On 09/02/2014 03:51 AM, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/09/2014 4:49 a.m., Tsantilas Christos wrote:
Hi all,
This patch add a new configuration option the 'pconn_lifetime' to
allow users set the desired maximum lifetime of a persistent
connect
Hi all,
This patch add a new configuration option the 'pconn_lifetime' to allow
users set the desired maximum lifetime of a persistent connection.
When set, Squid will close a now-idle persistent connection that
exceeded configured lifetime instead of moving the connection into the
idle conn
Hi all,
The total server time is not computed in some cases, for example for
CONNECT requests. An other example case is when server-first bumping
mode is used and squid connects to SSL peer, but connection terminated
before the SSL handshake completes.
The attached patch is trying to fix the
On 07/31/2014 03:35 AM, Amos Jeffries wrote:
Hi Christos,
Can you confirm or deny for me that these %USER_CERT_* macros map to the
%ssl::>cert_* logformat codes?
Not exactly.
- The %ssl::>cert_subject is equivalent to the %USER_CERT_DN external
acl macro
- The %ssl::>cert_issuer is equival
On 07/17/2014 02:51 AM, Amos Jeffries wrote:
On 17/07/2014 8:01 a.m., Alex Rousskov wrote:
On 07/16/2014 11:39 AM, Tsantilas Christos wrote:
Hi all,
Squid currently does not make a check for the TOS values used in squid
configuration file. Squid will accept 8bit numbers as TOS values
On 07/16/2014 11:01 PM, Alex Rousskov wrote:
On 07/16/2014 11:39 AM, Tsantilas Christos wrote:
Hi all,
Squid currently does not make a check for the TOS values used in squid
configuration file. Squid will accept 8bit numbers as TOS values, however:
1) TOS values with 1st ad 2nd bit set can
Hi all,
Squid currently does not make a check for the TOS values used in squid
configuration file. Squid will accept 8bit numbers as TOS values, however:
1) TOS values with 1st ad 2nd bit set can not be used. These bits used
by the ECN. For Linux if someone try to set the 0x23 value as TOS val
On 07/11/2014 05:47 PM, Alex Rousskov wrote:
On 07/11/2014 05:27 AM, Tsantilas Christos wrote:
The PageSpeed example fits better to a post-cache RESPMOD feature.
I do not think so. Post-cache RESPMOD does not allow Squid to cache the
adapted variants. Please let me know if I missed how post
The post-cache REQMOD and post-cache RESPMOD is a must for squid.
The example of PageSpeed also is very good. I must note that there are
already similar features integrated to other commercial products, for
example:
http://www.citrix.com/products/bytemobile-adaptive-traffic-management/tech-in
If there are no objections I will apply this patch to trunk
Regards,
Christos
On 06/27/2014 06:38 PM, Tsantilas Christos wrote:
Hi all,
Currently FwdState::negotiateSSL() operates on a TCP connection
without a timeout. If, for example, the server never responds to Squid
SSL Hello, the
If there are no objections I will apply the latest patch to trunk.
Regards,
Christos
On 06/26/2014 05:45 PM, Tsantilas Christos wrote:
A new patch.
Changes:
- clt_conn_id renamed to clt_conn_tag
- Amos requested fixes.
I hope it is OK.
Regards,
Christos
On 06/22/2014 08:43 PM
Hi all,
Currently FwdState::negotiateSSL() operates on a TCP connection without
a timeout. If, for example, the server never responds to Squid SSL
Hello, the connection getstuck forever. This happens in real world when,
for example, a client is trying to establish an SSL connection through
bu
A new patch.
Changes:
- clt_conn_id renamed to clt_conn_tag
- Amos requested fixes.
I hope it is OK.
Regards,
Christos
On 06/22/2014 08:43 PM, Tsantilas Christos wrote:
Hi all,
The attached patch replaces existin annotation values with the new one
received from helpers.
