diff -u -r -N squid-3.3.8/acinclude/compiler-flags.m4 squid-3.3.9/acinclude/compiler-flags.m4 --- squid-3.3.8/acinclude/compiler-flags.m4 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/acinclude/compiler-flags.m4 2013-09-11 16:08:38.000000000 +1200 @@ -170,8 +170,8 @@ squid_cv_cc_arg_pipe="" ;; clang) - squid_cv_cxx_option_werror="-Werror -Wno-error=parentheses-equality" - squid_cv_cc_option_werror="$squid_cv_cxx_option_werror" + squid_cv_cxx_option_werror="-Werror -Qunused-arguments" + squid_cv_cc_option_werror="$squid_cv_cxx_option_werror" squid_cv_cc_option_wall="-Wall" squid_cv_cc_option_optimize="-O2" squid_cv_cc_arg_pipe="" diff -u -r -N squid-3.3.8/ChangeLog squid-3.3.9/ChangeLog --- squid-3.3.8/ChangeLog 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/ChangeLog 2013-09-11 16:08:38.000000000 +1200 @@ -1,4 +1,23 @@ +Changes to squid-3.3.9 (11 Sep 2013): + + - Regression Bug 3077: off-by-one error in Digest header decoding + - Bug 3895: fix acl_uses_indirect_client and cache_peer_access + - Bug 3879: assertion failed ConnStateData::validatePinnedConnection + - Bug 3863: myportname acl causes segmentation fault + - Bug 3849: Duplicate certificate sent when using https_port + - Bug 2287: Better fix for unsupported HTTP version handling + - Bug 2112: Reload into If-None-Match + - Fix several assert with side effects in ICAP/eCAP response handling + - Fix myportname ACL on ICAP/eCAP transactions + - Fix external ACL user:pass detail logging after adaptation + - Fix SMP mgr:info report 'Largest file desc currently in use' + - Improved compatibility with gcc 4.8, clang and icc + - Show number of available filedescriptors when reserved FD changes + - Sync with newest OpenSSL error codes + - Register Http2-Settings header + - ... and many Windows portability fixes + Changes to squid-3.3.8 (13 Jul 2013): - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity diff -u -r -N squid-3.3.8/compat/cmsg.h squid-3.3.9/compat/cmsg.h --- squid-3.3.8/compat/cmsg.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/cmsg.h 2013-09-11 16:08:38.000000000 +1200 @@ -9,6 +9,12 @@ #include #endif +// WinSock2.h defines these for Windows +#if HAVE_WINSOCK2_H +#include +#define CMSG_H_ // prevent re-definition +#endif + #ifndef CMSG_H_ #define CMSG_H_ diff -u -r -N squid-3.3.8/compat/getnameinfo.c squid-3.3.9/compat/getnameinfo.c --- squid-3.3.8/compat/getnameinfo.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/getnameinfo.c 2013-09-11 16:08:38.000000000 +1200 @@ -112,7 +112,7 @@ #include #endif -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #undef IN_ADDR #include #endif @@ -158,7 +158,6 @@ int family, i; const char *addr; uint32_t v4a; - int h_error; char numserv[512]; if (sa == NULL) @@ -260,14 +259,17 @@ goto numeric; } else { #if USE_GETIPNODEBY + int h_error = 0; hp = getipnodebyaddr(addr, afd->a_addrlen, afd->a_af, &h_error); #else hp = gethostbyaddr(addr, afd->a_addrlen, afd->a_af); +#if 0 // getnameinfo.c:161:9: error: variable 'h_error' set but not used #if HAVE_H_ERRNO h_error = h_errno; #else h_error = EINVAL; #endif +#endif /* 0 */ #endif if (hp) { diff -u -r -N squid-3.3.8/compat/GnuRegex.c squid-3.3.9/compat/GnuRegex.c --- squid-3.3.8/compat/GnuRegex.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/GnuRegex.c 2013-09-11 16:08:38.000000000 +1200 @@ -90,8 +90,6 @@ #endif /* not SYNTAX_TABLE */ -#define SYNTAX(c) re_syntax_table[c] - /* Get the interface, including the syntax bits. */ #include "compat/GnuRegex.h" @@ -889,9 +887,6 @@ #define INIT_COMPILE_STACK_SIZE 32 -#define COMPILE_STACK_EMPTY (compile_stack.avail == 0) -#define COMPILE_STACK_FULL (compile_stack.avail == compile_stack.size) - /* The next available element. */ #define COMPILE_STACK_TOP (compile_stack.stack[compile_stack.avail]) @@ -1420,7 +1415,7 @@ bufp->re_nsub++; regnum++; - if (COMPILE_STACK_FULL) { + if (compile_stack.avail == compile_stack.size) { RETALLOC(compile_stack.stack, compile_stack.size << 1, compile_stack_elt_t); if (compile_stack.stack == NULL) @@ -1461,7 +1456,7 @@ if (syntax & RE_NO_BK_PARENS) goto normal_backslash; - if (COMPILE_STACK_EMPTY) { + if (compile_stack.avail == 0) { if (syntax & RE_UNMATCHED_RIGHT_PAREN_ORD) goto normal_backslash; else @@ -1479,7 +1474,7 @@ STORE_JUMP(jump_past_alt, fixup_alt_jump, b - 1); } /* See similar code for backslashed left paren above. */ - if (COMPILE_STACK_EMPTY) { + if (compile_stack.avail == 0) { if (syntax & RE_UNMATCHED_RIGHT_PAREN_ORD) goto normal_char; else @@ -1832,7 +1827,7 @@ if (fixup_alt_jump) STORE_JUMP(jump_past_alt, fixup_alt_jump, b); - if (!COMPILE_STACK_EMPTY) + if (compile_stack.avail != 0) return REG_EPAREN; free(compile_stack.stack); @@ -2374,13 +2369,13 @@ case wordchar: for (j = 0; j < (1 << BYTEWIDTH); j++) - if (SYNTAX(j) == Sword) + if (re_syntax_table[j] == Sword) fastmap[j] = 1; break; case notwordchar: for (j = 0; j < (1 << BYTEWIDTH); j++) - if (SYNTAX(j) != Sword) + if (re_syntax_table[j] != Sword) fastmap[j] = 1; break; @@ -2732,21 +2727,31 @@ /* Test if at very beginning or at very end of the virtual concatenation * of `string1' and `string2'. If only one string, it's `string2'. */ #define AT_STRINGS_BEG(d) ((d) == (size1 ? string1 : string2) || !size2) -#define AT_STRINGS_END(d) ((d) == end2) +static int at_strings_end(const char *d, const char *end2) +{ + return d == end2; +} /* Test if D points to a character which is word-constituent. We have * two special cases to check for: if past the end of string1, look at * the first character in string2; and if before the beginning of * string2, look at the last character in string1. */ #define WORDCHAR_P(d) \ - (SYNTAX ((d) == end1 ? *string2 \ - : (d) == string2 - 1 ? *(end1 - 1) : *(d)) \ + (re_syntax_table[(d) == end1 ? *string2 \ + : (d) == string2 - 1 ? *(end1 - 1) : *(d)] \ == Sword) +static int +wordchar_p(const char *d, const char *end1, const char *string2) +{ + return re_syntax_table[(d) == end1 ? *string2 + : (d) == string2 - 1 ? *(end1 - 1) : *(d)] + == Sword; +} /* Test if the character before D and the one at D differ with respect * to being word-constituent. */ #define AT_WORD_BOUNDARY(d) \ - (AT_STRINGS_BEG (d) || AT_STRINGS_END (d) \ + (AT_STRINGS_BEG (d) || at_strings_end(d,end2) \ || WORDCHAR_P (d - 1) != WORDCHAR_P (d)) /* Free everything we malloc. */ @@ -3440,7 +3445,7 @@ case endline: DEBUG_PRINT1("EXECUTING endline.\n"); - if (AT_STRINGS_END(d)) { + if (at_strings_end(d,end2)) { if (!bufp->not_eol) break; } @@ -3461,7 +3466,7 @@ /* Match at the very end of the data. */ case endbuf: DEBUG_PRINT1("EXECUTING endbuf.\n"); - if (AT_STRINGS_END(d)) + if (at_strings_end(d,end2)) break; goto fail; @@ -3739,21 +3744,21 @@ case wordbeg: DEBUG_PRINT1("EXECUTING wordbeg.\n"); - if (WORDCHAR_P(d) && (AT_STRINGS_BEG(d) || !WORDCHAR_P(d - 1))) + if (wordchar_p(d,end1,string2) && (AT_STRINGS_BEG(d) || !WORDCHAR_P(d - 1))) break; goto fail; case wordend: DEBUG_PRINT1("EXECUTING wordend.\n"); if (!AT_STRINGS_BEG(d) && WORDCHAR_P(d - 1) - && (!WORDCHAR_P(d) || AT_STRINGS_END(d))) + && (!wordchar_p(d,end1,string2) || at_strings_end(d,end2))) break; goto fail; case wordchar: DEBUG_PRINT1("EXECUTING non-Emacs wordchar.\n"); PREFETCH(); - if (!WORDCHAR_P(d)) + if (!wordchar_p(d,end1,string2)) goto fail; SET_REGS_MATCHED(); d++; @@ -3762,7 +3767,7 @@ case notwordchar: DEBUG_PRINT1("EXECUTING non-Emacs notwordchar.\n"); PREFETCH(); - if (WORDCHAR_P(d)) + if (wordchar_p(d,end1,string2)) goto fail; SET_REGS_MATCHED(); d++; diff -u -r -N squid-3.3.8/compat/mswin.cc squid-3.3.9/compat/mswin.cc --- squid-3.3.8/compat/mswin.