Docs: release notes updates

diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index fe3bc32d078468f14a6a08144017f6b04ac1d454..9cb1d1f1d9ad9368f66e83c273f1691a457ac2cb 100644 (file)
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -222,6 +222,12 @@ This section gives a thorough account of those changes in three categories:
           server certificate.
        <p>New <em>tls-domain=</em> option to verify the server certificate domain.
 
+       <tag>logformat</tag>
+       <p>New code <em>%ssl::&lt;cert_errors</em> to display server certificate errors.
+
+       <tag>pid_filename</tag>
+       <p>Default value now based on squid -n command line parameter.
+
        <tag>refresh_pattern</tag>
        <p>Removed <em>ignore-auth</em>. Its commonly desired behaviour is
           performed by default with correct HTTP/1.1 revalidation.

diff --git a/src/cf.data.pre b/src/cf.data.pre
index e9944786e19dd1f1d3c37916b8fe182740a4f453..537b6f115b525c50f71cde3f6cbf7ff8b83ff79b 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -4218,7 +4218,6 @@ DOC_START
                                Squid, although most fields are often preserved.
                                Optional header name argument as for >h
 
-
            RESPONSE
 
                [http::]<Hs     HTTP status code received from the next hop
@@ -4249,7 +4248,6 @@ DOC_START
                                Generated FTP/Gopher listings are treated as
                                received bodies.
 
-
            TIMING
 
                [http::]<pt     Peer response time in milliseconds. The timer starts
@@ -4287,6 +4285,28 @@ DOC_START
                                after the peek, stare, or splice SSL bumping
                                actions.
 
+               ssl::>cert_subject
+                               The Subject field of the received client
+                               SSL certificate or a dash ('-') if Squid has
+                               received an invalid/malformed certificate or
+                               no certificate at all. Consider encoding the
+                               logged value because Subject often has spaces.
+
+               ssl::>cert_issuer
+                               The Issuer field of the received client
+                               SSL certificate or a dash ('-') if Squid has
+                               received an invalid/malformed certificate or
+                               no certificate at all. Consider encoding the
+                               logged value because Issuer often has spaces.
+
+               ssl::<cert_errors
+                               The list of certificate validation errors
+                               detected by Squid (including OpenSSL and
+                               certificate validation helper components). The
+                               errors are listed in the discovery order. By
+                               default, the error codes are separated by ':'.
+                               Accepts an optional separator argument.
+
        If ICAP is enabled, the following code becomes available (as
        well as ICAP log codes documented with the icap_log option):
 
@@ -4295,7 +4315,7 @@ DOC_START
                                ACLs are checked and when ICAP
                                transaction is in progress.
 
-       If adaptation is enabled the following three codes become available:
+       If adaptation is enabled the following codes become available:
 
                adapt::<last_h  The header of the last ICAP response or
                                meta-information from the last eCAP
@@ -4325,27 +4345,6 @@ DOC_START
        service name in curly braces to record response time(s) specific
        to that service. For example: %{my_service}adapt::sum_trs
 
-       If SSL is enabled, the following formating codes become available:
-
-               %ssl::>cert_subject The Subject field of the received client
-                               SSL certificate or a dash ('-') if Squid has
-                               received an invalid/malformed certificate or
-                               no certificate at all. Consider encoding the
-                               logged value because Subject often has spaces.
-
-               %ssl::>cert_issuer The Issuer field of the received client
-                               SSL certificate or a dash ('-') if Squid has
-                               received an invalid/malformed certificate or
-                               no certificate at all. Consider encoding the
-                               logged value because Issuer often has spaces.
-
-               %ssl::<cert_errors The list of certificate validation errors
-                               detected by Squid (including OpenSSL and
-                               certificate validation helper components). The
-                               errors are listed in the discovery order. By
-                               default, the error codes are separated by ':'.
-                               Accepts an optional separator argument.
-
        The default formats available (which do not need re-defining) are:
 
 logformat squid      %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt