diff -u -r -N squid-3.3.10/ChangeLog squid-3.3.11/ChangeLog
--- squid-3.3.10/ChangeLog 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/ChangeLog 2013-12-01 02:55:13.000000000 +1300
@@ -1,4 +1,19 @@
+Changes to squid-3.3.11 (01 Dec 2013):
+
+ - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
+ - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
+ - Bug 3970: max_filedescriptors disabled due to missing setrlimit
+ - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
+ - Bug 3960: DEAD cache_peer are not revived
+ - Bug 3956: xstrndup: tried to dup a NULL pointer
+ - Bug 3906: Filedescriptor leaks in SNMP
+ - Bug 3782: Digest authentication not obeying nonce_max_count
+ - HTTP/1.1: Make header parser obey relaxed_header_parser
+ - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
+ - SMP: Replace blocking sleep(3) and close UDS socket on failures
+ - Windows: fix several compile errors
+
Changes to squid-3.3.10 (03 Nov 2013):
- Bug 3929: request_header_add not working for tunnel requests
diff -u -r -N squid-3.3.10/configure squid-3.3.11/configure
--- squid-3.3.10/configure 2013-11-04 00:08:19.000000000 +1300
+++ squid-3.3.11/configure 2013-12-01 02:56:05.000000000 +1300
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.10.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.11.
#
# Report bugs to .
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.3.10'
-PACKAGE_STRING='Squid Web Proxy 3.3.10'
+PACKAGE_VERSION='3.3.11'
+PACKAGE_STRING='Squid Web Proxy 3.3.11'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1574,7 +1574,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.3.10 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.3.11 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1644,7 +1644,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.3.10:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.3.11:";;
esac
cat <<\_ACEOF
@@ -2018,7 +2018,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.3.10
+Squid Web Proxy configure 3.3.11
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3114,7 +3114,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.3.10, which was
+It was created by Squid Web Proxy $as_me 3.3.11, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3933,7 +3933,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.3.10'
+ VERSION='3.3.11'
cat >>confdefs.h <<_ACEOF
@@ -27565,13 +27565,14 @@
esac
-
# Check whether --with-maxfd was given.
if test "${with_maxfd+set}" = set; then :
withval=$with_maxfd;
case ${withval} in
[0-9]*)
squid_filedescriptors_num=$withval
+ { $as_echo "$as_me:${as_lineno-$LINENO}: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&5
+$as_echo "$as_me: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;}
;;
*)
as_fn_error $? "--with-maxfd expects a numeric argument" "$LINENO" 5
@@ -27588,6 +27589,8 @@
case ${withval} in
[0-9]*)
squid_filedescriptors_num=$withval
+ { $as_echo "$as_me:${as_lineno-$LINENO}: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&5
+$as_echo "$as_me: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;}
;;
*)
as_fn_error $? "--with-filedescriptors expects a numeric argument" "$LINENO" 5
@@ -27653,7 +27656,6 @@
_ACEOF
-if test "x$squid_filedescriptors_num" = "x"; then
for ac_func in setrlimit
do :
@@ -27807,9 +27809,9 @@
$as_echo "$as_me: WARNING: $squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms." >&2;}
fi
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: forcing use of $squid_filedescriptors_num filedescriptors (user-forced)" >&5
-$as_echo "$as_me: forcing use of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;}
+if test "x$squid_filedescriptors_num" != "x"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Default number of fieldescriptors: $squid_filedescriptors_num" >&5
+$as_echo "$as_me: Default number of fieldescriptors: $squid_filedescriptors_num" >&6;}
fi
if test "$squid_filedescriptors_num" -lt 512 ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num may not be enough filedescriptors if your" >&5
@@ -31861,7 +31863,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.3.10, which was
+This file was extended by Squid Web Proxy $as_me 3.3.11, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -31927,7 +31929,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.3.10
+Squid Web Proxy config.status 3.3.11
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.3.10/configure.ac squid-3.3.11/configure.ac
--- squid-3.3.10/configure.ac 2013-11-04 00:08:19.000000000 +1300
+++ squid-3.3.11/configure.ac 2013-12-01 02:56:05.000000000 +1300
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.3.10],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.3.11],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
@@ -2711,7 +2711,6 @@
;;
esac
-
dnl --with-maxfd present for compatibility with Squid-2.