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/mswin.cc 2013-09-11 16:08:38.000000000 +1200 @@ -37,7 +37,7 @@ /* The following code section is part of an EXPERIMENTAL native */ /* Windows NT/2000 Squid port - Compiles only on MS Visual C++ or MinGW */ -#if _SQUID_MSWIN_ || _SQUID_MINGW_ +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #undef strerror #define sys_nerr _sys_nerr @@ -296,7 +296,7 @@ return &grp; } -#if defined(__MINGW32__) /* MinGW environment */ +#if _SQUID_MINGW_ int _free_osfhnd(int filehandle) { diff -u -r -N squid-3.3.8/compat/os/mswin.h squid-3.3.9/compat/os/mswin.h --- squid-3.3.8/compat/os/mswin.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/os/mswin.h 2013-09-11 16:08:38.000000000 +1200 @@ -51,6 +51,11 @@ #define NOMINMAX #endif +/// some builds of MinGW do not define IPV6_V6ONLY socket option +#if !defined(IPV6_V6ONLY) +#define IPV6_V6ONLY 27 +#endif + #if defined _FILE_OFFSET_BITS && _FILE_OFFSET_BITS == 64 # define __USE_FILE_OFFSET64 1 #endif @@ -103,6 +108,9 @@ #define mkdir(p,F) _mkdir((p)) #define mktemp _mktemp #endif +#if _SQUID_MINGW_ +#define mkdir(p,F) mkdir((p)) +#endif #define pclose _pclose #define pipe WIN32_pipe #define popen _popen @@ -340,7 +348,7 @@ SQUIDCEXTERN _CRTIMP ioinfo * __pioinfo[]; SQUIDCEXTERN int __cdecl _free_osfhnd(int); -#elif defined(__MINGW32__) /* MinGW environment */ +#elif _SQUID_MINGW_ /* MinGW environment */ __MINGW_IMPORT ioinfo * __pioinfo[]; SQUIDCEXTERN int _free_osfhnd(int); @@ -428,6 +436,18 @@ { /** \endcond */ +/* + * Each of these functions is defined in the Squid namespace so as not to + * clash with the winsock.h and winsock2.h definitions. + * It is then paired with a #define to cause these wrappers to be used by + * the main code instead of those system definitions. + * + * We do this wrapper in order to: + * - cast the parameter types in only one place, and + * - record errors in POSIX errno variable, and + * - map the FD value used by Squid to the socket handes used by Windows. + */ + inline int accept(int s, struct sockaddr * a, size_t * l) { @@ -658,6 +678,7 @@ } else return 0; } +#define WSAAsyncSelect(s,h,w,e) Squid::WSAAsyncSelect(s,h,w,e) #undef WSADuplicateSocket inline @@ -673,6 +694,7 @@ } else return 0; } +#define WSADuplicateSocket(s,n,l) Squid::WSADuplicateSocket(s,n,l) #undef WSASocket inline @@ -690,6 +712,7 @@ } else return _open_osfhandle(result, 0); } +#define WSASocket(a,t,p,i,g,f) Squid::WSASocket(a,t,p,i,g,f) } /* namespace Squid */ diff -u -r -N squid-3.3.8/compat/osdetect.h squid-3.3.9/compat/osdetect.h --- squid-3.3.8/compat/osdetect.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/osdetect.h 2013-09-11 16:08:38.000000000 +1200 @@ -73,10 +73,6 @@ #define _SQUID_WINDOWS_ 1 #elif defined(WIN32) || defined(WINNT) || defined(__WIN32__) || defined(__WIN32) -/* We are using _SQUID_MSWIN_ define in cf.data.pre, so - it must be defined to 1 to avoid the build failure of cfgen. - */ -#define _SQUID_MSWIN_ 1 #define _SQUID_WINDOWS_ 1 #elif defined(__APPLE__) diff -u -r -N squid-3.3.8/compat/types.h squid-3.3.9/compat/types.h --- squid-3.3.8/compat/types.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/compat/types.h 2013-09-11 16:08:38.000000000 +1200 @@ -91,7 +91,7 @@ * "%lx" instead of "%llx" */ #ifndef PRId64 -#if _SQUID_MSWIN_ /* Windows native port using MSVCRT */ +#if _SQUID_WINDOWS_ #define PRId64 "I64d" #elif SIZEOF_INT64_T > SIZEOF_LONG #define PRId64 "lld" @@ -101,7 +101,7 @@ #endif #ifndef PRIu64 -#if _SQUID_MSWIN_ /* Windows native port using MSVCRT */ +#if _SQUID_WINDOWS_ #define PRIu64 "I64u" #elif SIZEOF_INT64_T > SIZEOF_LONG #define PRIu64 "llu" @@ -111,7 +111,7 @@ #endif #ifndef PRIX64 -#if _SQUID_MSWIN_ /* Windows native port using MSVCRT */ +#if _SQUID_WINDOWS_ #define PRIX64 "I64X" #elif SIZEOF_INT64_T > SIZEOF_LONG #define PRIX64 "llX" diff -u -r -N squid-3.3.8/configure squid-3.3.9/configure --- squid-3.3.8/configure 2013-07-14 01:26:28.000000000 +1200 +++ squid-3.3.9/configure 2013-09-11 16:09:44.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.8. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.9. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.3.8' -PACKAGE_STRING='Squid Web Proxy 3.3.8' +PACKAGE_VERSION='3.3.9' +PACKAGE_STRING='Squid Web Proxy 3.3.9' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1570,7 +1570,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.3.8 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.3.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1640,7 +1640,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.3.8:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.3.9:";; esac cat <<\_ACEOF @@ -2014,7 +2014,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.3.8 +Squid Web Proxy configure 3.3.9 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3110,7 +3110,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.3.8, which was +It was created by Squid Web Proxy $as_me 3.3.9, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3929,7 +3929,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.3.8' + VERSION='3.3.9' cat >>confdefs.h <<_ACEOF @@ -18546,7 +18546,7 @@ squid_cv_cc_arg_pipe="" ;; clang) - squid_cv_cxx_option_werror="-Werror -Wno-error=parentheses-equality" + squid_cv_cxx_option_werror="-Werror -Qunused-arguments" squid_cv_cc_option_werror="$squid_cv_cxx_option_werror" squid_cv_cc_option_wall="-Wall" squid_cv_cc_option_optimize="-O2" @@ -18948,9 +18948,15 @@ # to be used by sub-commands export enable_inline -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for atomic operations support" >&5 -$as_echo_n "checking for atomic operations support... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU atomic operations support" >&5 +$as_echo_n "checking for GNU atomic operations support... " >&6; } +if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int n = 0; @@ -18970,7 +18976,7 @@ return 0; } _ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : +if ac_fn_cxx_try_run "$LINENO"; then : $as_echo "#define HAVE_ATOMIC_OPS 1" >>confdefs.h @@ -18984,7 +18990,10 @@ $as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # Check whether --enable-debug-cbdata was given. @@ -20803,12 +20812,18 @@ esac #Iphlpapi.h check delayed after winsock2.h for ac_header in \ + windows.h \ sys/sockio.h \ sys/param.h - do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " +#if HAVE_WINDOWS_H +include +#endif + + +" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 @@ -27212,16 +27227,23 @@ - for ac_header in Iphlpapi.h + for ac_header in \ + windows.h \ + ws2tcpip.h \ + Iphlpapi.h do : - ac_fn_cxx_check_header_compile "$LINENO" "Iphlpapi.h" "ac_cv_header_Iphlpapi_h" " + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " +#if HAVE_WINDOWS_H +#include +#endif #if HAVE_WINSOCK2_H #include #endif " -if test "x$ac_cv_header_Iphlpapi_h" = xyes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_IPHLPAPI_H 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -31810,7 +31832,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.3.8, which was +This file was extended by Squid Web Proxy $as_me 3.3.9, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31876,7 +31898,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.3.8 +Squid Web Proxy config.status 3.3.9 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.3.8/configure.ac squid-3.3.9/configure.ac --- squid-3.3.8/configure.ac 2013-07-14 01:26:28.000000000 +1200 +++ squid-3.3.9/configure.ac 2013-09-11 16:09:44.000000000 +1200 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.3.8],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.3.9],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -391,8 +391,8 @@ dnl dnl Check for atomic operations support in the compiler dnl -AC_MSG_CHECKING([for atomic operations support]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +AC_MSG_CHECKING([for GNU atomic operations support]) +AC_RUN_IFELSE([AC_LANG_PROGRAM([[ int n = 0; ]],[[ __sync_add_and_fetch(&n, 10); // n becomes 10 @@ -403,8 +403,7 @@ return (n == 200) ? 0 : -1; ]])], [ - AC_DEFINE(HAVE_ATOMIC_OPS,1, - [Define to 1 if you have __sync_add_and_fetch() and such]) + AC_DEFINE(HAVE_ATOMIC_OPS,1,[Define to 1 if you have __sync_add_and_fetch() and such]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -1158,8 +1157,14 @@ esac #Iphlpapi.h check delayed after winsock2.h AC_CHECK_HEADERS( \ + windows.h \ sys/sockio.h \ - sys/param.h + sys/param.h, + [], [], [[ +#if HAVE_WINDOWS_H +include +#endif +]] ) AC_CHECK_HEADERS( \ net/if_arp.h \ @@ -2653,7 +2658,13 @@ dnl Check for Winsock only on MinGW, on Cygwin we must use emulated BSD socket API if test "x$squid_host_os" = "xmingw" ; then SQUID_CHECK_WINSOCK_LIB - AC_CHECK_HEADERS(Iphlpapi.h,,,[ + AC_CHECK_HEADERS( \ + windows.h \ + ws2tcpip.h \ + Iphlpapi.h ,,,[ +#if HAVE_WINDOWS_H +#include +#endif #if HAVE_WINSOCK2_H #include #endif]) diff -u -r -N squid-3.3.8/errors/af/error-details.txt squid-3.3.9/errors/af/error-details.txt --- squid-3.3.8/errors/af/error-details.txt 2013-07-14 01:28:27.000000000 +1200 +++ squid-3.3.9/errors/af/error-details.txt 2013-09-11 16:11:23.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ar/error-details.txt squid-3.3.9/errors/ar/error-details.txt --- squid-3.3.8/errors/ar/error-details.txt 2013-07-14 01:28:59.000000000 +1200 +++ squid-3.3.9/errors/ar/error-details.txt 2013-09-11 16:11:44.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/az/error-details.txt squid-3.3.9/errors/az/error-details.txt --- squid-3.3.8/errors/az/error-details.txt 2013-07-14 01:29:29.000000000 +1200 +++ squid-3.3.9/errors/az/error-details.txt 2013-09-11 16:12:06.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/bg/error-details.txt squid-3.3.9/errors/bg/error-details.txt --- squid-3.3.8/errors/bg/error-details.txt 2013-07-14 01:30:06.000000000 +1200 +++ squid-3.3.9/errors/bg/error-details.txt 2013-09-11 16:12:28.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ca/error-details.txt squid-3.3.9/errors/ca/error-details.txt --- squid-3.3.8/errors/ca/error-details.txt 2013-07-14 01:30:37.000000000 +1200 +++ squid-3.3.9/errors/ca/error-details.txt 2013-09-11 16:12:49.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/cs/error-details.txt squid-3.3.9/errors/cs/error-details.txt --- squid-3.3.8/errors/cs/error-details.txt 2013-07-14 01:31:11.000000000 +1200 +++ squid-3.3.9/errors/cs/error-details.txt 2013-09-11 16:13:11.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/da/error-details.txt squid-3.3.9/errors/da/error-details.txt --- squid-3.3.8/errors/da/error-details.txt 2013-07-14 01:31:45.000000000 +1200 +++ squid-3.3.9/errors/da/error-details.txt 2013-09-11 16:13:33.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/de/error-details.txt squid-3.3.9/errors/de/error-details.txt --- squid-3.3.8/errors/de/error-details.txt 2013-07-14 01:32:15.000000000 +1200 +++ squid-3.3.9/errors/de/error-details.txt 2013-09-11 16:13:56.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/el/error-details.txt squid-3.3.9/errors/el/error-details.txt --- squid-3.3.8/errors/el/error-details.txt 2013-07-14 01:32:45.000000000 +1200 +++ squid-3.3.9/errors/el/error-details.txt 2013-09-11 16:14:17.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/en/error-details.txt squid-3.3.9/errors/en/error-details.txt --- squid-3.3.8/errors/en/error-details.txt 2013-07-14 01:33:18.000000000 +1200 +++ squid-3.3.9/errors/en/error-details.txt 2013-09-11 16:14:39.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/es/error-details.txt squid-3.3.9/errors/es/error-details.txt --- squid-3.3.8/errors/es/error-details.txt 2013-07-14 01:33:48.000000000 +1200 +++ squid-3.3.9/errors/es/error-details.txt 2013-09-11 16:15:02.