Squid

lp:~kinkie/squid/staging

Created by Francesco Chemolli on 2012-08-16 and last modified on 2015-12-09

Get this branch:: bzr branch lp:~kinkie/squid/staging

Only Francesco Chemolli can upload to this branch. If you are Francesco Chemolli please log in for upload directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Francesco Chemolli

Project:: Squid

Status:: Development

Recent revisions

14441. By Francesco Chemolli on 2015-12-09

Fix argument types for toupper in smblib.c

14440. By Amos Jeffries on 2015-12-08

Refactor ClientSocketContext write(2) using Server:: write methods

Writing to the client connection is scoped as an action for class Server
and its child classes. There is no need for ClientSocketContext to be
providing the callback handlers and performing I/O error handling.

With Server providing the current write handler we can move from
CBDATA callbacks to AsyncCall. Initial testing indicates this has some
minor performance benefit.

14439. By Amos Jeffries on 2015-12-08

TLS: refactor cert=/key= storage in libsecurity

This updates the cert=/key= filename storage from single entries
in PeerOptions to a list of key pairs in preparation for supporting
multiple certificates on client or server TLS contexts.

key= following a cert= parameter is now enforced, rather than just
warned about.

squid.conf can now be configured with multiple [cert= [key=...]]
pairs of filenames, however only the first is used. This differs
from older behaviour where the last value(s) were used. But since
configurations with multiple values was not supported previously
this seems acceptible breakage.

Since the multi-cert support is not fully existing yet this config
ability is left undocumented for now.

14438. By Christos Tsantilas on 2015-12-07

Fix connections over plain squid port to SSL origins

After the "Restrict SslBump inspections of cache_peer connections"/r14425 patch
https requests over plain proxy port (eg. "GET https://www.example.com/" on
http_port) does not work any more.
This is because the BlindPeerConnector class, which used now for any connection
to the https peers or servers designed initialy to work with cache_peer
connections.

This small patch fix Ssl::BlindPeerConnector to initiate SSL connections
destined to origin SSL servers.

This is a Measurement Factory project.

14437. By Amos Jeffries on 2015-12-07

Cleanup: pass PeerOptions to sslCreateClientContext()

... to reduce context creation code and simplify upcoming libsecurity
migration steps.

14436. By Amos Jeffries on 2015-12-06

Make TidyPointer act like other pointers in bool comparison

14435. By Amos Jeffries on 2015-12-06

Cleanup: Expose SSL initialization function to libsecurity

SSL initialize needs to be performed before any security context
objects are generated. Expose the function so that the new blank
context methods can use it.

14434. By Amos Jeffries on 2015-12-05

Add missing stub defines for rev.14433

14433. By Amos Jeffries on 2015-12-05

Cleanup TLS: shuffle context creation to libsecurity

14432. By Amos Jeffries on 2015-12-04

Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

Francesco Chemolli