Re: [squid-dev] Cache-Groups RFC draft

2024-10-30 Thread Amos Jeffries
On 31/10/24 00:09, Francesco Chemolli wrote: Hi all, do we have any opinion on https://www.ietf.org/archive/id/draft-ietf-httpbis-cache-groups-02.html ? This is a further extension of Mark's variant Key header extensions to HTTP. When I proposed adding support for the first steps of these e

Re: [squid-dev] stable Squid build fails to be built on all EL9 distros for the past 2 years

2024-10-23 Thread Amos Jeffries
On 23/10/24 10:50, ngtech1...@gmail.com wrote: Hey Everyone, I have encountered a build issue on EL9 distros since 5.7 and while some of the issues were fixed the 6.10 still wouldn't build on all EL9 distros. It can be built on many other distributions and as far as I can tell it can be built on

[squid-dev] RFC: Removal of ESI Support from Squid

2024-09-07 Thread Amos Jeffries
Hi all, The ESI (Edge Side Includes) feature of Squid has a growing number of unfixed bugs, more than a few are turning into security issues. Also, the current Squid developers do not have spare brain cycles to maintain everything and v7 is seeing a lot more effort to prune away old and unus

Re: [squid-dev] Feature: Bearer Authentication - Status of deployment

2024-01-23 Thread Amos Jeffries
On 23/01/24 23:15, Alexandru Durlea wrote: Hi team, I have a question in regards to the Feature: _Bearer Authentication_ that is listed here: https://wiki.squid-cache.org/Features/BearerAuthentication Can see that it is marked with:

Re: [squid-dev] RFC: ACL clashes with Windows system entity

2023-12-06 Thread Amos Jeffries
On 7/12/23 10:47, Francesco Chemolli wrote: Hi all,   I'm looking at improving windows portability, and we have a name clash with a Windows system header (https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl

Re: [squid-dev] RFC: Squid documentation upgrade

2023-11-15 Thread Amos Jeffries
On 12/10/23 03:32, Alex Rousskov wrote: On 2023-10-11 02:25, Amos Jeffries wrote: Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated. So far we have a casual agreement

Re: [squid-dev] mirrors with missing files

2023-11-01 Thread Amos Jeffries
On 1/11/23 09:59, Alex Rousskov wrote: On 2023-10-31 15:39, Francesco Chemolli wrote: Before we can migrate ..., we need to deprecate, cleanup and simplify a lot. Do you really, really _need_ to "deprecate, cleanup, and simplify a lot" in order to stop mirroring tomorrow?! Start doing new min

Re: [squid-dev] squid-cache.org TLS certificate errors

2023-10-31 Thread Amos Jeffries
site on https:// do so under their own certificate; that's well known. Thanks for caring and for reaching out! Amos Jeffries The Squid Software Foundation On 31/10/23 22:45, Adam Majer wrote: Hi, Not really about squid, but more about the web hosting. Going to https://www.squid-cach

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

2023-10-11 Thread Amos Jeffries
On 12/10/23 01:09, ngtech1...@gmail.com wrote: Hey, Not sure I understood exactly what the proposal is? To remove the ./configure --disable-follow-x-forwarded-for build option. Leaving the feature available to everyone. HTH Amos From Amos response I understand that it will be converted

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

2023-10-11 Thread Amos Jeffries
On 11/10/23 08:19, Alex Rousskov wrote: On 2023-10-10 12:17, Francesco Chemolli wrote: what if we removed the configure option for FOLLOW_X_FORWARDED_FOR, and made it unconditionally part of Squid? Some Squid deployments will silently break AFAICT. In what way specifically? It is on b

[squid-dev] RFC: Squid documentation upgrade

2023-10-10 Thread Amos Jeffries
Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated. So far we have a casual agreement amongst the core dev team to use Markdown when reasonably possible. If anyone has issues w

[squid-dev] RFC: GitHub Projects and Issues

2023-05-05 Thread Amos Jeffries
Greetings all, You may (or not) have noticed that recently I have been experimenting with GitHub Projects. Creating a few for the major long-term efforts and assigned a number of the open PRs to them. IMO this looks like it could be a better way to track progress on incomplete features or co

[squid-dev] Latest Clang build errors

2023-03-28 Thread Amos Jeffries
Alex, since the whole IPC and SHM system is your design are you able to work on fixing the FlexibleArray build errors we are now getting with clang v15. IIRC FlexibleArray was a placeholder for std::dynarray, which is now officially dead. So if we can do an implementation which uses more stan

[squid-dev] 6.0.2 release update

2023-03-27 Thread Amos Jeffries
Hi all, Squid-6 beta release schedule calls for a 6.0.2 release this coming weekend. However we have not had enough change to qualify for a new release packaging. As such I/we are going to skip this monthly release. Cheers Amos ___ squid-dev maili

Re: [squid-dev] RFC: policy change for header #includes

2023-03-08 Thread Amos Jeffries
On 7/03/2023 10:14 pm, Francesco Chemolli wrote: I like this idea; I would also complement it with the directive to use header instead of whenever possible - this could also be automatically enforced That we already have. PRs doing the updates welcome. Amos __

[squid-dev] RFC: policy change for header #includes

2023-03-06 Thread Amos Jeffries
Current Policy : "  4. system C headers (with a .h suffix):     * mandatory HAVE_FOO_H wrapper " I propose using the C++17 "__has_include()" instead of HAVE_FOO_H whenever we can. Which is:  * all

Re: [squid-dev] Drop cache_object protocol support

2023-01-26 Thread Amos Jeffries
On 26/01/2023 3:30 am, Alex Rousskov wrote: On 1/25/23 07:29, Amos Jeffries wrote: On 25/01/2023 5:34 pm, Alex Rousskov wrote: On 1/24/23 20:57, Amos Jeffries wrote: Blocker #2: The squidclient tool still sends cache_object: scheme when given "mgr:" on the CLI. We need to upgrade

Re: [squid-dev] Drop cache_object protocol support

2023-01-25 Thread Amos Jeffries
On 25/01/2023 5:34 pm, Alex Rousskov wrote: On 1/24/23 20:57, Amos Jeffries wrote: Blocker #1:  The cachemgr_passwd directly still needs to be cleanly removed, eg replaced by a manager_access ACL based mechanism. I do not see a relationship: I have not tested it, but the existing

Re: [squid-dev] Drop cache_object protocol support

2023-01-24 Thread Amos Jeffries
On 25/01/2023 8:23 am, Alex Rousskov wrote: On 1/24/23 12:22, Eduard Bagdasaryan wrote: Today we can query cache manager in two ways: 1. with cache_object:// URL scheme 2. with an HTTP request having the 'squid-internal-mgr' path prefix. I guess that when (2) was initially added at e37bd29, i

Re: [squid-dev] RFC: Switch to C++17

2022-12-05 Thread Amos Jeffries
I support the switch. Caveat details below... On 5/12/2022 5:21 am, Francesco Chemolli wrote: I support the switch On Sun, 4 Dec 2022 at 16:18, Alex Rousskov wrote: Hello, C++17 is supported by popular modern compilers and stable distros. Squid master branch should target th

Re: [squid-dev] RFC: Semaphore CI to GitHub Actions migration

2022-10-22 Thread Amos Jeffries
Sounds good for the most part. On 20/10/22 03:25, Alex Rousskov wrote: Hello,     I plan to gradually turn Semaphore CI testing off and make GitHub Actions required. We should not babysit the same tests in two setups. Here is the current status of CI tests with regard to Semaphore and GitH

Re: [squid-dev] Proposal: switch to always-build for some currently optional features

2022-09-21 Thread Amos Jeffries
On 20/09/22 01:28, Francesco Chemolli wrote: Hi all,    there is a bunch of features that are currently gated at compile time: among others, I see: - adaptation (icap, ecap) - authentication - ident - delay pools - cache digests - htcp - cache digests - wccp - unlinkd I'd like to propose that

Re: [squid-dev] RFC submodule repositories

2022-08-01 Thread Amos Jeffries
On 1/08/22 03:09, Alex Rousskov wrote: On 7/31/22 00:29, Amos Jeffries wrote: When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. In my experience, git submodules are a

[squid-dev] RFC submodule repositories

2022-07-30 Thread Amos Jeffries
When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. What (if any) updates do we need to make to Anubis and other infrastructure so support git submodules ? Amos ___

Re: [squid-dev] Errors while building 5.6 on Ubuntu 22.04

2022-07-18 Thread Amos Jeffries
FWIW, The backport of OpenSSL 3.0 support to v5 did not apply completely clean. So it did not make v5 yet. I hope to have some time to work on it later this week, if not it might miss this point release. The patch in Debian is an earlier version of what eventually merged. Functionally identica

Re: [squid-dev] PR backlog

2022-06-07 Thread Amos Jeffries
On 7/06/22 05:19, Alex Rousskov wrote: On 6/6/22 03:34, Francesco Chemolli wrote:     we have quite a big backlog of open PRs (https://github.com/squid-cache/squid/pulls?page=1&q=is%3Apr+is%3Aopen). How about doing a 15-days sprint and clearing it or at least trimming it significantly? I am

Re: [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

2022-03-03 Thread Amos Jeffries
On 4/03/22 09:55, YFone Ling wrote: My application sends  HTTP CONNECT requests to a HTTP proxy port 80, but gets a squid ERR_CONFLICT_HOST error page. Why? CONNECT is a method reserved for use when talking to a forward/explicit-proxy. Port 80 is a port reserved for origin servers or re

Re: [squid-dev] CVE-2019-12522

2022-03-03 Thread Amos Jeffries
On 4/03/22 00:39, Eliezer Croitoru wrote: I'm still trying to understand why it's described as "exploitable" ??? It's like saying: The Linux Kernel should not be a kernel and init(or equivalent) should not run with uid 0 or 1. Why nobody complains about cockpit being a root process?? This expl

Re: [squid-dev] CVE-2019-12522

2022-03-02 Thread Amos Jeffries
On 2/03/22 05:35, Adam Majer wrote: Hi all, There apparently was a CVE assigned some time ago but I cannot seem to find it being addressed. https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt The crux of the problem is that privileges are not dropped and cou

Re: [squid-dev] v5.4 backports

2022-01-24 Thread Amos Jeffries
On 21/01/22 08:20, Alex Rousskov wrote: On 1/18/22 5:31 AM, Amos Jeffries wrote: The following changes accepted into v6 are also eligible for v5 but have issues preventing me scheduling them. This has conflicts I need some assistance resolving. So will not being doing the backport myself. If

Re: [squid-dev] RFC: Adding a new line to a regex

2022-01-21 Thread Amos Jeffries
candidate. Details below. On 1/21/22 12:42 PM, Amos Jeffries wrote: On 20/01/22 10:32, Alex Rousskov wrote: We have a use case where a regex in squid.conf should contain/match a new line [...] This email discusses the problem and proposes how to add a new line (and other special characters) to reg

Re: [squid-dev] RFC: Adding a new line to a regex

2022-01-21 Thread Amos Jeffries
On 20/01/22 10:32, Alex Rousskov wrote: Hello, We have a use case where a regex in squid.conf should contain/match a new line (i.e. ASCII LF). I do not know whether there are similar use cases with the existing squid.conf regex directives, but that is not important because we are adding a _

Re: [squid-dev] RFC: Adding a new line to a regex

2022-01-21 Thread Amos Jeffries
On 21/01/22 07:27, Eduard Bagdasaryan wrote: I would concur with Alex that (4) is preferable: It does not break old configurations, re-uses existing mechanisms and allows to apply it only when/where required. I have one more option for your consideration: escaping with a backtick (e.g., `n) ins

[squid-dev] v5.4 backports

2022-01-18 Thread Amos Jeffries
The following changes accepted into v6 are also eligible for v5 but have issues preventing me scheduling them. This has conflicts I need some assistance resolving. So will not being doing the backport myself. If you are interested please open a PR against v5 branch for the working backport be

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

2021-12-26 Thread Amos Jeffries
On 27/12/21 10:11, Alex Rousskov wrote: On 12/26/21 10:30 AM, Francesco Chemolli wrote: On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: If we manage to and agree on what platforms to "support" and on removing code dedicated to unsupported platforms, great! If we fail, I would like to propo

Re: [squid-dev] Squid does not accept WCCP of Cisco router since CVE 2021-28116

2021-12-06 Thread Amos Jeffries
On 6/12/21 12:11, Andrej Mikus wrote: Hi, I would like to find some information about wccp servers (routers, firewalls, etc) that are officially supported and therefore tested for compatibility. I thought there would be this kind of page published in squid wiki but failed to locate one. Since t

Re: [squid-dev] RFC: Categorize level-0/1 messages

2021-12-05 Thread Amos Jeffries
On 21/10/21 16:16, Alex Rousskov wrote: On 10/20/21 3:14 PM, Amos Jeffries wrote: On 21/10/21 4:22 am, Alex Rousskov wrote: To facilitate automatic monitoring of Squid cache.logs, I suggest to adjust Squid code to divide all level-0/1 messages into two major categories -- "problem mes

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

2021-12-05 Thread Amos Jeffries
On 5/12/21 22:44, Francesco Chemolli wrote: Hi all, continuing the conversation from https://github.com/squid-cache/squid/pull/942#issuecomment-986055422 to a bigger forum The discussion started out of a number of PRs meant to remove explicit support for obsolete platforms such as OSF/1, NeXT

Re: [squid-dev] request for change handling hostStrictVerify

2021-11-01 Thread Amos Jeffries
On 1/11/21 20:59, kk wrote: On Saturday, October 30, 2021 01:14 GMT, Alex Rousskov wrote: On 10/29/21 8:37 PM, Amos Jeffries wrote: > On 30/10/21 11:09, Alex Rousskov wrote: >> On 10/26/21 5:46 PM, kk wrote: >> >>> - Squid enforces the Client to use SNI >>&g

Re: [squid-dev] request for change handling hostStrictVerify

2021-10-29 Thread Amos Jeffries
On 30/10/21 11:09, Alex Rousskov wrote: On 10/26/21 5:46 PM, k...@sudo-i.net wrote: - Squid enforces the Client to use SNI - Squid lookup IP for SNI (DNS resolution). - Squid forces the client to go to the resolved IP AFAICT, the above strategy is in conflict with the "SECURITY NOTE" paragrap

Re: [squid-dev] RFC: Categorize level-0/1 messages

2021-10-20 Thread Amos Jeffries
On 21/10/21 4:22 am, Alex Rousskov wrote: Hello, Nobody likes to be awaken at night by an urgent call from NOC about some boring Squid cache.log message the NOC folks have not seen before (or miss a critical message that was ignored by the monitoring system). To facilitate automatic monitor

Re: [squid-dev] Incoming breaking changes to OpenSSL API

2021-09-20 Thread Amos Jeffries
On 20/09/21 7:16 pm, Francesco Chemolli wrote: Hi all, Fedora Rawhide has upgraded openssl to version 3, and the results can be seen at https://build.squid-cache.org/job/anybranch-arm64-matrix/COMPILER=gcc,OS=fedora-rawhide,label=arm64/10/console For example: In file included from ../../../.

Re: [squid-dev] Squid 4.13: too much memory used for ACL url_regex when big list file used

2021-08-16 Thread Amos Jeffries
On 17/08/21 5:45 am, Meridoff wrote: Hello, I have simplest squid config with such acl: acl a1 url_regex "/tmp/urls.txt" In /tmp/urls.txt there are about 220 000 URL regexps, most of them in such form (example): ^(https?|ftp)://([a-z0-9.-]+\.)?nicebox\.pro(/.*)?$ OR ^(https?|ftp)://order-yudo

Re: [squid-dev] Coding Style updates

2021-08-15 Thread Amos Jeffries
On 15/08/21 3:44 am, Alex Rousskov wrote: On 8/12/21 8:31 PM, Amos Jeffries wrote: I am aware that Factory ... prefers the one-line style. Factory does not prefer the one-line style. The existence of such a style requirement on Factory developers, and thus need for Squid code to match it

Re: [squid-dev] Coding Style updates

2021-08-12 Thread Amos Jeffries
On 13/08/21 4:28 am, Alex Rousskov wrote: On 8/12/21 12:42 AM, Amos Jeffries wrote: 1) return type on separate line from function definition. Current style requirement:   template<...>   void   foo(...)   {     ...   } AFAIK, this based on GNU project style preferences from t

[squid-dev] Coding Style updates

2021-08-11 Thread Amos Jeffries
Hi all, Now that we have astyle 3.1 for style enforcement we can take advantage of it to perform a few code style change that older versions could not. Before I do any work testing they work I'd like to review the relevant details of our style guidelines and see if we actually want to keep

Re: [squid-dev] Compilling squid

2021-07-23 Thread Amos Jeffries
On 23/07/21 6:00 pm, phenom252525 wrote: Hello again, I wrote to you not long ago. I have a question, since I am a novice linux user, I would like to learn how to compile and install the latest squid from source, for example squid 4.15. I have Ubuntu server installed on 18.04.05 with latest upd

Re: [squid-dev] Strategy about build farm nodes

2021-05-16 Thread Amos Jeffries
On 4/05/21 2:29 am, Alex Rousskov wrote: On 5/3/21 12:41 AM, Francesco Chemolli wrote: - we want our QA environment to match what users will use. For this reason, it is not sensible that we just stop upgrading our QA nodes, I see flaws in reasoning, but I do agree with the conclusion -- yes, w

Re: [squid-dev] squid-5.0.5-20210223-r4af19cc24 difference in behaviors between openbsd and linux

2021-03-29 Thread Amos Jeffries
On 29/03/21 6:16 am, Eliezer Croitoru wrote: Hey Robert, I am not sure I understood what is the meaning of the description: openbsd: Requiring client certificates. linux: Not requiring any client certificates @Eliezer: They are startup messages Squid prints in cache.log when a TLS server c

Re: [squid-dev] Extremely questionable code in Basic authentication module

2021-03-29 Thread Amos Jeffries
On 25/03/21 10:18 am, Joshua Rogers wrote: Hi there, I was looking at the file src/auth/basic/UserRequest.cc, in function Auth::Basic::UserRequest::module_direction:     case Auth::Ok:         if (user()->expiretime + static_cast(Auth::SchemeConfig::Find("basic"))->credentialsTTL <= squi

Re: [squid-dev] Questionable default 'range_offset_limit ' option

2021-03-19 Thread Amos Jeffries
On 19/03/21 6:13 pm, Joshua Rogers wrote: Hi there, According to http://www.squid-cache.org/Doc/config/range_offset_limit/ , 'range_offset_limit' is by default 'none'. This directive is an access control like http_access, but inst

