Complete the task of splitting protos.h into more specific files
Remove inclusion of protos.h from most files
Clean CVS and arch file-tags up
Rework some module initialization code so that it is the callee's task and not the callers' to do feature-enabling
Added ssl-crtd option to the maximus build test
Changed many functions' linkage type from C to C++
Alex Rousskov [Mon, 10 Sep 2012 23:07:01 +0000 (17:07 -0600)]
Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT.
A compliant proxy may retry PUTs, but Squid lacks the [rather complicated]
code required to protect the PUT request body from being nibbled during the
first try or [also tricky] code to send 100-continue expectation requiredto
delay body sending. Thus, Squid cannot safely retry some PUTs today, and
FwdState::checkRetriable() must return false for all PUTs, to avoid
bogus ERR_ZERO_SIZE_OBJECT errors (especially for clients that did not
reuse a pconn and, hence, may not be ready to handle/retry an error response).
In theory, requests with safe or idempotent methods other than PUT might have
bodies so we apply the same logic to them as well.
This reopens Squid bug #3398, undoing trunk r11859 commit which attempted
to close that bug.
Alex Rousskov [Mon, 10 Sep 2012 22:38:09 +0000 (16:38 -0600)]
Do not chunk responses carrying a Content-Range header.
When Squid forwards a response with a Content-Range header,
ClientSocketContext::socketState() detects the end of the response range(s)
and returns STREAM_*COMPLETE to ClientSocketContext::writeComplete().
The latter thinks that the writing of the response to the client must be
over and calls keepaliveNextRequest() instead of writing the last-chunk
(if any). If the to-client response was chunked, the client gets stuck
waiting for that missing last-chunk.
The multipart Range request case was already excluded from chunking (or it
would probably suffer from the same problem). With this change, no
Content-Range responses will be chunked.
N.B. Some servers send Content-Range responses to basic GET requests
without a Range header, so the problem affects more than just Range requests.
TODO: A proper fix would be to rewrite ClientSocketContext::writeComplete()
and other code so that it does not mix internal ClientStream completion with
[possibly chunk-encoded] writing completion. This should probably be done
along with fixing ClientSocketContext::socketState() and other state-checking
code to ignore to-client persistence (flags.proxy_keepalive), which is not
related to the internal ClientStream state.
Bug fix: TLS/SSL Options does not apply to the dynamically generated certificates
The TLS/SSL options configured with http_port configuration parameter does not
used to generate SSL_CTX context objects used to establish SSL connections.
This is means that certificate based authentication, or SSL version selection
and other SSL/TLS http_port options does not work for ssl-bumped connection.
This patch fixes this problem.
Amos Jeffries [Thu, 30 Aug 2012 14:32:41 +0000 (08:32 -0600)]
Bug 3626: Forwarding loops on intercepted traffic
Changes to interception handling in 3.2 series (namely the preference
for using ORIGINAL_DST) have increased the chances that misconfigured
network systems involving Squid will hit forwarding loops.
Two instances are currently known:
* passing forward-proxy traffic to a interception port.
* NAT performed on a separate box.
This enacts an old TODO by removing the loop detection bypass for
intercepted traffic and accelerated traffic. Now we always check for
loops regardless of how the request was received.
NOTE: accel mode was only included due to the TODO.
If problems are found there it can be re-instated.
Dmitry Kurochkin [Thu, 30 Aug 2012 12:46:47 +0000 (06:46 -0600)]
Make CpuAffinitySet::applied() method non-const.
According to CPU_SET(3) and, apparently, on some systems (e.g.,
OpenSuSE 10.3) CPU_COUNT macro expects a non-const argument. The
patch fixes build error on these systems.
Retrieve client connection information for ACL checks from the related HttpRequest object
This patch enable SSL client certificate ACL checks (user_cert and ca_cert)
in all cases the client connection information can retrieved from the related
HttpRequest object, eg when making peering decisions (peer_cache_access ACL).
Discussed under the "Supply client connection and IDENT information to
peer_cache_access ACL check" thread on squid-dev.
Amos Jeffries [Wed, 29 Aug 2012 05:23:15 +0000 (23:23 -0600)]
Regression: login=PASS send no credentials when none available.
login=PASS should act like PASSTHRU, sending no credentials header, when
no client supplied OR external ACL credentials are available.
3.2 has been found wrongly adding the username "PASS" in this case.
Bug 3613: relax standard-compliance strctness on clang to enable build
When clang is invoked with the -std=c++0x option, it won't make available some system functions
defined in c99. For some reason configure fails to detect this, and so the built-in implementation is
not invoked. This change prevents enabling the -std=c++0x option for clang.
Prep work for automatic sorting of include directives.
Automatic sorting of include files reveals some indirect inclusions, which would break the build.
scripts/sort-includes.pl is the tool to do the automatic header include order sorting.
The other changes in this set fix the issues which that be introduced by running the sorting.
projects / thirdparty / squid.git / log