dnl undocumented in ./configure --help to encourage using the Squid-3 directive
AC_ARG_WITH(maxfd,,
@@ -2719,6 +2718,7 @@
case ${withval} in
[[0-9]]*)
squid_filedescriptors_num=$withval
+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)])
;;
*)
AC_MSG_ERROR(--with-maxfd expects a numeric argument)
@@ -2733,6 +2733,7 @@
case ${withval} in
[[0-9]]*)
squid_filedescriptors_num=$withval
+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)])
;;
*)
AC_MSG_ERROR(--with-filedescriptors expects a numeric argument)
@@ -2741,10 +2742,9 @@
])
SQUID_CHECK_DEFAULT_FD_SETSIZE
-if test "x$squid_filedescriptors_num" = "x"; then
- SQUID_CHECK_MAXFD
-else
- AC_MSG_NOTICE([forcing use of $squid_filedescriptors_num filedescriptors (user-forced)])
+SQUID_CHECK_MAXFD
+if test "x$squid_filedescriptors_num" != "x"; then
+ AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
fi
if test "$squid_filedescriptors_num" -lt 512 ; then
AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your])
@@ -3567,93 +3567,93 @@
dnl Clean up after OSF/1 core dump bug
rm -f core
-AC_CONFIG_FILES([\
- Makefile \
- compat/Makefile \
- lib/Makefile \
- lib/ntlmauth/Makefile \
- lib/profiler/Makefile \
- lib/rfcnb/Makefile \
- lib/smblib/Makefile \
- scripts/Makefile \
- src/Makefile \
- src/anyp/Makefile \
- src/base/Makefile \
- src/acl/Makefile \
- src/fs/Makefile \
- src/repl/Makefile \
- src/auth/Makefile \
- src/auth/basic/Makefile \
- src/auth/digest/Makefile \
- src/auth/negotiate/Makefile \
- src/auth/ntlm/Makefile \
- src/adaptation/Makefile \
- src/adaptation/icap/Makefile \
- src/adaptation/ecap/Makefile \
- src/comm/Makefile \
- src/esi/Makefile \
- src/eui/Makefile \
- src/format/Makefile \
- src/icmp/Makefile \
- src/ident/Makefile \
- src/ip/Makefile \
- src/log/Makefile \
- src/ipc/Makefile \
- src/ssl/Makefile \
- src/mgr/Makefile \
- src/snmp/Makefile \
- contrib/Makefile \
- snmplib/Makefile \
- icons/Makefile \
- errors/Makefile \
- test-suite/Makefile \
- doc/Makefile \
- doc/manuals/Makefile \
- helpers/Makefile \
- helpers/basic_auth/Makefile \
- helpers/basic_auth/DB/Makefile \
- helpers/basic_auth/fake/Makefile \
- helpers/basic_auth/getpwnam/Makefile \
- helpers/basic_auth/LDAP/Makefile \
- helpers/basic_auth/MSNT/Makefile \
- helpers/basic_auth/MSNT-multi-domain/Makefile \
- helpers/basic_auth/NCSA/Makefile \
- helpers/basic_auth/NIS/Makefile \
- helpers/basic_auth/PAM/Makefile \
- helpers/basic_auth/POP3/Makefile \
- helpers/basic_auth/RADIUS/Makefile \
- helpers/basic_auth/SASL/Makefile \
- helpers/basic_auth/SMB/Makefile \
- helpers/basic_auth/SSPI/Makefile \
- helpers/digest_auth/Makefile \
- helpers/digest_auth/eDirectory/Makefile \
- helpers/digest_auth/file/Makefile \
- helpers/digest_auth/LDAP/Makefile \
- helpers/ntlm_auth/Makefile \
- helpers/ntlm_auth/fake/Makefile \
- helpers/ntlm_auth/smb_lm/Makefile \
- helpers/ntlm_auth/SSPI/Makefile \
- helpers/negotiate_auth/Makefile \
- helpers/negotiate_auth/kerberos/Makefile \
- helpers/negotiate_auth/SSPI/Makefile \
- helpers/negotiate_auth/wrapper/Makefile \
- helpers/external_acl/Makefile \
- helpers/external_acl/AD_group/Makefile \
- helpers/external_acl/eDirectory_userip/Makefile \
- helpers/external_acl/file_userip/Makefile \
- helpers/external_acl/kerberos_ldap_group/Makefile \
- helpers/external_acl/LDAP_group/Makefile \
- helpers/external_acl/LM_group/Makefile \
- helpers/external_acl/session/Makefile \
- helpers/external_acl/SQL_session/Makefile \
- helpers/external_acl/unix_group/Makefile \
- helpers/external_acl/wbinfo_group/Makefile \
- helpers/external_acl/time_quota/Makefile \
- helpers/log_daemon/Makefile \
- helpers/log_daemon/DB/Makefile \
- helpers/log_daemon/file/Makefile \
- helpers/url_rewrite/Makefile \
- helpers/url_rewrite/fake/Makefile \
+AC_CONFIG_FILES([
+ Makefile
+ compat/Makefile
+ lib/Makefile
+ lib/ntlmauth/Makefile
+ lib/profiler/Makefile
+ lib/rfcnb/Makefile
+ lib/smblib/Makefile
+ scripts/Makefile
+ src/Makefile
+ src/anyp/Makefile
+ src/base/Makefile
+ src/acl/Makefile
+ src/fs/Makefile
+ src/repl/Makefile
+ src/auth/Makefile
+ src/auth/basic/Makefile
+ src/auth/digest/Makefile
