse users)
Regards,
Christos
On 02/24/2015 10:29 PM, Tsantilas Christos wrote:
Hi all,
This patch adds server_name ACL matching server name(s) obtained from
various sources such as CONNECT request URI, client SNI, and SSL
Applied to trunk as r14007.
On 04/09/2015 04:07 AM, Amos Jeffries wrote:
On 9/04/2015 3:12 a.m., Tsantilas Christos wrote:
Hi all,
This patch fixes HttpStateData::readReply to retry read from server in
the case of EINPROGRESS, EAGAIN or similar errors
This bug mostly affects SSL bumped
Hi all,
This patch fixes HttpStateData::readReply to retry read from server in
the case of EINPROGRESS, EAGAIN or similar errors
This bug mostly affects SSL bumped connections. The
HttpStateData::readReply will not retry read from server in the case of
an EINPROGRESS or similar comm errors
mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
--
Tsantilas Christos
Network and Systems Engineer
email:chris...@chtsanti.net
web:http://www.chtsanti.net
Phone:+30 6977678842
___
squid-dev mailing list
squid
Currently, Squid cannot redirect intercepted connections that are
subject to SslBump rules to _originserver_ cache_peer. For example,
consider Squid that enforces safe search by redirecting clients to
forcesafesearch.example.com. Consider a TLS client that tries to connect
to www.example.com.
* Detect cases where the size file is corrupted or has a clearly wrong
value. Automatically rebuild the database in such cases.
* Teach ssl_crtd to keep running if it is unable to store the generated
certificate in the database. Return the generated certificate to Squid
and log an error
This patch, probably is ok as workarround, but my sense is that it is
not the best method to fix it. We should spent some hours of work to
check openSSL versions has the problem, and apply a better solution.
On 06/19/2015 06:39 AM, Amos Jeffries wrote:
Absent objections I have applied this
I am attaching a new patch for trunk which renames the noteClsure() to
noteClosureXXX().
If it is OK, I will post the squid-3.5 patch to.
Regards,
Christos
On 05/26/2015 10:59 AM, Amos Jeffries wrote:
On 26/05/2015 12:43 a.m., Tsantilas Christos wrote:
On 05/25/2015 02:37 PM, Amos
If there is not any objection I will apply this patch to trunk.
On 05/26/2015 12:00 PM, Tsantilas Christos wrote:
Hi all,
This patch allow user_cert and ca_cert ACLs to match arbitrary
stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
example, should be able to match
p.m., Tsantilas Christos wrote:
I am attaching a new patch for trunk which renames the noteClsure() to
noteClosureXXX().
If it is OK, I will post the squid-3.5 patch to.
It seems I mistook what Alex has been using the XXX() for.
What I'm thinking of for a long term fix can happen with either
I just show that I had forgot to attach the patch here.
On 06/23/2015 06:30 PM, Tsantilas Christos wrote:
* Detect cases where the size file is corrupted or has a clearly wrong
value. Automatically rebuild the database in such cases.
* Teach ssl_crtd to keep running if it is unable to store
The patch appllied to trunk as rev14132.
The applied patch includes the requested fixes.
Regards,
Christos
On 06/28/2015 03:17 PM, Amos Jeffries wrote:
On 24/06/2015 2:54 a.m., Tsantilas Christos wrote:
Currently, Squid cannot redirect intercepted connections that are
subject to SslBump
I am attaching a patch which implements the pconn_lifetime feature for
squid-3.5.x, in the case someone want to use it or we decide that it can
be inlcuded in squid-3.5.x.
This patch include the recent fixes for pconn_lifetime feature.
This is a Measurement Factory project
Regards,
Hi all,
This patch allow user_cert and ca_cert ACLs to match arbitrary
stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
example, should be able to match certificates that have
1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field.
Squid configuration
On 05/26/2015 12:10 PM, Amos Jeffries wrote:
On 26/05/2015 9:00 p.m., Tsantilas Christos wrote:
Hi all,
This patch allow user_cert and ca_cert ACLs to match arbitrary
stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
example, should be able to match certificates that have
Hi Nathan,
The patch works.
However I believe It is not good idea to configure SSL_CTX objects while
we are setting parameters to an SSL object.
A SSL_CTX object is common to many SSL objects.
Instead of setting SSL_CTX object from
configureSSLUsingPkeyAndCertFromMemory I am suggesting a
Hi all,
When bumping Squid needs to send an Squid-generated error page over a
secure connection, Squid needs to generate a certificate for that
connection. Prior to these changes, several scenarios could lead to
Squid generating a certificate that clients could not validate. In those
cases,
Patch applied to trunk as rev.14230
I am attaching the squid-3.5 version of the patch.
On 08/19/2015 08:56 AM, Amos Jeffries wrote:
On 19/08/2015 4:08 a.m., Tsantilas Christos wrote:
Handle nil HttpReply pointer inside various handlers called from
Ftp::Server::handleReply(). For example
Patch applied to trunk as rev.14227
I am also attaching the squid-3.5 version of the patch. The trunk patch
does not apply cleanly.
On 08/15/2015 03:21 AM, Amos Jeffries wrote:
On 15/08/2015 2:41 a.m., Tsantilas Christos wrote:
Hi all,
The wiki pages are fixed.
Is it OK to commit
Handle nil HttpReply pointer inside various handlers called from
Ftp::Server::handleReply(). For example, when the related StoreEntry
object is aborted, the client_side_reply.cc code may call the
Ftp::Server::handleReply() method with a nil reply pointer.