Just one
On 06/24/2014 08:21 AM, Amos Jeffries wrote:
On 24/06/2014 1:44 a.m., Tsantilas Christos wrote:
On 06/23/2014 09:50 AM, Amos Jeffries wrote:
On 23/06/2014 5:43 a.m., Tsantilas Christos wrote:
in src/Notes.cc:
* replaceOrAdd iterates over the notes list twice in the event of
removals (due to
On 06/23/2014 09:50 AM, Amos Jeffries wrote:
On 23/06/2014 5:43 a.m., Tsantilas Christos wrote:
Hi all,
The attached patch replaces existin annotation values with the new one
received from helpers.
Just one question. We are documenting key-value pairs in cf.data.pre
only for url-rewriter
clt_conn_id=%{clt_conn_id}note ...
On 06/19/2014 09:07 PM, Tsantilas Christos wrote:
On 06/16/2014 06:36 PM, Alex Rousskov wrote:
On 06/15/2014 12:07 AM, Amos Jeffries wrote:
On 15/06/2014 4:58 a.m., Alex Rousskov wrote:
On 06/11/2014 08:52 AM, Tsantilas Christos wrote:
I must also note that this
On 06/16/2014 06:36 PM, Alex Rousskov wrote:
On 06/15/2014 12:07 AM, Amos Jeffries wrote:
On 15/06/2014 4:58 a.m., Alex Rousskov wrote:
On 06/11/2014 08:52 AM, Tsantilas Christos wrote:
I must also note that this patch adds an inconsistency. All annotation
key=values pairs received from
On 06/13/2014 10:46 PM, Alex Rousskov wrote:
On 04/25/2014 01:46 AM, Amos Jeffries wrote:
On 25/04/2014 12:56 p.m., Alex Rousskov wrote:
Do not leak fake SSL certificate context cache when reconfigure
changes port addresses.
This requires the guarantee that all connections using the storage
TCP client connections tagging is useful for faking various forms of
connection-based "authentication" when standard HTTP authentication
cannot be used. A URL rewriter or, external ACL helper may mark the
"authenticated" client connection to avoid going through
"authentication" steps during sub
The problem still exist in trunk..
If no objection I will apply latest Alex's patch to trunk
Regards,
Christos
On 04/09/2014 02:17 AM, Alex Rousskov wrote:
> On 04/08/2014 09:28 AM, Tsantilas Christos wrote:
>
>> Alex analysis for the crashes is correct. However
OK.
Looks that the attached patch should be enough to solve trunk with ecap
build.
If no problem I will apply to trunk.
Regards,
Christos
On 05/02/2014 05:48 PM, Alex Rousskov wrote:
> On 05/01/2014 04:21 AM, Tsantilas Christos wrote:
>> On 04/30/2014 09:33 PM, Alex Rouss
On 04/30/2014 09:33 PM, Alex Rousskov wrote:
> On 28/04/2014 5:35 a.m., Tsantilas Christos wrote:
>> Unfortunately this is not build with ecap.
>
>
> On 04/27/2014 07:57 PM, Amos Jeffries wrote:
>> What the eCAP field needs to be set to depends on its definition:
&g
patch applied to trunk as revno: 13387
On 04/24/2014 05:12 PM, Tsantilas Christos wrote:
> Currently note values printed with "%note" formating code, which
> contain non alphanumeric characters, were quoted and quotes were then
> escaped, resulting in bizarre logged rendition
To summarize, the requested changes are:
*in cf.data.pre:
replace:
max-conn limit works poorly when there is a relatively
large number of idle persistent connections with the
peer because the limiting code does not know that
Squid can often reuse some of those idle connections.
with:
max-conn cur
On 04/28/2014 04:57 AM, Amos Jeffries wrote:
> On 28/04/2014 5:35 a.m., Tsantilas Christos wrote:
>> Unfortunately this is not build with ecap.
