git.ipfire.org Git - thirdparty/squid.git/commit

Remove broken -sha1 option from server_cert_fingerprint (#1249)

server_cert_fingerprint support for the sha1 parameter has been broken
for years, probably since its inception (2012 commit 42d3334). The bug
was known since at least 2018 when it was mentioned in Bug 4847
discussion. The single-dash syntax violates the double-dash pattern
used for other --long ACL options. If fixed, using the option would not
change Squid behavior because SHA1 is the default (and the only
supported) fingerprinting algorithm.

The option was meant to allow admins to be explicit about that default
in case it changes in the future, but implementation bugs derailed that
plan. The fix is not straightforward, and we should be focusing on more
important things.

author	Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
	Wed, 1 Feb 2023 19:25:10 +0000 (19:25 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Wed, 1 Feb 2023 23:49:20 +0000 (23:49 +0000)
commit	ab04fcb33356262f1ab582be5c2005066f20c6f9
tree	66b208cbc77373bd1efd9f11fb1f97538e19020d	tree \| snapshot
parent	8651e12628dfec0639a624b676f4f75211e7b9a8	commit \| diff

doc/release-notes/release-6.sgml		diff \| blob \| blame \| history
src/AclRegs.cc		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history