+ src/auth/negotiate/Makefile
+ src/auth/ntlm/Makefile
+ src/adaptation/Makefile
+ src/adaptation/icap/Makefile
+ src/adaptation/ecap/Makefile
+ src/comm/Makefile
+ src/esi/Makefile
+ src/eui/Makefile
+ src/format/Makefile
+ src/icmp/Makefile
+ src/ident/Makefile
+ src/ip/Makefile
+ src/log/Makefile
+ src/ipc/Makefile
+ src/ssl/Makefile
+ src/mgr/Makefile
+ src/snmp/Makefile
+ contrib/Makefile
+ snmplib/Makefile
+ icons/Makefile
+ errors/Makefile
+ test-suite/Makefile
+ doc/Makefile
+ doc/manuals/Makefile
+ helpers/Makefile
+ helpers/basic_auth/Makefile
+ helpers/basic_auth/DB/Makefile
+ helpers/basic_auth/fake/Makefile
+ helpers/basic_auth/getpwnam/Makefile
+ helpers/basic_auth/LDAP/Makefile
+ helpers/basic_auth/MSNT/Makefile
+ helpers/basic_auth/MSNT-multi-domain/Makefile
+ helpers/basic_auth/NCSA/Makefile
+ helpers/basic_auth/NIS/Makefile
+ helpers/basic_auth/PAM/Makefile
+ helpers/basic_auth/POP3/Makefile
+ helpers/basic_auth/RADIUS/Makefile
+ helpers/basic_auth/SASL/Makefile
+ helpers/basic_auth/SMB/Makefile
+ helpers/basic_auth/SSPI/Makefile
+ helpers/digest_auth/Makefile
+ helpers/digest_auth/eDirectory/Makefile
+ helpers/digest_auth/file/Makefile
+ helpers/digest_auth/LDAP/Makefile
+ helpers/ntlm_auth/Makefile
+ helpers/ntlm_auth/fake/Makefile
+ helpers/ntlm_auth/smb_lm/Makefile
+ helpers/ntlm_auth/SSPI/Makefile
+ helpers/negotiate_auth/Makefile
+ helpers/negotiate_auth/kerberos/Makefile
+ helpers/negotiate_auth/SSPI/Makefile
+ helpers/negotiate_auth/wrapper/Makefile
+ helpers/external_acl/Makefile
+ helpers/external_acl/AD_group/Makefile
+ helpers/external_acl/eDirectory_userip/Makefile
+ helpers/external_acl/file_userip/Makefile
+ helpers/external_acl/kerberos_ldap_group/Makefile
+ helpers/external_acl/LDAP_group/Makefile
+ helpers/external_acl/LM_group/Makefile
+ helpers/external_acl/session/Makefile
+ helpers/external_acl/SQL_session/Makefile
+ helpers/external_acl/unix_group/Makefile
+ helpers/external_acl/wbinfo_group/Makefile
+ helpers/external_acl/time_quota/Makefile
+ helpers/log_daemon/Makefile
+ helpers/log_daemon/DB/Makefile
+ helpers/log_daemon/file/Makefile
+ helpers/url_rewrite/Makefile
+ helpers/url_rewrite/fake/Makefile
tools/Makefile
tools/purge/Makefile
])
diff -u -r -N squid-3.3.10/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.11/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.3.10/helpers/basic_auth/DB/basic_db_auth.8 2013-11-04 00:26:39.000000000 +1300
+++ squid-3.3.11/helpers/basic_auth/DB/basic_db_auth.8 2013-12-01 03:12:16.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-11-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.10/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.3.10/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-11-04 00:27:22.000000000 +1300
+++ squid-3.3.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-12-01 03:12:18.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 1"
-.TH EXT_SQL_SESSION_ACL 1 "2013-11-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.10/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.3.10/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-11-04 00:27:24.000000000 +1300
+++ squid-3.3.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-12-01 03:12:18.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-11-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.10/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.11/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.3.10/helpers/log_daemon/DB/log_db_daemon.8 2013-11-04 00:27:28.000000000 +1300
+++ squid-3.3.11/helpers/log_daemon/DB/log_db_daemon.8 2013-12-01 03:12:18.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 1"
-.TH LOG_DB_DAEMON 1 "2013-11-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.10/include/version.h squid-3.3.11/include/version.h
--- squid-3.3.10/include/version.h 2013-11-04 00:08:20.000000000 +1300
+++ squid-3.3.11/include/version.h 2013-12-01 02:56:05.000000000 +1300
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1383476793
+#define SQUID_RELEASE_TIME 1385819711
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.3.10/lib/encrypt.c squid-3.3.11/lib/encrypt.c
--- squid-3.3.10/lib/encrypt.c 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/lib/encrypt.c 2013-12-01 02:55:13.000000000 +1300
@@ -148,7 +148,7 @@
int n;
{
for (; n--; pc++, a++)
- *a = e[*pc];
+ *a = e[(int)*pc];
}
static void
@@ -164,7 +164,7 @@
for (i = 0; i < 8; i++) {
for (j = 0, sbval = 0; j < 6; j++)
- sbval = (sbval << 1) | (nachr_r[*e++] ^ *schl++);
+ sbval = (sbval << 1) | (nachr_r[(int)*e++] ^ *schl++);
sbval = S_BOX[i][sbval];
for (tp += 4, j = 4; j--; sbval >>= 1)
*--tp = sbval & 1;
@@ -173,7 +173,7 @@
e = PERM;
for (i = 0; i < BS2; i++)
- *nachr_l++ ^= tmp[*e++];
+ *nachr_l++ ^= tmp[(int)*e++];
}
void
diff -u -r -N squid-3.3.10/RELEASENOTES.html squid-3.3.11/RELEASENOTES.html
--- squid-3.3.10/RELEASENOTES.html 2013-11-04 00:30:54.000000000 +1300
+++ squid-3.3.11/RELEASENOTES.html 2013-12-01 03:12:23.000000000 +1300
@@ -2,10 +2,10 @@
- Squid 3.3.10 release notes
+ Squid 3.3.11 release notes
-Squid 3.3.10 release notes
+Squid 3.3.11 release notes
Squid Developers
@@ -56,7 +56,7 @@
-The Squid Team are pleased to announce the release of Squid-3.3.10.
+The Squid Team are pleased to announce the release of Squid-3.3.11.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.3/ or the
mirrors.
diff -u -r -N squid-3.3.10/src/acl/Gadgets.cc squid-3.3.11/src/acl/Gadgets.cc
--- squid-3.3.10/src/acl/Gadgets.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/acl/Gadgets.cc 2013-12-01 02:55:13.000000000 +1300
@@ -53,6 +53,11 @@
err_type
aclGetDenyInfoPage(AclDenyInfoList ** head, const char *name, int redirect_allowed)
{
+ if (!name) {
+ debugs(28, 3, "ERR_NONE due to a NULL name");
+ return ERR_NONE;
+ }
+
AclDenyInfoList *A = NULL;
debugs(28, 8, HERE << "got called for " << name);
@@ -82,10 +87,12 @@
int
aclIsProxyAuth(const char *name)
{
- debugs(28, 5, "aclIsProxyAuth: called for " << name);
-
- if (NULL == name)
+ if (!name) {
+ debugs(28, 3, "false due to a NULL name");
return false;
+ }
+
+ debugs(28, 5, "aclIsProxyAuth: called for " << name);
ACL *a;
diff -u -r -N squid-3.3.10/src/auth/digest/auth_digest.cc squid-3.3.11/src/auth/digest/auth_digest.cc
--- squid-3.3.10/src/auth/digest/auth_digest.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/auth/digest/auth_digest.cc 2013-12-01 02:55:13.000000000 +1300
@@ -857,37 +857,43 @@
switch (type) {
case DIGEST_USERNAME:
safe_free(username);
- username = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ username = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found Username '" << username << "'");
break;
case DIGEST_REALM:
safe_free(digest_request->realm);
- digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found realm '" << digest_request->realm << "'");
break;
case DIGEST_QOP:
safe_free(digest_request->qop);
- digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found qop '" << digest_request->qop << "'");
break;
case DIGEST_ALGORITHM:
safe_free(digest_request->algorithm);
- digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found algorithm '" << digest_request->algorithm << "'");
break;
case DIGEST_URI:
safe_free(digest_request->uri);
- digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found uri '" << digest_request->uri << "'");
break;
case DIGEST_NONCE:
safe_free(digest_request->nonceb64);
- digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found nonce '" << digest_request->nonceb64 << "'");
break;
@@ -901,13 +907,15 @@
case DIGEST_CNONCE:
safe_free(digest_request->cnonce);
- digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found cnonce '" << digest_request->cnonce << "'");
break;
case DIGEST_RESPONSE:
safe_free(digest_request->response);
- digest_request->response = xstrndup(value.rawBuf(), value.size() + 1);
+ if (value.size() != 0)
+ digest_request->response = xstrndup(value.rawBuf(), value.size() + 1);
debugs(29, 9, HERE << "Found response '" << digest_request->response << "'");
break;
diff -u -r -N squid-3.3.10/src/auth/digest/UserRequest.cc squid-3.3.11/src/auth/digest/UserRequest.cc
--- squid-3.3.10/src/auth/digest/UserRequest.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/auth/digest/UserRequest.cc 2013-12-01 02:55:13.000000000 +1300
@@ -149,14 +149,14 @@