>>
>> The ecap uses the HttpMsg::protocol, to describe protocol for both
>> requests and responses.
>> Looks that HttpRe
Hi all,
I have problems when trying to build squid with gnuTLS support.
My system has installed the 2.12.x version of the gnu tls library. But
looks that squid uses gnutls functions which are investigated in 3.1.x
release, for example gnutls_certificate_verify_peers3 or
gnutls_certificate_verifica
Currently note values printed with "%note" formating code, which
contain non alphanumeric characters, were quoted and quotes were then
escaped, resulting in bizarre logged rendition of empty or simple values
(often received from various helpers):
%22-%22
%22Default_Google%22
%22p
On 04/23/2014 06:08 PM, Alex Rousskov wrote:
> On 04/23/2014 05:36 AM, Amos Jeffries wrote:
>
>> So,
>> The internals of the library code (when enabled) can reference OpenSSL
>> and/or the src/ssl/*.h objects as needed.
>
> I am not sure that is a good rule. Maintaining an interface-level
> sepa
On 04/22/2014 10:18 PM, Amos Jeffries wrote:
>
> Hi Christos,
> Alex and I have just reached a design agreement about how to manage
> these modularizations going forward.
Hi Amos,
>
> We have decided to construct a namespace Security:: in a library at
> security/libsecurity.la which presents
On 04/09/2014 02:17 AM, Alex Rousskov wrote:
> On 04/08/2014 09:28 AM, Tsantilas Christos wrote:
>> The global objects in C++ normally destroyed in the reverse order they
>> created. The Adaptation::*::TheConfig objects created on squid start,
>> but the std::vector lists c
I did a bzr update just now, to commit, and I see that this problem is
fixed :-)
Please ignore
On 04/08/2014 06:48 PM, Tsantilas Christos wrote:
> The problem is that the peer_select code trying to access a std::vector
> which is already destroyed.
> If we call peerSelect for fwd
The problem is that the peer_select code trying to access a std::vector
which is already destroyed.
If we call peerSelect for fwd FwdState object eg:
peerSelect(&fwd->serverDestinations, ..., fwd);
and the fwd state object become invalid (eg because client closed the
connection) then it is pos
Hi all,
Alex analysis for the crashes is correct. However I believe that we
should try fixing the crashes, not be back to squid Vector. Or even if
we go back to squid Vector, we still need to fix this problem.
The Squid Vector, just hides the problem does not solve it.
Looks that in in many case
Hi all,
When an error page template file is empty I am getting strange
behaviour, sometimes I am getting an assertion failed, some other cases
crap send to the client instead of an error page.
These problems caused because a MemBuf , in which no data added is not
NULL terminated. I am attaching a
If there are no objections, I will apply this patch to trunk.
Regards,
Christos
On 03/19/2014 05:55 PM, Tsantilas Christos wrote:
> This patch add support for ftp_epsv ACLs. The following syntax is supported:
> ftp_epsv on
> ftp_epsv off
> ftp_epsv deny acl1
> ftp_
On 03/22/2014 05:54 AM, Amos Jeffries wrote:
> On 22/03/2014 7:46 a.m., Tsantilas Christos wrote:
>>
>> Hi all,
>> a Measurement Factory customer reported the following bug:
>>
>>1) A user sends a CONNECT request with valid credentials
>>2) Squid c
Hi all,
a Measurement Factory customer reported the following bug:
1) A user sends a CONNECT request with valid credentials
2) Squid checks the credentials and adds the user to the user cache
3) The same user sends a CONNECT request with invalid credentials
4) Squid overwrites the e
This patch add support for ftp_epsv ACLs. The following syntax is supported:
ftp_epsv on
ftp_epsv off
ftp_epsv deny acl1
ftp_epsv allow acl2 acl3
The action of the first matching line wins. The "ftp_epsv on|off" syntax
is supported for backward compatibility and it is equivalent to ftp_eps
On 03/18/2014 11:37 AM, Amos Jeffries wrote:
> On 18/03/2014 9:32 p.m., Tsantilas Christos wrote:
>> On 03/17/2014 11:11 AM, Amos Jeffries wrote:
>>> This is the patch making libnettle mandatory dependency and dropping
>>> completely the bundled MD5 implementation
On 03/17/2014 11:11 AM, Amos Jeffries wrote:
> This is the patch making libnettle mandatory dependency and dropping
> completely the bundled MD5 implementation.
Why the bundled MD5 implementation should removed? Is there any reason?
Adding (mandatory) depedencies to external libraries, which are n
On 03/13/2014 11:35 AM, Amos Jeffries wrote:
> On 13/03/2014 10:07 p.m., Tsantilas Christos wrote:
>> On 03/13/2014 06:06 AM, Amos Jeffries wrote:
>
>>>
>>>
>>> Those can be done on commit. +1 conditional on the above change.
>>
>> I have apply
On 03/13/2014 06:06 AM, Amos Jeffries wrote:
> On 25/02/2014 5:53 a.m., Tsantilas Christos wrote:
>> On 02/24/2014 01:40 AM, Amos Jeffries wrote:
>>> On 2014-02-24 10:12, Tsantilas Christos wrote:
>>>> Hi all,
>>>>
>>>> This patch add t
If no objection, I will apply this patch to trunk.
On 02/24/2014 06:53 PM, Tsantilas Christos wrote:
> On 02/24/2014 01:40 AM, Amos Jeffries wrote:
>> On 2014-02-24 10:12, Tsantilas Christos wrote:
>>> Hi all,
>>>
>>> This patch add the url_rewrite_ex
On 03/10/2014 11:50 PM, Amos Jeffries wrote:
> I've been searching for some time for a crypto library that provides
> algorithms like base64, MD4, MD5, SHA* etc that are used by Squid. So we
> can remove the bundled re-implementations and avoid some big issues like
> FIPS compliance of Squid.
>
>
On 02/24/2014 01:40 AM, Amos Jeffries wrote:
> On 2014-02-24 10:12, Tsantilas Christos wrote:
>> Hi all,
>>
>> This patch add the url_rewrite_extras for redirector helpers.
>> The url_rewrite_extras is a "quoted string" with logformat %macro
>>
Hi all,
This patch add the url_rewrite_extras for redirector helpers.
The url_rewrite_extras is a "quoted string" with logformat %macro
support. It is appended to request line for redirector helpers.
Example usage:
url_rewrite_extras "Note1=%{Note1}note Note2=%{Note2}note"
The url_rewrtite_ex
Hi all,
While working on 4005 bug, we found some problems, which fixed with the
attached patch:
1) The dynamic_cert_mem_cache_size does not change on reconfigure
2) When dynamic_cert_mem_cache_size of http_port set to 0 then:
a) The dynamic certs cache is grow unlimited.
The attached pat
Hi all,
I am attaching a patch which try to add some notes which is missing from
key_extras documentation in squid.conf.documented. For example the
current squid.conf.documented in trunk does not say that the
expanded key_extras value is added to the Squid credentials cache and,
hence, will affec
On 01/27/2014 03:44 PM, Amos Jeffries wrote:
> On 27/01/2014 8:18 a.m., Henrik Nordström wrote:
>> sön 2014-01-26 klockan 13:59 +1300 skrev Amos Jeffries:
>
>>
>>> Ditto for shared memory spaces.
>>
>> Named shared memory spaces need consistent naming. Having a squid.conf
>> directive with a macro
On 01/26/2014 02:59 AM, Amos Jeffries wrote:
>
> So how do we safely allow users to configure where the IPC sockets are
> located on a per-worker basis while also allowing workers to communicate
> over them to each other?