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/et/error-details.txt squid-3.3.9/errors/et/error-details.txt --- squid-3.3.8/errors/et/error-details.txt 2013-07-14 01:34:18.000000000 +1200 +++ squid-3.3.9/errors/et/error-details.txt 2013-09-11 16:15:28.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/fa/error-details.txt squid-3.3.9/errors/fa/error-details.txt --- squid-3.3.8/errors/fa/error-details.txt 2013-07-14 01:34:48.000000000 +1200 +++ squid-3.3.9/errors/fa/error-details.txt 2013-09-11 16:15:50.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/fi/error-details.txt squid-3.3.9/errors/fi/error-details.txt --- squid-3.3.8/errors/fi/error-details.txt 2013-07-14 01:35:23.000000000 +1200 +++ squid-3.3.9/errors/fi/error-details.txt 2013-09-11 16:16:15.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/fr/error-details.txt squid-3.3.9/errors/fr/error-details.txt --- squid-3.3.8/errors/fr/error-details.txt 2013-07-14 01:35:55.000000000 +1200 +++ squid-3.3.9/errors/fr/error-details.txt 2013-09-11 16:16:48.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/he/error-details.txt squid-3.3.9/errors/he/error-details.txt --- squid-3.3.8/errors/he/error-details.txt 2013-07-14 01:36:35.000000000 +1200 +++ squid-3.3.9/errors/he/error-details.txt 2013-09-11 16:17:17.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/hu/error-details.txt squid-3.3.9/errors/hu/error-details.txt --- squid-3.3.8/errors/hu/error-details.txt 2013-07-14 01:37:06.000000000 +1200 +++ squid-3.3.9/errors/hu/error-details.txt 2013-09-11 16:17:47.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/hy/error-details.txt squid-3.3.9/errors/hy/error-details.txt --- squid-3.3.8/errors/hy/error-details.txt 2013-07-14 01:37:36.000000000 +1200 +++ squid-3.3.9/errors/hy/error-details.txt 2013-09-11 16:18:18.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/id/error-details.txt squid-3.3.9/errors/id/error-details.txt --- squid-3.3.8/errors/id/error-details.txt 2013-07-14 01:38:04.000000000 +1200 +++ squid-3.3.9/errors/id/error-details.txt 2013-09-11 16:18:51.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/it/error-details.txt squid-3.3.9/errors/it/error-details.txt --- squid-3.3.8/errors/it/error-details.txt 2013-07-14 01:38:38.000000000 +1200 +++ squid-3.3.9/errors/it/error-details.txt 2013-09-11 16:19:19.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ja/error-details.txt squid-3.3.9/errors/ja/error-details.txt --- squid-3.3.8/errors/ja/error-details.txt 2013-07-14 01:39:13.000000000 +1200 +++ squid-3.3.9/errors/ja/error-details.txt 2013-09-11 16:19:49.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ko/error-details.txt squid-3.3.9/errors/ko/error-details.txt --- squid-3.3.8/errors/ko/error-details.txt 2013-07-14 01:39:42.000000000 +1200 +++ squid-3.3.9/errors/ko/error-details.txt 2013-09-11 16:20:22.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/lt/error-details.txt squid-3.3.9/errors/lt/error-details.txt --- squid-3.3.8/errors/lt/error-details.txt 2013-07-14 01:40:15.000000000 +1200 +++ squid-3.3.9/errors/lt/error-details.txt 2013-09-11 16:20:50.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/lv/error-details.txt squid-3.3.9/errors/lv/error-details.txt --- squid-3.3.8/errors/lv/error-details.txt 2013-07-14 01:40:45.000000000 +1200 +++ squid-3.3.9/errors/lv/error-details.txt 2013-09-11 16:21:21.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ms/error-details.txt squid-3.3.9/errors/ms/error-details.txt --- squid-3.3.8/errors/ms/error-details.txt 2013-07-14 01:41:24.000000000 +1200 +++ squid-3.3.9/errors/ms/error-details.txt 2013-09-11 16:21:52.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/nl/error-details.txt squid-3.3.9/errors/nl/error-details.txt --- squid-3.3.8/errors/nl/error-details.txt 2013-07-14 01:41:56.000000000 +1200 +++ squid-3.3.9/errors/nl/error-details.txt 2013-09-11 16:22:25.