digest_request->setDenyMessage("Incorrect password");
return;
}
+ }
- /* check for stale nonce */
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
- debugs(29, 3, HERE << "user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(Auth::Failed);
- digest_request->setDenyMessage("Stale nonce");
- return;
- }
+ /* check for stale nonce */
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+ debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
+ auth_user->credentials(Auth::Failed);
+ digest_request->setDenyMessage("Stale nonce");
+ return;
}
auth_user->credentials(Auth::Ok);
diff -u -r -N squid-3.3.10/src/http.cc squid-3.3.11/src/http.cc
--- squid-3.3.10/src/http.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/http.cc 2013-12-01 02:55:13.000000000 +1300
@@ -924,10 +924,6 @@
Ctx ctx = ctx_enter(entry->mem_obj->url);
HttpReply *rep = finalReply();
- if (rep->sline.status == HTTP_PARTIAL_CONTENT &&
- rep->content_range)
- currentOffset = rep->content_range->spec.offset;
-
entry->timestampsSet();
/* Check if object is cacheable or not based on reply code */
diff -u -r -N squid-3.3.10/src/HttpHeader.cc squid-3.3.11/src/HttpHeader.cc
--- squid-3.3.10/src/HttpHeader.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/HttpHeader.cc 2013-12-01 02:55:13.000000000 +1300
@@ -546,6 +546,7 @@
{
const char *field_ptr = header_start;
HttpHeaderEntry *e, *e2;
+ bool warnOnError = (Config.onoff.relaxed_header_parser <= 0 ? DBG_IMPORTANT : 2);
PROF_start(HttpHeaderParse);
@@ -587,7 +588,7 @@
cr_only = false;
}
if (cr_only) {
- debugs(55, DBG_IMPORTANT, "WARNING: Rejecting HTTP request with a CR+ "
+ debugs(55, DBG_IMPORTANT, "SECURITY WARNING: Rejecting HTTP request with a CR+ "
"header field to prevent request smuggling attacks: {" <<
getStringPrefix(header_start, header_end) << "}");
goto reset;
@@ -597,7 +598,7 @@
/* Barf on stray CR characters */
if (memchr(this_line, '\r', field_end - this_line)) {
- debugs(55, DBG_IMPORTANT, "WARNING: suspicious CR characters in HTTP header {" <<
+ debugs(55, warnOnError, "WARNING: suspicious CR characters in HTTP header {" <<
getStringPrefix(field_start, field_end) << "}");
if (Config.onoff.relaxed_header_parser) {
@@ -612,7 +613,7 @@
}
if (this_line + 1 == field_end && this_line > field_start) {
- debugs(55, DBG_IMPORTANT, "WARNING: Blank continuation line in HTTP header {" <<
+ debugs(55, warnOnError, "WARNING: Blank continuation line in HTTP header {" <<
getStringPrefix(header_start, header_end) << "}");
goto reset;
}
@@ -620,7 +621,7 @@
if (field_start == field_end) {
if (field_ptr < header_end) {
- debugs(55, DBG_IMPORTANT, "WARNING: unparseable HTTP header field near {" <<
+ debugs(55, warnOnError, "WARNING: unparseable HTTP header field near {" <<
getStringPrefix(field_start, header_end) << "}");
goto reset;
}
@@ -629,23 +630,21 @@
}
if ((e = HttpHeaderEntry::parse(field_start, field_end)) == NULL) {
- debugs(55, DBG_IMPORTANT, "WARNING: unparseable HTTP header field {" <<
+ debugs(55, warnOnError, "WARNING: unparseable HTTP header field {" <<
getStringPrefix(field_start, field_end) << "}");
- debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
- " in {" << getStringPrefix(header_start, header_end) << "}");
+ debugs(55, warnOnError, " in {" << getStringPrefix(header_start, header_end) << "}");
if (Config.onoff.relaxed_header_parser)
continue;
- else
- goto reset;
+
+ goto reset;
}
if (e->id == HDR_CONTENT_LENGTH && (e2 = findEntry(e->id)) != NULL) {
-// if (e->value.cmp(e2->value.termedBuf()) != 0) {
if (e->value != e2->value) {
int64_t l1, l2;
- debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
- "WARNING: found two conflicting content-length headers in {" << getStringPrefix(header_start, header_end) << "}");
+ debugs(55, warnOnError, "WARNING: found two conflicting content-length headers in {" <<
+ getStringPrefix(header_start, header_end) << "}");
if (!Config.onoff.relaxed_header_parser) {
delete e;
@@ -666,22 +665,18 @@
continue;
}
} else {
- debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
- "NOTICE: found double content-length header");
+ debugs(55, warnOnError, "NOTICE: found double content-length header");