The Ftp::Server::handleReply()
On 08/11/2015 07:30 AM, Amos Jeffries wrote:
On 11/08/2015 3:54 a.m., Tsantilas Christos wrote:
According to Squid wiki: Some actions are not possible during certain
processing steps. During a given processing step, Squid ignores ssl_bump
lines with impossible actions. The distributed
Hi all,
Currently SSL subsystem did not initialized correctly in squid
trunk. This is because of the
Security::ProxyOutgoingConfig.encryptTransport which is always false so
the client SSL CTX object never builds. As a result squid may not start
if SSL is configured. I am attaching a small
This patch looks OK
On 08/10/2015 05:12 PM, Amos Jeffries wrote:
On 10/08/2015 11:29 p.m., Tsantilas Christos wrote:
On 08/06/2015 02:55 PM, Amos Jeffries wrote:
On 6/08/2015 9:54 p.m., Tsantilas Christos wrote:
Hi all,
Currently SSL subsystem did not initialized correctly in squid
According to Squid wiki: Some actions are not possible during certain
processing steps. During a given processing step, Squid ignores ssl_bump
lines with impossible actions. The distributed squid.conf.documented
has similar text.
Current Squid violates the above rule. Squid considers all
On 08/06/2015 02:55 PM, Amos Jeffries wrote:
On 6/08/2015 9:54 p.m., Tsantilas Christos wrote:
Hi all,
Currently SSL subsystem did not initialized correctly in squid trunk.
This is because of the Security::ProxyOutgoingConfig.encryptTransport
which is always false so the client SSL CTX
This patch adds received_encrypted ACL
The new received_encrypted ACL matches transactions where all HTTP
messages were received over TLS or SSL transport connections, including
messages received from ICAP servers.
Some eCAP services receive data from unencrypted sources. Some eCAP
services
On 07/21/2015 01:25 PM, Amos Jeffries wrote:
No. Christos wrote this:
NOTE: Currently there is not any mechanism to indicate if a cached
object came from secure source or not, so we assume that all hits for
secure requests are secure too.
The cache hits rely on the request markings to
Hi all,
The LDAP search filter in ext_ldap_group_acl is limited to 256
characters. In some environments the user DN or group filter can be
larger than this limitation.
This patch uses dynamic allocated buffers for LDAP search filters.
This is a Measurement Factory project
Allow unlimited
Patch applied to trunk as r14343.
On 10/07/2015 06:11 PM, Tsantilas Christos wrote:
If there is not any objection I will apply this patch to trunk.
On 09/29/2015 06:11 PM, Tsantilas Christos wrote:
A new version of this patch.
On 09/24/2015 04:11 PM, Amos Jeffries wrote:
On 17/09/2015 8
If there is not any objection I will apply this patch to trunk.
On 09/29/2015 06:11 PM, Tsantilas Christos wrote:
A new version of this patch.
On 09/24/2015 04:11 PM, Amos Jeffries wrote:
On 17/09/2015 8:08 p.m., Tsantilas Christos wrote:
Currently Squid with SSL bumping only logs SSL
Applied to trunk as r14146.
On 07/09/2015 04:30 PM, Amos Jeffries wrote:
On 4/07/2015 1:48 a.m., Tsantilas Christos wrote:
I just show that I had forgot to attach the patch here.
Looks reasonable. +1.
Amos
___
squid-dev mailing list
squid-dev
The patch for squid-3.5.
I suppose it should applied here too.
On 07/09/2015 04:13 PM, Tsantilas Christos wrote:
Applied to trunk as r14145.
On 07/07/2015 09:05 PM, Amos Jeffries wrote:
On 8/07/2015 4:28 a.m., Tsantilas Christos wrote:
Hi all,
When bumping Squid needs to send an Squid
Applied to trunk as r14145.
On 07/07/2015 09:05 PM, Amos Jeffries wrote:
On 8/07/2015 4:28 a.m., Tsantilas Christos wrote:
Hi all,
When bumping Squid needs to send an Squid-generated error page over a
secure connection, Squid needs to generate a certificate for that
connection. Prior
Hi all,
starting from Stuart Henderson mail about libreSSL I saw that in
current squid trunk (but not squid-3.5), for many Linux OS systems we
are always using SSLv23 as default method while connecting to server or
connecting to clients, without giving an other alternate to the users..
On 09/10/2015 11:09 PM, Amos Jeffries wrote:
On 11/09/2015 4:50 a.m., Tsantilas Christos wrote:
On 09/10/2015 04:07 PM, Stuart Henderson wrote:
LibreSSL has removed SSLv3, and it can be disabled optionally in OpenSSL
by building with no_ssl3. The patch below allows building against such a
I
Currently Squid with SSL bumping only logs SSL errors that have caused
Squid to block traffic. It does not log SSL errors that are mimicked.
Logging a list with all encountered (and ignored) errors is interesting
for debugging and statistics reasons.
The new %ssl::%ssl::cert_subject The
A new version of this patch.
On 09/24/2015 04:11 PM, Amos Jeffries wrote:
On 17/09/2015 8:08 p.m., Tsantilas Christos wrote:
Currently Squid with SSL bumping only logs SSL errors that have caused
Squid to block traffic. It does not log SSL errors that are mimicked.
Logging a list with all
90 matches
Mail list logo