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/oc/error-details.txt squid-3.3.9/errors/oc/error-details.txt --- squid-3.3.8/errors/oc/error-details.txt 2013-07-14 01:42:30.000000000 +1200 +++ squid-3.3.9/errors/oc/error-details.txt 2013-09-11 16:22:58.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/pl/error-details.txt squid-3.3.9/errors/pl/error-details.txt --- squid-3.3.8/errors/pl/error-details.txt 2013-07-14 01:43:01.000000000 +1200 +++ squid-3.3.9/errors/pl/error-details.txt 2013-09-11 16:23:28.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/pt/error-details.txt squid-3.3.9/errors/pt/error-details.txt --- squid-3.3.8/errors/pt/error-details.txt 2013-07-14 01:44:04.000000000 +1200 +++ squid-3.3.9/errors/pt/error-details.txt 2013-09-11 16:24:23.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/pt-br/error-details.txt squid-3.3.9/errors/pt-br/error-details.txt --- squid-3.3.8/errors/pt-br/error-details.txt 2013-07-14 01:43:34.000000000 +1200 +++ squid-3.3.9/errors/pt-br/error-details.txt 2013-09-11 16:23:56.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ro/error-details.txt squid-3.3.9/errors/ro/error-details.txt --- squid-3.3.8/errors/ro/error-details.txt 2013-07-14 01:44:33.000000000 +1200 +++ squid-3.3.9/errors/ro/error-details.txt 2013-09-11 16:24:52.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/ru/error-details.txt squid-3.3.9/errors/ru/error-details.txt --- squid-3.3.8/errors/ru/error-details.txt 2013-07-14 01:45:08.000000000 +1200 +++ squid-3.3.9/errors/ru/error-details.txt 2013-09-11 16:25:21.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/sk/error-details.txt squid-3.3.9/errors/sk/error-details.txt --- squid-3.3.8/errors/sk/error-details.txt 2013-07-14 01:45:39.000000000 +1200 +++ squid-3.3.9/errors/sk/error-details.txt 2013-09-11 16:25:49.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/sl/error-details.txt squid-3.3.9/errors/sl/error-details.txt --- squid-3.3.8/errors/sl/error-details.txt 2013-07-14 01:46:14.000000000 +1200 +++ squid-3.3.9/errors/sl/error-details.txt 2013-09-11 16:26:26.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/sr-cyrl/error-details.txt squid-3.3.9/errors/sr-cyrl/error-details.txt --- squid-3.3.8/errors/sr-cyrl/error-details.txt 2013-07-14 01:46:47.000000000 +1200 +++ squid-3.3.9/errors/sr-cyrl/error-details.txt 2013-09-11 16:27:03.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/sr-latn/error-details.txt squid-3.3.9/errors/sr-latn/error-details.txt --- squid-3.3.8/errors/sr-latn/error-details.txt 2013-07-14 01:47:18.000000000 +1200 +++ squid-3.3.9/errors/sr-latn/error-details.txt 2013-09-11 16:27:35.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/sv/error-details.txt squid-3.3.9/errors/sv/error-details.txt --- squid-3.3.8/errors/sv/error-details.txt 2013-07-14 01:47:47.000000000 +1200 +++ squid-3.3.9/errors/sv/error-details.txt 2013-09-11 16:28:07.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/templates/error-details.txt squid-3.3.9/errors/templates/error-details.txt --- squid-3.3.8/errors/templates/error-details.txt 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/errors/templates/error-details.txt 2013-09-11 16:08:38.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/th/error-details.txt squid-3.3.9/errors/th/error-details.txt --- squid-3.3.8/errors/th/error-details.txt 2013-07-14 01:48:17.000000000 +1200 +++ squid-3.3.9/errors/th/error-details.txt 2013-09-11 16:28:34.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/tr/error-details.txt squid-3.3.9/errors/tr/error-details.txt --- squid-3.3.8/errors/tr/error-details.txt 2013-07-14 01:48:46.000000000 +1200 +++ squid-3.3.9/errors/tr/error-details.txt 2013-09-11 16:29:02.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/uk/error-details.txt squid-3.3.9/errors/uk/error-details.txt --- squid-3.3.8/errors/uk/error-details.txt 2013-07-14 01:49:13.000000000 +1200 +++ squid-3.3.9/errors/uk/error-details.txt 2013-09-11 16:29:30.