+ delete e;
- if (Config.onoff.relaxed_header_parser) {
- delete e;
+ if (Config.onoff.relaxed_header_parser)
continue;
- } else {
- delete e;
- goto reset;
- }
+
+ goto reset;
}
}
if (e->id == HDR_OTHER && stringHasWhitespace(e->name.termedBuf())) {
- debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
- "WARNING: found whitespace in HTTP header name {" <<
+ debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" <<
getStringPrefix(field_start, field_end) << "}");
if (!Config.onoff.relaxed_header_parser) {
diff -u -r -N squid-3.3.10/src/ipc/Kid.cc squid-3.3.11/src/ipc/Kid.cc
--- squid-3.3.10/src/ipc/Kid.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ipc/Kid.cc 2013-12-01 02:55:13.000000000 +1300
@@ -7,6 +7,10 @@
#include "globals.h"
#include "ipc/Kid.h"
+#if HAVE_TIME_H
+#include
+#endif
+
#if HAVE_SYS_WAIT_H
#include
#endif
diff -u -r -N squid-3.3.10/src/ipc/TypedMsgHdr.cc squid-3.3.11/src/ipc/TypedMsgHdr.cc
--- squid-3.3.10/src/ipc/TypedMsgHdr.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ipc/TypedMsgHdr.cc 2013-12-01 02:55:13.000000000 +1300
@@ -167,10 +167,20 @@
}
}
+bool
+Ipc::TypedMsgHdr::hasFd() const
+{
+ struct cmsghdr *cmsg = CMSG_FIRSTHDR(this);
+ return cmsg &&
+ cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_RIGHTS;
+}
+
void
Ipc::TypedMsgHdr::putFd(int fd)
{
Must(fd >= 0);
+ Must(!hasFd());
allocControl();
const int fdCount = 1;
@@ -183,12 +193,15 @@
int *fdStore = reinterpret_cast(CMSG_DATA(cmsg));
memcpy(fdStore, &fd, fdCount * sizeof(int));
msg_controllen = cmsg->cmsg_len;
+
+ Must(hasFd());
}
int
Ipc::TypedMsgHdr::getFd() const
{
Must(msg_control && msg_controllen);
+ Must(hasFd());
struct cmsghdr *cmsg = CMSG_FIRSTHDR(this);
Must(cmsg->cmsg_level == SOL_SOCKET);
diff -u -r -N squid-3.3.10/src/ipc/TypedMsgHdr.h squid-3.3.11/src/ipc/TypedMsgHdr.h
--- squid-3.3.10/src/ipc/TypedMsgHdr.h 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ipc/TypedMsgHdr.h 2013-12-01 02:55:13.000000000 +1300
@@ -59,7 +59,8 @@
/* access to a "file" descriptor that can be passed between processes */
void putFd(int aFd); ///< stores descriptor
- int getFd() const; ///< returns descriptor
+ int getFd() const; ///< returns stored descriptor
+ bool hasFd() const; ///< whether the message has a descriptor stored
/* raw, type-independent access for I/O */
void prepForReading(); ///< reset and provide all buffers
diff -u -r -N squid-3.3.10/src/ipc/UdsOp.cc squid-3.3.11/src/ipc/UdsOp.cc
--- squid-3.3.10/src/ipc/UdsOp.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ipc/UdsOp.cc 2013-12-01 02:55:13.000000000 +1300
@@ -81,11 +81,21 @@
message(aMessage),
retries(10), // TODO: make configurable?
timeout(10), // TODO: make configurable?
+ sleeping(false),
writing(false)
{
message.address(address);
}
+void Ipc::UdsSender::swanSong()
+{
+ // did we abort while waiting between retries?
+ if (sleeping)
+ cancelSleep();
+
+ UdsOp::swanSong();
+}
+
void Ipc::UdsSender::start()
{
UdsOp::start();
@@ -96,7 +106,7 @@
bool Ipc::UdsSender::doneAll() const
{
- return !writing && UdsOp::doneAll();
+ return !writing && !sleeping && UdsOp::doneAll();
}
void Ipc::UdsSender::write()
@@ -114,8 +124,53 @@
debugs(54, 5, HERE << params.conn << " flag " << params.flag << " retries " << retries << " [" << this << ']');
writing = false;
if (params.flag != COMM_OK && retries-- > 0) {
- sleep(1); // do not spend all tries at once; XXX: use an async timed event instead of blocking here; store the time when we started writing so that we do not sleep if not needed?
- write(); // XXX: should we close on error so that conn() reopens?
+ // perhaps a fresh connection and more time will help?
+ conn()->close();
+ sleep();
+ }
+}
+
+/// pause for a while before resending the message
+void Ipc::UdsSender::sleep()
+{
+ Must(!sleeping);
+ sleeping = true;
+ eventAdd("Ipc::UdsSender::DelayedRetry",
+ Ipc::UdsSender::DelayedRetry,
+ new Pointer(this), 1, 0, false); // TODO: Use Fibonacci increments
+}
+
+/// stop sleeping (or do nothing if we were not)
+void Ipc::UdsSender::cancelSleep()
+{
+ if (sleeping) {
+ // Why not delete the event? See Comm::ConnOpener::cancelSleep().
+ sleeping = false;
+ debugs(54, 9, "stops sleeping");
+ }
+}
+
+/// legacy wrapper for Ipc::UdsSender::delayedRetry()
+void Ipc::UdsSender::DelayedRetry(void *data)
+{
+ Pointer *ptr = static_cast(data);
+ assert(ptr);
+ if (UdsSender *us = dynamic_cast(ptr->valid())) {
+ // get back inside AsyncJob protection by scheduling an async job call
+ typedef NullaryMemFunT Dialer;
+ AsyncCall::Pointer call = JobCallback(54, 4, Dialer, us, Ipc::UdsSender::delayedRetry);
+ ScheduleCallHere(call);
+ }
+ delete ptr;
+}
+
+/// make another sending attempt after a pause
+void Ipc::UdsSender::delayedRetry()
+{
+ debugs(54, 5, HERE << sleeping);
+ if (sleeping) {
+ sleeping = false;
+ write(); // reopens the connection if needed
}
}
diff -u -r -N squid-3.3.10/src/ipc/UdsOp.h squid-3.3.11/src/ipc/UdsOp.h
--- squid-3.3.10/src/ipc/UdsOp.h 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ipc/UdsOp.h 2013-12-01 02:55:13.000000000 +1300
@@ -65,11 +65,17 @@
UdsSender(const String& pathAddr, const TypedMsgHdr& aMessage);
protected:
+ virtual void swanSong(); // UdsOp (AsyncJob) API
virtual void start(); // UdsOp (AsyncJob) API
virtual bool doneAll() const; // UdsOp (AsyncJob) API
virtual void timedout(); // UdsOp API
private:
+ void sleep();
+ void cancelSleep();
+ static void DelayedRetry(void *data);
+ void delayedRetry();
+
void write(); ///< schedule writing
void wrote(const CommIoCbParams& params); ///< done writing or error
@@ -77,6 +83,7 @@
TypedMsgHdr message; ///< what to send
int retries; ///< how many times to try after a write error
int timeout; ///< total time to send the message
+ bool sleeping; ///< whether we are waiting to retry a failed write
bool writing; ///< whether Comm started and did not finish writing
private:
diff -u -r -N squid-3.3.10/src/neighbors.cc squid-3.3.11/src/neighbors.cc
--- squid-3.3.10/src/neighbors.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/neighbors.cc 2013-12-01 02:55:13.000000000 +1300
@@ -1316,6 +1316,7 @@
Comm::ConnectionPointer conn = new Comm::Connection;
conn->remote = p->addresses[i];
conn->remote.SetPort(p->http_port);
+ conn->setPeer(p);
getOutgoingAddress(NULL, conn);
++ p->testing_now;
diff -u -r -N squid-3.3.10/src/Server.cc squid-3.3.11/src/Server.cc
--- squid-3.3.10/src/Server.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/Server.cc 2013-12-01 02:55:13.000000000 +1300
@@ -39,6 +39,7 @@
#include "fd.h"
#include "err_detail_type.h"
#include "errorpage.h"
+#include "HttpHdrContRange.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "Server.h"
@@ -522,6 +523,11 @@
{
Must(theFinalReply);
maybePurgeOthers();
+
+ // adaptation may overwrite old offset computed using the virgin response
+ const bool partial = theFinalReply->content_range &&
+ theFinalReply->sline.status == HTTP_PARTIAL_CONTENT;
+ currentOffset = partial ? theFinalReply->content_range->spec.offset : 0;
}
HttpRequest *
diff -u -r -N squid-3.3.10/src/snmp/Inquirer.cc squid-3.3.11/src/snmp/Inquirer.cc
--- squid-3.3.10/src/snmp/Inquirer.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/snmp/Inquirer.cc 2013-12-01 02:55:13.000000000 +1300
@@ -28,6 +28,10 @@
closer = asyncCall(49, 5, "Snmp::Inquirer::noteCommClosed",
CommCbMemFunT(this, &Inquirer::noteCommClosed));
comm_add_close_handler(conn->fd, closer);
+
+ // forget client FD to avoid sending it to strands that may forget to close
+ if (Request *snmpRequest = dynamic_cast(request.getRaw()))
+ snmpRequest->fd = -1;
}
/// closes our copy of the client connection socket
diff -u -r -N squid-3.3.10/src/snmp/Request.cc squid-3.3.11/src/snmp/Request.cc
--- squid-3.3.10/src/snmp/Request.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/snmp/Request.cc 2013-12-01 02:55:13.000000000 +1300
@@ -33,7 +33,8 @@
session.unpack(msg);
msg.getPod(address);
- fd = msg.getFd();
+ // Requests from strands have FDs. Requests from Coordinator do not.