>
We should not consider squid users as persons which needs protection
from
On 01/22/2014 07:45 AM, Alex Rousskov wrote:
> I can think of two very different ways to go forward from here:
>
> A) Forget about other agents, sides, etc. and focus on the HTTP server
> (i.e., client-side*cc) code exclusively. That code does not need a
> TcpReceiver. It needs a lot of work, but
On 01/20/2014 08:45 PM, Alex Rousskov wrote:
> Hello,
>
> FTP gateway[1] code[2] work well, and we are polishing it for the
> official submission. The biggest change we need to make is to rearrange
> where the new code lives in Squid src directory. In this email, I am
> proposing how to struct
On 01/10/2014 01:04 AM, Amos Jeffries wrote:
> On 2014-01-10 04:50, Tsantilas Christos wrote:
>> On 01/09/2014 12:07 AM, Amos Jeffries wrote:
>>> On 2014-01-09 07:30, Tsantilas Christos wrote:
>>>> This patch implement SSL session cache sharing across SMP workers
On 01/09/2014 12:07 AM, Amos Jeffries wrote:
> On 2014-01-09 07:30, Tsantilas Christos wrote:
>> This patch implement SSL session cache sharing across SMP workers using
>> shared memory. The following new squid configuration options added:
>>
>> - The "sslproxy_
This patch implement SSL session cache sharing across SMP workers using
shared memory. The following new squid configuration options added:
- The "sslproxy_session_cache_size" option which sets the cache size to
use for ssl session. Example usage:
sslproxy_session_cache_size 4 MB
- The "ss
On 12/11/2013 12:09 AM, Amos Jeffries wrote:
> On 2013-12-11 10:46, Tsantilas Christos wrote:
>> Hi all,
>>
>> currently we have the following situation for sslcrtvalidator_children
>> configuration option, which is may confusing people:
>> 1) The testin
Hi all,
currently we have the following situation for sslcrtvalidator_children
configuration option, which is may confusing people:
1) The testing sslcrtvalidator helper supports concurrency
2) The default concurrency if the sslcrtvalidator_children is not set,
is concurrency=0
3) The default s
Patch applied to trunk
On 12/05/2013 03:14 PM, Tsantilas Christos wrote:
> If there are no any objections I will apply this patch to trunk...
>
> On 11/25/2013 12:01 PM, Tsantilas Christos wrote:
>> This is the third version of the patch
>>
>> On 11/23/2013 08:08 AM,
If there are no any objections I will apply this patch to trunk...
On 11/25/2013 12:01 PM, Tsantilas Christos wrote:
> This is the third version of the patch
>
> On 11/23/2013 08:08 AM, Amos Jeffries wrote:
>> On 23/11/2013 5:42 a.m., Tsantilas Christos wrote:
>>> I am s
Patch applied to trunk
On 12/02/2013 07:50 PM, Tsantilas Christos wrote:
> If there are no any objections I will commit this patch to trunk
>
>
> On 11/21/2013 03:19 PM, Tsantilas Christos wrote:
>> Hi all,
>>
>> eCAP/ICAP adapter authors (and probably
If there are no any objections I will commit this patch to trunk
On 11/21/2013 03:19 PM, Tsantilas Christos wrote:
> Hi all,
>
> eCAP/ICAP adapter authors (and probably others) need access to master
> transaction start time to estimate user-perceived delay (and probably
> fo
On 11/18/2013 10:11 PM, Alex Rousskov wrote:
> On 11/18/2013 10:51 AM, Tsantilas Christos wrote:
>> On 11/17/2013 07:00 AM, Alex Rousskov wrote:
>>> On 11/16/2013 08:01 PM, Amos Jeffries wrote:
>>>> On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
>>>
On 11/18/2013 10:39 PM, Amos Jeffries wrote:
> On 2013-11-19 08:47, Alex Rousskov wrote:
>> On 11/18/2013 10:57 AM, Tsantilas Christos wrote:
>>> On 11/15/2013 05:11 PM, Amos Jeffries wrote:
>>>> in src/auth/ntlm/UserRequest.cc:
>>>>
>>>&
On 11/17/2013 07:00 AM, Alex Rousskov wrote:
> On 11/16/2013 08:01 PM, Amos Jeffries wrote:
>> On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
>>>auth_param digest key_suffix "%lp"
>
>> Halfway: key_extras ?
>
>
> Works for me.
Just to summarize.
Is this means that the request_realm renamed
On 11/15/2013 05:11 PM, Amos Jeffries wrote:
> in src/auth/ntlm/UserRequest.cc:
>
> * the YR and KK are lookups codes, not part of the credentials. They
> must be first on the helper query line and not manipulable by the admin.
> - same problem in Negotiate as well.
If we remove the lookupcodes
On 11/14/2013 10:01 PM, Amos Jeffries wrote:
> On 2013-11-14 22:36, Tsantilas Christos wrote:
>> ping for this patch...
>>
>> If not objection I will commit this patch to trunk
>>
>
> I'd like to have another read through it before that happens. Sorry.
> W
ping for this patch...
If not objection I will commit this patch to trunk
Regards,
Christos
On 10/29/2013 06:13 PM, Tsantilas Christos wrote:
> Hi all,
>
> The attached patch add the "auth_param request_format" and "auth_param
> request_realm" to proxy
On 11/11/2013 09:11 AM, Amos Jeffries wrote:
> On 7/11/2013 11:27 p.m., Tsantilas Christos wrote:
>> This patch adds the new ACL adaptation_service, to match the name of:
>>
>>- an adaptation service or group that had been applied to the master
>> transac
On 11/11/2013 09:11 AM, Amos Jeffries wrote:
> On 7/11/2013 11:27 p.m., Tsantilas Christos wrote:
>> This patch adds the new ACL adaptation_service, to match the name of:
>>
>>- an adaptation service or group that had been applied to the master
>> transac
This patch adds the new ACL adaptation_service, to match the name of:
- an adaptation service or group that had been applied to the master
transaction in the past
- an adaptation service or group that is being applied to the master
transaction now
An adaptation group is formed by
On 09/27/2013 08:47 PM, Alex Rousskov wrote:
> On 09/27/2013 09:39 AM, Amos Jeffries wrote:
>> On 28/09/2013 3:18 a.m., Tsantilas Christos wrote:
>>> On 09/27/2013 08:23 AM, Alex Rousskov wrote:
>>>> Using approach (2) with flexible RE delimiter, we could write
&g
On 09/27/2013 08:23 AM, Alex Rousskov wrote:
>
> Using approach (2) with flexible RE delimiter, we could write
>
> acl foo url_regex /ends[) (]/
> or
> acl foo url_regex {ends[) (]}
> or
> acl foo url_regex @ends[) (]@
>
> and it will all work without double escaping.
Alex, in the
On 09/26/2013 09:14 PM, Alex Rousskov wrote:
> On 08/30/2013 11:39 AM, Alex Rousskov wrote:
>
>> One of the key ideas behind "strict syntax" is that the token "type" can
>> be and is determined by the parser (simple token, quoted string, regular
>> expression, number, etc.) and not the caller. Thi
On 08/29/2013 04:30 AM, Amos Jeffries wrote:
> On 29/08/2013 3:58 a.m., Alex Rousskov wrote:
>> On 08/28/2013 09:31 AM, Tsantilas Christos wrote:
>>> On 08/28/2013 06:04 PM, Alex Rousskov wrote:
>>>> What do others think? Is this important enough to fix?
