+Changes in squid-5.7 (05 Sep 2022):
+
+ - Regression Fix: Typo in manager ACL
+ - Bug 5186: noteDestinationsEnd check failed: transportWait
+ - Bug 5160: Test suite fails with -flto=auto
+ - Bug 3193 pt2: NTLM decoder truncating strings
+ - Bug 5133: OpenSSL 3.0 support
+ - ext_session_acl: fix TDB key lookup
+ - forward_max_tries: Do not count discarded connections
+ - ... and many compile and debugging fixes
+
Changes in squid-5.6 (06 Jun 2022):
- Bug 5208: Part 1: Restart kids killed by SIGKILL
## Please see the COPYING and CONTRIBUTORS files for details.
##
-AC_INIT([Squid Web Proxy],[5.6-VCS],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[5.7-VCS],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
<!doctype linuxdoc system>
<article>
-<title>Squid 5.6 release notes</title>
+<title>Squid 5.7 release notes</title>
<author>Squid Developers</author>
<abstract>
<toc>
<sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-5.6.
+<p>The Squid Team are pleased to announce the release of Squid-5.7.
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v5/"> or the
<url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
<item>TrivialDB Support
<item>RFC 8586: Loop Detection in Content Delivery Networks
<item>Peering support for SSL-Bump
+ <item>OpenSSL 3.0 Support
</itemize>
Most user-facing changes are reflected in squid.conf (see below).
yet do TLS-in-TLS.
+<sect1>OpenSSL 3.0 Support
+<p>Squid-5.7 adds OpenSSL 3.0 support.
+
+<p>This version of Squid does not add any of the new features provided by
+ OpenSSL 3.0. It only contains support for features already supported by prior
+ versions of Squid using new APIs provided by OpenSSL 3.0.
+
+<p>Notably the libssl custom Engine feature has been deprecated by OpenSSL 3.0
+ and new Providers replacement is not supported by this Squid.
+
+<p>OpenSSL 3.0 uses new licensing terms.
+
+
<sect>Changes to squid.conf since Squid-4
<p>
There have been changes to Squid's configuration file since Squid-4.
<p>Codes <em>rm</em>, <em><rm</em> and <em>>rm</em> display "-"
instead of the made-up method NONE.
+ <tag>ssl_engine</tag>
+ <p>OpenSSL 3.0 deprecates the Engine feature. This directive is
+ only supported when Squid is built for older OpenSSL versions.
+
</descrip>
<sect1>Removed directives<label id="removeddirectives">
The OpenSSL engine to use. You will need to set this if you
would like to use hardware SSL acceleration for example.
- Not supported in builds with OpenSSL v3 or newer.
+ Not supported in builds with OpenSSL 3.0 or newer.
DOC_END
NAME: sslproxy_session_ttl
case -2: {
auto ssl_error = ERR_get_error();
debugs(83, DBG_PARSE_NOTE(2), "WARNING: OpenSSL does not support " << type << " parameters check: " << dhParamsFile << ". " << Security::ErrorString(ssl_error));
- } break;
+ }
+ break;
default: {
auto ssl_error = ERR_get_error();
debugs(83, DBG_IMPORTANT, "ERROR: Failed to verify " << type << " parameters in " << dhParamsFile << ". " << Security::ErrorString(ssl_error));
- } break;
+ }
+ break;
}
} else {
// TODO: Reduce error reporting code duplication.
if (::Config.SSL.ssl_engine) {
#if OPENSSL_VERSION_MAJOR < 3
- debugs(83, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: Support for ssl_engine is deprecated " <<
- "in Squids built with OpenSSL v1 (like this Squid). " <<
- "It is removed in Squids built with OpenSSL v3+.");
+ debugs(83, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: Support for ssl_engine is deprecated " <<
+ "in Squids built with OpenSSL 1.x (like this Squid). " <<
+ "It is removed in Squids built with OpenSSL 3.0 or newer.");
#if !defined(OPENSSL_NO_ENGINE)
ENGINE_load_builtin_engines();
ENGINE *e;
#endif
#else /* OPENSSL_VERSION_MAJOR */
- throw TextException("Cannot use ssl_engine in Squid built with OpenSSL v3+", Here());
+ throw TextException("Cannot use ssl_engine in Squid built with OpenSSL 3.0 or newer", Here());
#endif
}
projects / thirdparty / squid.git / commitdiff