+ fd = msg.hasFd() ? msg.getFd() : -1;
}
void
@@ -46,7 +47,9 @@
session.pack(msg);
msg.putPod(address);
- msg.putFd(fd);
+ // Requests sent to Coordinator have FDs. Requests sent to strands do not.
+ if (fd >= 0)
+ msg.putFd(fd);
}
Ipc::Request::Pointer
diff -u -r -N squid-3.3.10/src/ssl/ErrorDetail.cc squid-3.3.11/src/ssl/ErrorDetail.cc
--- squid-3.3.10/src/ssl/ErrorDetail.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ssl/ErrorDetail.cc 2013-12-01 02:55:13.000000000 +1300
@@ -219,6 +219,31 @@
{SSL_ERROR_NONE, NULL}
};
+static const char *OptionalSslErrors[] = {
+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
+ "X509_V_ERR_INVALID_NON_CA",
+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
+ "X509_V_ERR_INVALID_EXTENSION",
+ "X509_V_ERR_INVALID_POLICY_EXTENSION",
+ "X509_V_ERR_NO_EXPLICIT_POLICY",
+ "X509_V_ERR_DIFFERENT_CRL_SCOPE",
+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
+ "X509_V_ERR_UNNESTED_RESOURCE",
+ "X509_V_ERR_PERMITTED_VIOLATION",
+ "X509_V_ERR_EXCLUDED_VIOLATION",
+ "X509_V_ERR_SUBTREE_MINMAX",
+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
+ NULL
+};
+
struct SslErrorAlias {
const char *name;
const Ssl::ssl_error_t *errors;
@@ -329,6 +354,16 @@
return NULL;
}
+bool
+Ssl::ErrorIsOptional(const char *name)
+{
+ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
+ if (strcmp(name, OptionalSslErrors[i]) == 0)
+ return true;
+ }
+ return false;
+}
+
const char *
Ssl::GetErrorDescr(Ssl::ssl_error_t value)
{
diff -u -r -N squid-3.3.10/src/ssl/ErrorDetail.h squid-3.3.11/src/ssl/ErrorDetail.h
--- squid-3.3.10/src/ssl/ErrorDetail.h 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ssl/ErrorDetail.h 2013-12-01 02:55:13.000000000 +1300
@@ -42,6 +42,14 @@
/**
\ingroup ServerProtocolSSLAPI
+ * Return true if the SSL error is optional and may not supported
+ * by current squid version
+ */
+
+bool ErrorIsOptional(const char *name);
+
+/**
+ \ingroup ServerProtocolSSLAPI
* Used to pass SSL error details to the error pages returned to the
* end user.
*/
diff -u -r -N squid-3.3.10/src/ssl/ErrorDetailManager.cc squid-3.3.11/src/ssl/ErrorDetailManager.cc
--- squid-3.3.10/src/ssl/ErrorDetailManager.cc 2013-11-04 00:06:37.000000000 +1300
+++ squid-3.3.11/src/ssl/ErrorDetailManager.cc 2013-12-01 02:55:13.000000000 +1300
@@ -218,32 +218,35 @@
}
Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
- if (ssl_error == SSL_ERROR_NONE) {
- debugs(83, DBG_IMPORTANT, HERE <<
- "WARNING! invalid error detail name: " << errorName);
- return false;
- }
+ if (ssl_error != SSL_ERROR_NONE) {
- if (theDetails->getErrorDetail(ssl_error)) {
- debugs(83, DBG_IMPORTANT, HERE <<
- "WARNING! duplicate entry: " << errorName);
- return false;
- }
+ if (theDetails->getErrorDetail(ssl_error)) {
+ debugs(83, DBG_IMPORTANT, HERE <<
+ "WARNING! duplicate entry: " << errorName);
+ return false;
+ }
+
+ ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+ entry.error_no = ssl_error;
+ entry.name = errorName;
+ String tmp = parser.getByName("detail");
+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+ tmp = parser.getByName("descr");
+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+ bool parseOK = entry.descr.defined() && entry.detail.defined();
- ErrorDetailEntry &entry = theDetails->theList[ssl_error];
- entry.error_no = ssl_error;
- entry.name = errorName;
- String tmp = parser.getByName("detail");
- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
- tmp = parser.getByName("descr");
- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
- bool parseOK = entry.descr.defined() && entry.detail.defined();
+ if (!parseOK) {
+ debugs(83, DBG_IMPORTANT, HERE <<
+ "WARNING! missing important field for detail error: " << errorName);
+ return false;
+ }
- if (!parseOK) {
+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
debugs(83, DBG_IMPORTANT, HERE <<
- "WARNING! missing imporant field for detail error: " << errorName);
+ "WARNING! invalid error detail name: " << errorName);
return false;
}
+
}// else {only spaces and black lines; just ignore}
buf.consume(size);