>>>
On 08/28/2013 06:23 PM, Alex Rousskov wrote:
> On 08/21/2013 09:34 AM, Tsantilas Christos wrote:
>
>> -message << "Bungled " << f->filePath << " line " << f->lineNo <<
>> +message << "Bungled (#
On 08/28/2013 06:04 PM, Alex Rousskov wrote:
> On 08/21/2013 09:34 AM, Tsantilas Christos wrote:
>> On 08/13/2013 11:57 PM, Alex Rousskov wrote:
>
>>> Another potential problem here is with the '=' character. We have to
>>> allow it because existing c
Is this patch OK?
Should I commit to trunk?
On 08/21/2013 06:34 PM, Tsantilas Christos wrote:
> On 08/13/2013 11:57 PM, Alex Rousskov wrote:
>> On 08/07/2013 03:11 AM, Tsantilas Christos wrote:
>>> On 07/31/2013 07:59 PM, Alex Rousskov wrote:
>>>> 2. When configura
On 08/13/2013 11:57 PM, Alex Rousskov wrote:
> On 08/07/2013 03:11 AM, Tsantilas Christos wrote:
>> On 07/31/2013 07:59 PM, Alex Rousskov wrote:
>>> 2. When configuration_includes_quoted_values is on, new "strict syntax"
>>> rules are enforced:
>
>>&
Hi all,
I am attaching a new patch which try to handle the reported problems.
Just adding a new method which do special parsing for tokens like the
regex has many effects, for example the ConfigParser::TokenUndo
mechanism can not work.
This patch:
1) By default disables quoted tokens
("configu
On 07/30/2013 10:52 PM, Amos Jeffries wrote:
> On 31/07/2013 6:23 a.m., Tsantilas Christos wrote:
>> On 07/30/2013 08:12 PM, Amos Jeffries wrote:
>>> I just ran your patch past my set of test cases built from the user
>>> complaints so far:
>>>
>
On 07/30/2013 11:15 PM, Amos Jeffries wrote:
> On 31/07/2013 6:47 a.m., Tsantilas Christos wrote:
>> On 07/30/2013 09:17 PM, Amos Jeffries wrote:
>>>> However Amos refers to an other case. For the following line:
>>>> "Simple Tokens"
>>>> we
On 07/30/2013 09:17 PM, Amos Jeffries wrote:
>> However Amos refers to an other case. For the following line:
>> "Simple Tokens"
>> we may want to retrieve the token "Simple
>>
>> Do we have any example where this is required? (Not for regex, for regex
>> we have an exception...)
>
> In most place
On 07/30/2013 08:12 PM, Amos Jeffries wrote:
> I just ran your patch past my set of test cases built from the user
> complaints so far:
>
>
> 2013/07/31 04:56:39| Processing: configuration_includes_quoted_values off
> ...
> 2013/07/31 04:56:39| Processing: acl notAfunction url_regex
> ^somethingO
On 07/30/2013 08:03 PM, Alex Rousskov wrote:
> On 07/30/2013 10:04 AM, Amos Jeffries wrote:
>> On 31/07/2013 3:03 a.m., Tsantilas Christos wrote:
>>> 2) If configuration_includes_quoted_values is set to "on" (new style
>>> enabled) and token ends on a ( ch
Hi all,
I am posting an alternate patch.
This patch:
1) If token starts from ( do not consider it as function parameters
start point and return a token from ( to the next white space
2) If configuration_includes_quoted_values is set to "on" (new style
enabled) and token ends on a ( character, c
On 07/26/2013 03:49 PM, Amos Jeffries wrote:
> On 26/07/2013 10:20 p.m., Tsantilas Christos wrote:
>> This patch try to detect infinite OpenSSL validation loops.
>>
>> If OpenSSL is stuck in a validation loop, Squid breaks the loop and
>> triggers a new custom SQUID_X50
This patch try to detect infinite OpenSSL validation loops.
If OpenSSL is stuck in a validation loop, Squid breaks the loop and
triggers a new custom SQUID_X509_V_ERR_INFINITE_VALIDATION SSL
validation error.
