Re: [squid-dev] [PATCH] Correct various problems with errno

2015-05-07 Thread Amos Jeffries 
On 1/05/2015 5:48 p.m., Alex Dowad wrote:
> Dear Squid devs,
> 
> Please have a look at the attached patch. Your feedback will be appreciated.
> 

Sorry for the lag. Looks better than before.

NP: I'm holding off on approving until I can clear up whats happened to
IPv6 in 3.5.4. I'm pretty certain its a side effect of the errno changes
altering Squids state assumptions when IPv6 fails.

Amos
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] Death of SSLv3

2015-05-07 Thread Alex Rousskov 
On 05/07/2015 04:03 AM, Amos Jeffries wrote:
> Its done. SSLv3 is now a "MUST NOT use" protocol from RFC 7525
> 
> It's time for us to start ripping out from trunk all features and hacks
> supporting its use.

No, it is not time yet. Too many folks still use SSL and cannot switch
to TLS just because a "best current practice" document recommends that
they do. User needs trump RFC compliance in this case.

Alex.

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] Death of SSLv3

2015-05-07 Thread Marcus Kool 



On 05/07/2015 07:03 AM, Amos Jeffries wrote:

Its done. SSLv3 is now a "MUST NOT use" protocol from RFC 7525
()


good decision.


It's time for us to start ripping out from trunk all features and hacks
supporting its use. Over the coming days I will be submitting patches to
remove the squid.conf settings, similar to SSLv2 removal earlier.

The exceptions which may remain are SSLv3 features which are used by the
still-supported TLS versions. Such as session resume, and the SSLv3
format of Hello message (though not the SSLv3 protocol IDs).


are you sure you want to do this _now_ ?

It is predictable that users will complain with
"I know this provider is stupid and uses SSLv3 but I _need_ to access that site for 
our business"
and use this as a reason not to upgrade or blame squid.

It may not be that much extra work to have a new option "use_sslv3" with the 
default setting to OFF
and not ripping SSLv3 code yet.  Also, if you do not rip SSLv3, Squid can 
detect that a site uses
SSLv3 and give a useful error message like "this site insists in using the unsafe 
SSLv3 protocol"
instead of a confusing "unknown protocol".

Marcus



Christos, if you can keep this in mind for all current / pending, and
future "SSL" work.

Amos

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev


___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] Death of SSLv3

2015-05-07 Thread Amos Jeffries 
Its done. SSLv3 is now a "MUST NOT use" protocol from RFC 7525
()

It's time for us to start ripping out from trunk all features and hacks
supporting its use. Over the coming days I will be submitting patches to
remove the squid.conf settings, similar to SSLv2 removal earlier.

The exceptions which may remain are SSLv3 features which are used by the
still-supported TLS versions. Such as session resume, and the SSLv3
format of Hello message (though not the SSLv3 protocol IDs).

Christos, if you can keep this in mind for all current / pending, and
future "SSL" work.

Amos

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] [PATCH] Fix broken build with musl libc (caused by sys/signal.h)

2015-05-07 Thread Alex Dowad 
When included, musl libc's sys/signal.h issues a compiler warning
stating that signal.h should be used directly instead. If gcc is
treating all warnings as errors, this breaks the build.

glibc's sys/signal.h does not contain any definitions; all it does
is include signal.h (indirectly). So directly including signal.h
doesn't break anything with glibc.
---
 lib/rfcnb/rfcnb-io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rfcnb/rfcnb-io.c b/lib/rfcnb/rfcnb-io.c
index c0ed19c..a02f619 100644
--- a/lib/rfcnb/rfcnb-io.c
+++ b/lib/rfcnb/rfcnb-io.c
@@ -40,7 +40,7 @@
 #include 
 #endif
 #include 
-#include 
+#include 
 
 int RFCNB_Timeout = 0;  /* Timeout in seconds ... */
 
-- 
2.0.0.GIT

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] Build failed in Jenkins: trunk-opensolaris-matrix » suncc,opensolaris11-sparc #2