Re: [squid-dev] Squid Windows: System Requirements/Metrics

2021-03-06 Thread Amos Jeffries
Hi Anuj, The details we have about Squid for Windows can all be found at . You may want to also look at the Diladele website linked from that wiki page for any details they have found in relation to their Windows packages. Amos __

Re: [squid-dev] rfc1738.c

2020-10-29 Thread Amos Jeffries
On 30/10/20 12:17 am, Damian Wojslaw wrote: Helo I've been recently following the PR that addresses issue with authentication in cachemgr.cc. It was mentioned that rfc1738_do_escape could use changing so it doesn't return static buffer. The latest Squid have AnyP::Uri::Encode() whic uses a c

Re: [squid-dev] Jenkins situation

2020-08-09 Thread Amos Jeffries
On 5/08/20 1:26 pm, Amos Jeffries wrote: > Hi all, > > With the recent Jenkins randomly failing builds due to git pull / fetch > failures I am having to selectively disable the PR Jenkins block on PR > merging for some hrs. Previous "normal" situation appears to be re

[squid-dev] Jenkins situation

2020-08-04 Thread Amos Jeffries
Hi all, With the recent Jenkins randomly failing builds due to git pull / fetch failures I am having to selectively disable the PR Jenkins block on PR merging for some hrs. Please do not mark any PRs with "M-cleared-for-merge" until further notice. I will do this myself with coordination on Jenki

Re: [squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

2020-07-30 Thread Amos Jeffries
On 30/07/20 6:41 am, Alex Rousskov wrote: > On 7/15/20 3:14 PM, Alex Rousskov wrote: > >> I propose to add a new tls_key_log directive to record TLS >> pre-master secret (and related encryption details) for to- and >> from-Squid TLS connections. This very useful triage feature is common >> for

Re: [squid-dev] TR: SQUID-4.12 build ACL_HELPER

2020-07-28 Thread Amos Jeffries
On 28/07/20 1:26 am, Ferdinand Michael wrote: > Hello, > >   > > I have a problem with the compilation everything works except the > ACL_helpers. > I doubt that statement is correct. This line: checking for ldap.h... (cached) no Says that a previous test for LDAP library dev files (eg by B

Re: [squid-dev] OpenSSL 3.0 support at last

2020-07-23 Thread Amos Jeffries
On 24/07/20 3:24 am, Christos Tsantilas wrote: > On 23/7/20 7:08 π.μ., Amos Jeffries wrote: >> Hi guys, >> >> OpenSSL 3.0 with their new GPL compatible license is becoming available >> now in Debian and that means we can finally auto-enable all OpenSSL >> fe

[squid-dev] OpenSSL 3.0 support at last

2020-07-22 Thread Amos Jeffries
Hi guys, OpenSSL 3.0 with their new GPL compatible license is becoming available now in Debian and that means we can finally auto-enable all OpenSSL features when building against that version. I am starting test build now to see how much breakage we have to work through for a basic compile. Is

Re: [squid-dev] RFC: making TrieNode less memory-hungry

2020-06-30 Thread Amos Jeffries
On 20/06/20 9:13 am, Francesco Chemolli wrote: > Hi all, >   I'm looking at the TrieNode code, and while it's super fast, it's > quite memory-hungry: each node uses 2kb of RAM for the children index > and any moderately-sized Trie has plenty of nodes. On the upside, it's > blazing fast. > > How ab

[squid-dev] Proposed focus for Squid-6

2020-06-30 Thread Amos Jeffries
I have been asked a few weeks ago about what the "goal for Squid-6" is going to be. The last few version we have focused on C++11 optimizations and code upgrades. While the code is not entirely C++11 (and may never be) new additions are routinely using and upgrading code to the improved language f

Re: [squid-dev] RFC: Modernizing sources using clang-tidy

2020-05-30 Thread Amos Jeffries
On 20/04/20 2:02 pm, Alex Rousskov wrote: > Hello, > > Squid sources contain a lot of poorly written, obsolete, and > inconsistent code that (objectively) complicates development and > (unfortunately) increases tensions among developers during review. > > Some of those problems can be solved

Re: [squid-dev] Squid command

2020-05-30 Thread Amos Jeffries
On 27/05/20 2:25 pm, pic rat rat wrote:> Dear sir, > > We've found problem of squid program after config in squid.conf > "ssl-bump generate-host-certificates=on," I hope that comma ',' is not in your config file. If it is that would be the problem. > service is not run, however I remove "generate

Re: [squid-dev] cppunit -> googletest / gmock?

2020-05-30 Thread Amos Jeffries
On 31/05/20 5:27 am, Francesco Chemolli wrote: > Hi all, >    starting from a PR in a conversation with Alex about our current > approach to unit testing being painful, I've checked what alternatives > would we have and how practical would they be. > > An easy first option would be googletest/goog

Re: [squid-dev] squid master build with alternate openssl fails

2020-05-10 Thread Amos Jeffries
On 10/05/20 7:53 pm, Amos Jeffries wrote: > On 10/05/20 7:02 pm, Christos Tsantilas wrote: >> On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >>> Does this change resolve the issue for you? >> >> It is a step but this is not enough. >> >> I am attaching a pat

Re: [squid-dev] squid master build with alternate openssl fails

2020-05-10 Thread Amos Jeffries
On 10/05/20 7:02 pm, Christos Tsantilas wrote: > On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >> Does this change resolve the issue for you? > > It is a step but this is not enough. > > I am attaching a patch which finally solved the issue. However still it > is not enough,

Re: [squid-dev] squid master build with alternate openssl fails

2020-05-08 Thread Amos Jeffries
On 9/05/20 2:58 am, Alex Rousskov wrote: > On 5/8/20 10:12 AM, Christos Tsantilas wrote: > >> Squid master 699ade2d fails to build with an alternate OpenSsl, when the >> "--with-openssl=/path/to/openssl" is used. > > Francesco, builds with custom OpenSSL paths are not that uncommon, > especially

Re: [squid-dev] squid master build with alternate openssl fails

2020-05-08 Thread Amos Jeffries
Does this change resolve the issue for you? diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 7f5a72e5b..5860b690e 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -188,9 +188,9 @@ AC_DEFUN([SQUID_OPTIONAL_LIB],[ squid_auto_lib=`echo $1|tr "\-" "_"` se

Re: [squid-dev] RFC: cacheMatchAcl

2020-04-04 Thread Amos Jeffries
On 4/04/20 7:49 pm, Francesco Chemolli wrote: > I am not sure about what you recommend to do here. > This cache is IMO over complicated and it breaks layering. > I’m mostly done in a PR replacing the dlink with a std::list but without > changing the overall design. It does kill a few tens of lines

Re: [squid-dev] RFC: cacheMatchAcl

2020-04-03 Thread Amos Jeffries
On 4/04/20 3:34 am, Alex Rousskov wrote: > On 4/3/20 7:25 AM, Francesco Chemolli wrote: > >>   I'm looking at places where to improve things a bit, and I stumbled >> across cacheMatchAcl . It tries hard to be generic, but it is only ever >> used in ACLProxyAuth::matchProxyAuth . Would it make sens

Re: [squid-dev] squid.conf future

2020-02-24 Thread Amos Jeffries
On 25/02/20 6:11 am, Alex Rousskov wrote: > On 2/24/20 3:11 AM, Amos Jeffries wrote: > >> While doing some polish to cf_gen tool (PR #558) I am faced with some >> large code edits to get that tool any more compliant with our current >> guidelines. With that comes the quest

[squid-dev] squid.conf future

2020-02-24 Thread Amos Jeffries
Hi all, While doing some polish to cf_gen tool (PR #558) I am faced with some large code edits to get that tool any more compliant with our current guidelines. With that comes the question of whether that more detailed work is worth doing at all ... For the future I am considering a switch of cf

Re: [squid-dev] Want to integrate squid github to Jenkins CI

2020-01-22 Thread Amos Jeffries
On 23/01/20 2:45 am, Justin Michael Schwartzbeck wrote: > The SHA list sounds great. Thanks for that. I notice that 4.10 is not > there? Is it not considered "stable" officially? > Ah, seems a small bug in our server scripts. Fixed now. Amos ___ squid-

Re: [squid-dev] Want to integrate squid github to Jenkins CI

2020-01-22 Thread Amos Jeffries
On 22/01/20 5:30 pm, Justin Michael Schwartzbeck wrote: > Hi Amos, thanks for replying. > > So I guess maybe I need to narrow this down a little bit more. Is there > some programmatic way that I can get the *latest stable release* > *version* and *source download link*? > Right now I can do this b

Re: [squid-dev] Want to integrate squid github to Jenkins CI

2020-01-20 Thread Amos Jeffries
On 21/01/20 12:52 pm, agent_js03 wrote: > Hi all, > > I am putting together a squid + content filter solution using docker and > kubernetes. > Right now I am setting up a CI system in Jenkins so that when there is a new > release of squid, it will pull the code, build a new container,and then > pu

Re: [squid-dev] Efficient FD annotations

2020-01-09 Thread Amos Jeffries
On 8/01/20 3:39 am, Alex Rousskov wrote: > On 1/7/20 1:39 AM, Amos Jeffries wrote: >> On 7/01/20 4:28 am, Alex Rousskov wrote: >>> For the record: The ideas below are superseded by the concept of the >>> code context introduced in commit ccfbe8f, including the >>

Re: [squid-dev] Timeouts for abandoned negative reviews

2020-01-09 Thread Amos Jeffries
On 9/01/20 11:20 am, Alex Rousskov wrote: > Hello, > > Squid GitHub pull requests have the following problem: A core > developer can stall PR progress by submitting a negative review and then > ignoring the PR (despite others reminding them that the reviewer action > is required). Such stalled

Re: [squid-dev] Efficient FD annotations

2020-01-06 Thread Amos Jeffries
On 7/01/20 4:28 am, Alex Rousskov wrote: > For the record: The ideas below are superseded by the concept of the > code context introduced in commit ccfbe8f, including the > fde::codeContext field. --Alex > If you want to go that way (replace fde:note with fde:codeContext) we are going to have to

Re: [squid-dev] Squid-5 status update and RFI

2019-12-30 Thread Amos Jeffries
On 31/12/19 3:01 am, Alex Rousskov wrote: > On 12/30/19 4:46 AM, Amos Jeffries wrote: >> >> The v5 branch will be bumped to master HEAD >> commit in a few hours then the documentation update PRs for stage 2 will >> proceed. > > I would wait for all pending v5

Re: [squid-dev] Squid-5 status update and RFI

2019-12-30 Thread Amos Jeffries
Summary: <https://wiki.squid-cache.org/ReleaseProcess#General_Release_Process_Guidelines> Stage 1 is now complete. The v5 branch will be bumped to master HEAD commit in a few hours then the documentation update PRs for stage 2 will proceed. On 5/09/19 10:37 pm, Amos Jeffries wrote

Re: [squid-dev] PRs ready for merge

2019-10-11 Thread Amos Jeffries
On 11/10/19 11:41 am, Alex Rousskov wrote: > Hi Amos, > > I believe the following two PRs are ready to go in. I added the > corresponding comments and labels to these PRs. I did not hear from you > since then, and I do not know whether you are OK with these PRs going in > or just unaware of my

[squid-dev] Squid-5 status update and RFI

2019-09-05 Thread Amos Jeffries
Hi all, A request today for backporting large changes to v4 has prompted me to take a look at where Squid-5 is in terms of being ready for branching. As of a few weeks ago it passed the criteria for feature count. There are 3 new major or higher bugs right now, 23 new ones in total already known

Re: [squid-dev] Fix handling of tiny invalid responses in v4

2019-07-03 Thread Amos Jeffries
On 3/07/19 3:51 am, Alex Rousskov wrote: > Hi Amos, > > Do you plan to commit the following v5/master fix to v4? If that is > your plan, then what is the current ETA and do you need help with > porting or testing these changes to/in v4? > I plan to spend most of the next 4 days on Squid catc

[squid-dev] HTTP body/payload Digest mechanism

2019-06-28 Thread Amos Jeffries
Hi all, The HTTPbis Working Group has adopted the following feature specification for delivering resource/representation Digest checksums into HTTP. I know some of you were interested earlier in relation to Content-MD5 (being for

[squid-dev] Absence

2019-03-28 Thread Amos Jeffries
Hi guys, I will be effectively offline for the next few days. There are some PR needing my review or re-review. As well as backports to v4. I intend to get to them as soon as I am back. Cheers Amos ___ squid-dev mailing list squid-dev@lists.squid-cache

[squid-dev] Squid-5 status update

2019-01-27 Thread Amos Jeffries
Hi all, So being January and fielding questions about when v5 will be released I have taken a look at the state of trunk/HEAD/master code to see whether or not there is enough change to be worth a new Squid series. Right now things are looking close but not quite enough. The details I am looki

Re: [squid-dev] [RFC] Do we want paranoid_hit_validation?

2019-01-14 Thread Amos Jeffries
On 9/01/19 4:01 am, Alex Rousskov wrote: > On 1/8/19 1:50 AM, Amos Jeffries wrote: >> On 8/01/19 4:58 pm, Alex Rousskov wrote: >>> This particular validation does not require checksums or other expensive >>> computations. It does not require disk I/O. The code simply

Re: [squid-dev] [RFC] Do we want paranoid_hit_validation?