That error cannot be bypassed using sslproxy_cert_error because to break
the loop Squid h
On 07/23/2013 08:18 PM, Alex Rousskov wrote:
> It is with great sadness I inform you that Dmitry Kurochkin died in a
> skydiving accident a few days ago. Dmitry was an avid skydiver, with
> more than 360 jumps and some regional records behind him. He loved that
> sport.
>
> Dmitry's recent contrib
On 07/12/2013 08:06 PM, Amos Jeffries wrote:
> On 13/07/2013 2:05 a.m., Tsantilas Christos wrote:
>> This patch add new logformat codes to log TOS/DSCP values and netfilter
>> marks for client and server connections. If multiple outgoing
>> connections were used, the last
This patch add new logformat codes to log TOS/DSCP values and netfilter
marks for client and server connections. If multiple outgoing
connections were used, the last used connection value logged.
The values printed in hexadecimal form.
The logformat codes are:
%>tosClient connection tos mar
we can just remove the assertion.
However still I do not know how an entry with lastmod=-1 (no
Last-Modified header) found in my cache and causes the above assertion.
Any opinion on this?
On 06/28/2013 04:50 PM, Tsantilas Christos wrote:
> This patch sends an If-None-Match request, when
I will commit this patch to trunk if there is not any objection
On 06/29/2013 07:28 AM, Amos Jeffries wrote:
> On 29/06/2013 1:50 a.m., Tsantilas Christos wrote:
>> This patch sends an If-None-Match request, when we need to re-validate
>> if a cached object which has a stron
On 07/01/2013 01:41 PM, Tsantilas Christos wrote:
> The problem looks that it is that is is uses an older version to
> configure openSSL which is installed under the "/usr/" and finally
> builds with a newer version which installed under the "/usr/local/"
>
>
The patch is OK.
Just one small fix required. Somewhere in the patch there are the
following lines:
- ],
- [
- AC_MSG_RESULT([no])
- ],
- [
+ [])
+)
+if "x$squid_cv_pstringdata_hack" = "xyes" ; then
AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
- AC_M
"$LDFLAGS -L/usr/local/lib -Wl,-R/usr/local/lib"
;;
We should include the "/usr/local/" include and library paths for clang
compiler too.
On 07/01/2013 01:10 PM, Amos Jeffries wrote:
> On 1/07/2013 8:02 p.m., Tsantilas Christos wrote:
>> I need to see again in config.lo
I need to see again in config.log script (I suppose the
ws/btlayer-02-maximus/lonfig.log file or something like that).
I can not find it anywhere in Jenkins web interface. Is there any
standard way to find out build files without have to bother you?
On 07/01/2013 07:38 AM, Amos Jeffries wrote:
>
The script which check for "const SSL_METHOD *" fails on FreeBSD using
clang compiler...
On 07/01/2013 07:38 AM, Amos Jeffries wrote:
> On 1/07/2013 3:54 a.m., Christos Tsantilas wrote:
>>
>> revno: 12925
>> fixes bug(s): http://bugs.
The attached patch fixes two problems
- Bug 3868: The SSL_CTX_new in newer openSSL releases requires a const
'SSL_METHOD *' argument and in older releases requires non const
'SSL_METHD *' argument. Currently we are trying to identify openSSL
version using the OPENSSL_VERSION_NUMBER define but loo
Which is your OS?
Which openSSL version are you using?
Can you also post the outout of "g++ -v" command?
On 06/28/2013 03:19 PM, neeraj kharbanda wrote:
> error while compiling squid head 12919
>
> certificate_db.cc: In static member function ‘static void
> Ssl::CertificateDb::sq_TXT_DB_
> delet
This patch sends an If-None-Match request, when we need to re-validate
if a cached object which has a strong ETag is still valid.
This is also done in the cases an HTTP client request contains HTTP
headers prohibiting a from-cache response (i.e., a "reload" request).
The use of If-None-Match req
1 - 100 of 662 matches
Mail list logo