From aed953088ebfdf6046e4a8d362f97d391c5793b4 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 10 Dec 2025 16:52:30 +0100 Subject: [PATCH] [RELEASE] Released version 3.4-dev1 Released version 3.4-dev1 with the following main changes : - BUG/MINOR: jwt: Missing "case" in switch statement - DOC: configuration: ECH support details - Revert "MINOR: quic: use dynamic cc_algo on bind_conf" - MINOR: quic: define quic_cc_algo as const - MINOR: quic: extract cc-algo parsing in a dedicated function - MINOR: quic: implement cc-algo server keyword - BUG/MINOR: quic-be: Missing keywords array NULL termination - REGTESTS: ssl enable tls12_reuse.vtc for AWS-LC - REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests - BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo - BUG/MEDIUM: config: ignore empty args in skipped blocks - DOC: config: mention clearer that the cache's total-max-size is mandatory - DOC: config: reorder the cache section's keywords - BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces - BUG/MINOR: quic-be: handshake errors without connection stream closure - MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm() - REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory - REGTESTS: quic/ssl: ssl/del_ssl_crt-list.vtc supported by QUIC - REGTESTS: quic: dynamic_server_ssl.vtc supported by QUIC - REGTESTS: quic: issuers_chain_path.vtc supported by QUIC - REGTESTS: quic: new_del_ssl_cafile.vtc supported by QUIC - REGTESTS: quic: ocsp_auto_update.vtc supported by QUIC - REGTESTS: quic: set_ssl_bug_2265.vtc supported by QUIC - MINOR: quic: avoid code duplication in TLS alert callback - BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send - REGTESTS: quic: set_ssl_cafile.vtc supported by QUIC - REGTESTS: quic: set_ssl_cert_noext.vtc supported by QUIC - REGTESTS: quic: set_ssl_cert.vtc supported by QUIC - REGTESTS: quic: set_ssl_crlfile.vtc supported by QUIC - REGTESTS: quic: set_ssl_server_cert.vtc supported by QUIC - REGTESTS: quic: show_ssl_ocspresponse.vtc supported by QUIC - REGTESTS: quic: ssl_client_auth.vtc supported by QUIC - REGTESTS: quic: ssl_client_samples.vtc supported by QUIC - REGTESTS: quic: ssl_default_server.vtc supported by QUIC - REGTESTS: quic: new_del_ssl_crlfile.vtc supported by QUIC - REGTESTS: quic: ssl_frontend_samples.vtc supported by QUIC - REGTESTS: quic: ssl_server_samples.vtc supported by QUIC - REGTESTS: quic: ssl_simple_crt-list.vtc supported by QUIC - REGTESTS: quic: ssl_sni_auto.vtc code provision for QUIC - REGTESTS: quic: ssl_curve_name.vtc supported by QUIC - REGTESTS: quic: add_ssl_crt-list.vtc supported by QUIC - REGTESTS: add ssl_ciphersuites.vtc (TCP & QUIC) - BUG/MINOR: quic: do not set first the default QUIC curves - REGTESTS: quic/ssl: Add ssl_curves_selection.vtc - BUG/MINOR: ssl: Don't allow to set NULL sni - MEDIUM: quic: Add connection as argument when qc_new_conn() is called - MINOR: ssl: Add a function to hash SNIs - MINOR: ssl: Store hash of the SNI for cached TLS sessions - MINOR: ssl: Compare hashes instead of SNIs when a session is cached - MINOR: connection/ssl: Store the SNI hash value in the connection itself - MEDIUM: tcpcheck/backend: Get the connection SNI before initializing SSL ctx - BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs - MEDIUM: ssl/server: No longer store the SNI of cached TLS sessions - BUG/MINOR: log: Dump good %B and %U values in logs - BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode - DOC: config: Fix description of the spop mode - DOC: config: Improve spop mode documentation - MINOR: ssl: Split ssl_crt-list_filters.vtc in two files by TLS version - REGTESTS: quic: tls13_ssl_crt-list_filters.vtc supported by QUIC - BUG/MEDIUM: h3: do not access QCS if not allocated - CLEANUP: mworker/cli: remove useless variable - BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size - BUG/MEDIUM: ssl: Always check the ALPN after handshake - MINOR: connections: Add a new CO_FL_SSL_NO_CACHED_INFO flag - BUG/MEDIUM: ssl: Don't store the ALPN for check connections - BUG/MEDIUM: ssl: Don't resume session for check connections - CLEANUP: improvements to the alignment macros - CLEANUP: use the automatic alignment feature - CLEANUP: more conversions and cleanups for alignment - BUG/MEDIUM: h3: fix access to QCS definitely - MINOR: h2/trace: emit a trace of the received RST_STREAM type --- CHANGELOG | 73 +++++++++++++++++++++++++++++++++++++++++++ VERDATE | 2 +- VERSION | 2 +- doc/configuration.txt | 2 +- 4 files changed, 76 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7a4691264..0e4daa0fb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,79 @@ ChangeLog : =========== +2025/12/10 : 3.4-dev1 + - BUG/MINOR: jwt: Missing "case" in switch statement + - DOC: configuration: ECH support details + - Revert "MINOR: quic: use dynamic cc_algo on bind_conf" + - MINOR: quic: define quic_cc_algo as const + - MINOR: quic: extract cc-algo parsing in a dedicated function + - MINOR: quic: implement cc-algo server keyword + - BUG/MINOR: quic-be: Missing keywords array NULL termination + - REGTESTS: ssl enable tls12_reuse.vtc for AWS-LC + - REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests + - BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo + - BUG/MEDIUM: config: ignore empty args in skipped blocks + - DOC: config: mention clearer that the cache's total-max-size is mandatory + - DOC: config: reorder the cache section's keywords + - BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces + - BUG/MINOR: quic-be: handshake errors without connection stream closure + - MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm() + - REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory + - REGTESTS: quic/ssl: ssl/del_ssl_crt-list.vtc supported by QUIC + - REGTESTS: quic: dynamic_server_ssl.vtc supported by QUIC + - REGTESTS: quic: issuers_chain_path.vtc supported by QUIC + - REGTESTS: quic: new_del_ssl_cafile.vtc supported by QUIC + - REGTESTS: quic: ocsp_auto_update.vtc supported by QUIC + - REGTESTS: quic: set_ssl_bug_2265.vtc supported by QUIC + - MINOR: quic: avoid code duplication in TLS alert callback + - BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send + - REGTESTS: quic: set_ssl_cafile.vtc supported by QUIC + - REGTESTS: quic: set_ssl_cert_noext.vtc supported by QUIC + - REGTESTS: quic: set_ssl_cert.vtc supported by QUIC + - REGTESTS: quic: set_ssl_crlfile.vtc supported by QUIC + - REGTESTS: quic: set_ssl_server_cert.vtc supported by QUIC + - REGTESTS: quic: show_ssl_ocspresponse.vtc supported by QUIC + - REGTESTS: quic: ssl_client_auth.vtc supported by QUIC + - REGTESTS: quic: ssl_client_samples.vtc supported by QUIC + - REGTESTS: quic: ssl_default_server.vtc supported by QUIC + - REGTESTS: quic: new_del_ssl_crlfile.vtc supported by QUIC + - REGTESTS: quic: ssl_frontend_samples.vtc supported by QUIC + - REGTESTS: quic: ssl_server_samples.vtc supported by QUIC + - REGTESTS: quic: ssl_simple_crt-list.vtc supported by QUIC + - REGTESTS: quic: ssl_sni_auto.vtc code provision for QUIC + - REGTESTS: quic: ssl_curve_name.vtc supported by QUIC + - REGTESTS: quic: add_ssl_crt-list.vtc supported by QUIC + - REGTESTS: add ssl_ciphersuites.vtc (TCP & QUIC) + - BUG/MINOR: quic: do not set first the default QUIC curves + - REGTESTS: quic/ssl: Add ssl_curves_selection.vtc + - BUG/MINOR: ssl: Don't allow to set NULL sni + - MEDIUM: quic: Add connection as argument when qc_new_conn() is called + - MINOR: ssl: Add a function to hash SNIs + - MINOR: ssl: Store hash of the SNI for cached TLS sessions + - MINOR: ssl: Compare hashes instead of SNIs when a session is cached + - MINOR: connection/ssl: Store the SNI hash value in the connection itself + - MEDIUM: tcpcheck/backend: Get the connection SNI before initializing SSL ctx + - BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs + - MEDIUM: ssl/server: No longer store the SNI of cached TLS sessions + - BUG/MINOR: log: Dump good %B and %U values in logs + - BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode + - DOC: config: Fix description of the spop mode + - DOC: config: Improve spop mode documentation + - MINOR: ssl: Split ssl_crt-list_filters.vtc in two files by TLS version + - REGTESTS: quic: tls13_ssl_crt-list_filters.vtc supported by QUIC + - BUG/MEDIUM: h3: do not access QCS if not allocated + - CLEANUP: mworker/cli: remove useless variable + - BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size + - BUG/MEDIUM: ssl: Always check the ALPN after handshake + - MINOR: connections: Add a new CO_FL_SSL_NO_CACHED_INFO flag + - BUG/MEDIUM: ssl: Don't store the ALPN for check connections + - BUG/MEDIUM: ssl: Don't resume session for check connections + - CLEANUP: improvements to the alignment macros + - CLEANUP: use the automatic alignment feature + - CLEANUP: more conversions and cleanups for alignment + - BUG/MEDIUM: h3: fix access to QCS definitely + - MINOR: h2/trace: emit a trace of the received RST_STREAM type + 2025/11/26 : 3.4-dev0 - MINOR: version: mention that it's development again diff --git a/VERDATE b/VERDATE index 4ba7603b3..c37a47300 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2025/11/26 +2025/12/10 diff --git a/VERSION b/VERSION index 8b95c3eaa..fa20ae982 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.4-dev0 +3.4-dev1 diff --git a/doc/configuration.txt b/doc/configuration.txt index 1cab8baf5..3cc3499f0 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3,7 +3,7 @@ Configuration Manual ---------------------- version 3.4 - 2025/11/26 + 2025/12/10 This document covers the configuration language as implemented in the version -- 2.47.3