2019-01-08 Thread Amos Jeffries
On 8/01/19 4:58 pm, Alex Rousskov wrote: > Hello, > > Squid has a few bugs that may result in rock cache corruption. > Factory is working on fixing those bugs. During that work, we have added > support for validating rock disk cache entry metadata at the time of a > cache hit. > > This partic

Re: [squid-dev] how i can make each user to use only specify port in squid proxy

2018-11-21 Thread Amos Jeffries
ar whether the problem you are currently seeing is going to help you reach your actual goal or just a problem on the way to an irrelevant situation. Please provide more precise details about what you are doing when you re-post to squid-users. That will greatly improve any assistance people ca

Re: [squid-dev] TLS 1.3 0rtt

2018-11-21 Thread Amos Jeffries
On 16/11/18 3:07 am, Marcus Kool wrote: > After reading > https://www.privateinternetaccess.com/blog/2018/11/supercookey-a-supercookie-built-into-tls-1-2-and-1-3/ > I am wondering if the TLS 1.3 implementation in Squid will have an > option to disable the 0rtt feature so that user tracking is reduc

Re: [squid-dev] modify source code and change the name from "squid" to other name

2018-10-01 Thread Amos Jeffries
On 2/10/18 9:36 AM, --Ahmad-- wrote: > just curious to do and tell my friends i have some thing uniqe :) > Renaming source code is not unique. Squid-2.6 and Squid-2.7 were actually a fork of the main Squid source code. "Lusca" is the name of a proxy forked off Squid-2.7. "SquidNT" is another old

Re: [squid-dev] Squid supports two-ssl auth as mated squid proxy

2018-08-12 Thread Amos Jeffries
On 11/08/18 05:02, rahman wrote: > Hi ,Please let me know squid supports two way ssl authentication.Please > confirm if we can have an application server connection to remote server via > NATed squid proxy. The remote server requires client authentication > (SSLMutual Auth)? If yes, please guide on

Re: [squid-dev] Converting squid to library

2018-08-05 Thread Amos Jeffries
On 05/08/18 18:57, Manju Prabhu wrote: > Hi Amos, > Sure, thanks.  > > Initially, I am planning to try to use f-stack. Something, similar > to  > https://github.com/F-Stack/f-stack/blob/master/doc/F-Stack_Nginx_APP_Guide.md > F-stack provides wrappers around POSIX APIs.\ > So, apart from squid and

Re: [squid-dev] How to rewrite URL in squid proxy server according to client's custom request header?

2018-08-02 Thread Amos Jeffries
On 01/08/18 08:27, Abu Noman wrote: > How can I rewrite the destination in Squid proxy server according to the > client's request header? > This is a usage question. Please followup in squid-users mailing list. The answer is yes and no. No - Squid does not do any re-writing. It calls a helper p

Re: [squid-dev] Converting squid to library

2018-08-02 Thread Amos Jeffries
On 02/08/18 18:32, Manju Prabhu wrote: > Hi, > I plan to use Squid for ssl-proxy in my project. However, I have my own > data-path and TCP stack I want to try it out with for performance > reasons. The TCP stack could be in user-space for example, if I use DPDK. > > * Is there any potential pitfal

Re: [squid-dev] Squid versioning

2018-07-30 Thread Amos Jeffries
On 31/07/18 05:11, Lubos Uhliarik wrote: > Hey all, > > I wanted to ask, how is it now with squid versioning. Is configuration from > version 4.1 backward > compatible with version 4.0? Maybe, but don't count on it. 4.0.z are betas where things are slightly broken at points. 4.y (with y > 0) a

Re: [squid-dev] Allowing the admin to decide if a specific DNS+ip is ok for caching.

2018-07-19 Thread Amos Jeffries
On 19/07/18 04:56, Eliezer Croitoru wrote: > Hey Squid-Dev’s, > >   > > Currently Squid-Cache forces Host Header Forgery on http and https requests. > > -  https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery > Forces? no. Prevents. > Squid is working properly or “the best” wh

Re: [squid-dev] Terminating ICAP requests for aborted HTTP requests

2018-07-11 Thread Amos Jeffries
On 12/07/18 03:46, Alex Rousskov wrote: > On 07/11/2018 07:54 AM, Steve Hill wrote: > >> the HTTP client had made a request which has been forwarded onto >> the web server, the web server has started responding, Squid is sending >> the response body to the RESPMOD ICAP service and is forwarding th

[squid-dev] Squid-3.5 future

2018-07-01 Thread Amos Jeffries
Hi all, Now that Squid-4 has finally achieved a stable release its time to formally deprecated support for Squid-3.5 series. As per policy Squid-3.5 is officially deprecated as of today. I would normally release a final 3.5 tarball alongside the 4.1 tarball. But due to time constraints have no

Re: [squid-dev] Support lower case http/ spn format for realmd/adcli join support.

2018-06-27 Thread Amos Jeffries
On 28/06/18 08:24, Mike Surcouf wrote: > Thanks Amos for your comprehensive reply..  open SSH requires lower case > host/ and as you say windows doesn't seem to care so they solved it for > that case but seems that uppercase is the convention for HTTP. >   Do you have an official reference for HTTP

  1   2   3   4   5   6   7   8   9   10   >