2015-05-07 Thread noc 
See 


--
Started by upstream project "trunk-opensolaris-matrix" build number 2
originally caused by:
 Started by user Francesco Chemolli
Building remotely on opensolaris11-sparc (sunos-5.11 sparc-sunos-5.11 sunos 
sparc 5.11 sparc-sunos) in workspace 


Deleting project workspace... Cleaning workspace...
$ bzr branch http://bzr.squid-cache.org/bzr/squid3/trunk/ 

bzr: ERROR: Connection error: while sending GET 
http://bzr.squid-cache.org/bzr/squid3/.bzr/repository/indices/6f931f7d21dceb6274f7924c574bebb0.cix:
 [Errno 146] Connection refused
ERROR: Failed to branch http://bzr.squid-cache.org/bzr/squid3/trunk/
Retrying after 10 seconds
$ bzr revision-info -d 

info result: bzr revision-info -d 

 returned 3. Command output: "" stderr: "bzr: ERROR: Not a branch: 
":
 location is a repository.
"
[opensolaris11-sparc] $ bzr pull --overwrite 
http://bzr.squid-cache.org/bzr/squid3/trunk/
bzr: ERROR: Not a branch: 
":
 location is a repository.
ERROR: Failed to pull
Since BZR itself isn't crash safe, we'll clean the workspace so that on the 
next try we'll do a clean pull...
Retrying after 10 seconds
Cleaning workspace...
$ bzr branch http://bzr.squid-cache.org/bzr/squid3/trunk/ 

bzr: ERROR: Connection error: while sending GET 
http://bzr.squid-cache.org/bzr/squid3/.bzr/repository/packs/f306f3fe7ecc3cabbc02829c54e5a484.pack:
 [Errno 146] Connection refused
ERROR: Failed to branch http://bzr.squid-cache.org/bzr/squid3/trunk/
[description-setter] Description set: 
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] Build failed in Jenkins: trunk-opensolaris-matrix » suncc,opensolaris11-sparc #1

2015-05-07 Thread noc 
See 


--
Started by upstream project "trunk-opensolaris-matrix" build number 1
originally caused by:
 Started by user Francesco Chemolli
Building remotely on opensolaris11-sparc (sunos-5.11 sparc-sunos-5.11 sunos 
sparc 5.11 sparc-sunos) in workspace 


Deleting project workspace... Cleaning workspace...
$ bzr branch http://bzr.squid-cache.org/bzr/squid3/trunk/ 

bzr: ERROR: Couldn't import bzrlib and dependencies.
Please check the directory containing bzrlib is on your PYTHONPATH.

Traceback (most recent call last):
  File "/home/squidci/bin/bzr", line 74, in 
import bzrlib
ImportError: No module named bzrlib
ERROR: Failed to branch http://bzr.squid-cache.org/bzr/squid3/trunk/
Retrying after 10 seconds
Cleaning workspace...
$ bzr branch http://bzr.squid-cache.org/bzr/squid3/trunk/ 

bzr: ERROR: Couldn't import bzrlib and dependencies.
Please check the directory containing bzrlib is on your PYTHONPATH.

Traceback (most recent call last):
  File "/home/squidci/bin/bzr", line 74, in 
import bzrlib
ImportError: No module named bzrlib
ERROR: Failed to branch http://bzr.squid-cache.org/bzr/squid3/trunk/
Retrying after 10 seconds
Cleaning workspace...
$ bzr branch http://bzr.squid-cache.org/bzr/squid3/trunk/ 

bzr: ERROR: Couldn't import bzrlib and dependencies.
Please check the directory containing bzrlib is on your PYTHONPATH.

Traceback (most recent call last):
  File "/home/squidci/bin/bzr", line 74, in 
import bzrlib
ImportError: No module named bzrlib
ERROR: Failed to branch http://bzr.squid-cache.org/bzr/squid3/trunk/
[description-setter] Description set: 
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev