Author: trapexit
Author Date: 2020-08-05 04:21:44 UTC

Add http_port sslflags=CONDITIONAL_AUTH (#510)

Enabling this flag removes SSL_VERIFY_FAIL_IF_NO_PEER_CERT from the
SSL_CTX_set_verify callback. Meaning a client certificate verify
occurs iff provided.

Author: Amos Jeffries
Author Date: 2020-08-04 04:34:32 UTC

Enforce token characters for field-name (#700)

RFC 7230 defines field-name as a token. Request splitting and cache
poisoning attacks have used non-token characters to fool broken HTTP
agents behind or in front of Squid for years. This change should
significantly reduce that abuse.

If we discover exceptional situations that need special treatment, the
relaxed parser can allow them on a case-by-case basis (while being extra
careful about framing-related header fields), just like we already
tolerate some header whitespace (e.g., between the response header
field-name and colon).

Author: Amos Jeffries
Author Date: 2020-07-22 04:12:16 UTC

Create codeql-analysis.yml

Author: Alex Rousskov
Author Date: 2020-06-25 09:39:45 UTC

Avoid FwdState::serverConn while establishing a CONNECT tunnel (#681)

Master/v6 commit 25b0ce4 missed two cases where serverConnection() was
used prematurely: One case requires --enable-delay-pools, and the other
does not actually dereference the prematurely used serverConnection().
Both cases establish a CONNECT tunnel through a cache_peer.

Author: DrDaveD
Author Date: 2020-06-26 12:09:19 UTC

Bug 5051: Some collapsed revalidation responses never expire (#683)

* clear collapsed revalidation on a negative response

* fixup: Reduce chances of forgetting to call clearPublicKeyScope()

... in other/future sendClientUpstreamResponse() cases.

TODO:

1. Handle sendClientOldEntry() cases. We probably do not want future
   collapsed revalidation clients to accidentally collapse on the new
   entry that was rejected by this code. After all, such collapsing is
   exactly what caused bug 5051 AFAICT!

2. Consider cases where a collapsed revalidation did not reach
   handleIMSReply(). For example, imagine a client that created the
   collapsed revalidation entry and then disconnected or died. How to
   protect other clients on hitting that essentially stale entry
   forever, keeping bug 5051 alive?

Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>

Author: Armin Wolfermann
Author Date: 2020-02-04 20:15:00 UTC

fix security patch

Author: Francesco Chemolli
Author Date: 2018-10-21 13:06:33 UTC

Mingw build fixes

There are type errors and data access errors in windows-specific bits of
code.

Author: Garri Djavadyan
Author Date: 2016-12-17 13:56:49 UTC

Bug 4169: HIT marked as MISS when If-None-Match does not match

Author: Garri Djavadyan
Author Date: 2016-12-17 12:59:41 UTC

Bug 4169: HIT marked as MISS when If-None-Match does not match

Author: Garri Djavadyan
Author Date: 2016-12-17 10:04:42 UTC

Bug 4169: HIT marked as MISS when If-None-Match does not match

Author: Amos Jeffries
Author Date: 2016-12-17 06:37:44 UTC

Do not override user defined -std option

Author: Source Maintenance
Author Date: 2015-04-23 13:02:10 UTC

Docs: Update CONTRIBUTORS

Author: Amos Jeffries
Author Date: 2012-08-08 08:16:36 UTC

merged from trunk

Author: serassio <>
Author Date: 2008-03-02 23:54:50 UTC

Windows port: Add reconfigure action to cachemgr.

Author: robertc <>
Author Date: 2002-10-24 20:53:10 UTC

cbdata debug history