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/uz/error-details.txt squid-3.3.9/errors/uz/error-details.txt --- squid-3.3.8/errors/uz/error-details.txt 2013-07-14 01:49:42.000000000 +1200 +++ squid-3.3.9/errors/uz/error-details.txt 2013-09-11 16:29:57.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/vi/error-details.txt squid-3.3.9/errors/vi/error-details.txt --- squid-3.3.8/errors/vi/error-details.txt 2013-07-14 01:50:07.000000000 +1200 +++ squid-3.3.9/errors/vi/error-details.txt 2013-09-11 16:30:26.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/zh-cn/error-details.txt squid-3.3.9/errors/zh-cn/error-details.txt --- squid-3.3.8/errors/zh-cn/error-details.txt 2013-07-14 01:50:30.000000000 +1200 +++ squid-3.3.9/errors/zh-cn/error-details.txt 2013-09-11 16:30:56.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/errors/zh-tw/error-details.txt squid-3.3.9/errors/zh-tw/error-details.txt --- squid-3.3.8/errors/zh-tw/error-details.txt 2013-07-14 01:50:57.000000000 +1200 +++ squid-3.3.9/errors/zh-tw/error-details.txt 2013-09-11 16:31:31.000000000 +1200 @@ -130,6 +130,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff -u -r -N squid-3.3.8/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.9/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.3.8/helpers/basic_auth/DB/basic_db_auth.8 2013-07-14 01:51:11.000000000 +1200 +++ squid-3.3.9/helpers/basic_auth/DB/basic_db_auth.8 2013-09-11 16:31:37.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-09-10" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.8/helpers/basic_auth/LDAP/basic_ldap_auth.cc squid-3.3.9/helpers/basic_auth/LDAP/basic_ldap_auth.cc --- squid-3.3.8/helpers/basic_auth/LDAP/basic_ldap_auth.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/basic_auth/LDAP/basic_ldap_auth.cc 2013-09-11 16:08:38.000000000 +1200 @@ -93,8 +93,7 @@ #include #include -#if _SQUID_MSWIN_ /* Native Windows port and MinGW */ - +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #define snprintf _snprintf #include #include @@ -554,7 +553,7 @@ /* On Windows ldap_start_tls_s is available starting from Windows XP, * so we need to bind at run-time with the function entry point */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (use_tls) { HMODULE WLDAP32Handle; diff -u -r -N squid-3.3.8/helpers/basic_auth/RADIUS/basic_radius_auth.cc squid-3.3.9/helpers/basic_auth/RADIUS/basic_radius_auth.cc --- squid-3.3.8/helpers/basic_auth/RADIUS/basic_radius_auth.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/basic_auth/RADIUS/basic_radius_auth.cc 2013-09-11 16:08:38.000000000 +1200 @@ -120,7 +120,7 @@ char progname[] = "basic_radius_auth"; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ void Win32SockCleanup(void) { @@ -532,7 +532,7 @@ fprintf(stderr, "FATAL: %s: Shared secret not specified\n", argv[0]); exit(1); } -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ { WSADATA wsaData; WSAStartup(2, &wsaData); diff -u -r -N squid-3.3.8/helpers/basic_auth/SSPI/valid.h squid-3.3.9/helpers/basic_auth/SSPI/valid.h --- squid-3.3.8/helpers/basic_auth/SSPI/valid.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/basic_auth/SSPI/valid.h 2013-09-11 16:08:38.000000000 +1200 @@ -88,7 +88,7 @@ debug(char *format,...) { #ifdef DEBUG -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (debug_enabled) { va_list args; @@ -97,7 +97,7 @@ vfprintf(stderr, format, args); va_end(args); } -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ #endif /* DEBUG */ } #endif /* __GNUC__ */ diff -u -r -N squid-3.3.8/helpers/digest_auth/eDirectory/edir_ldapext.cc squid-3.3.9/helpers/digest_auth/eDirectory/edir_ldapext.cc --- squid-3.3.8/helpers/digest_auth/eDirectory/edir_ldapext.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/digest_auth/eDirectory/edir_ldapext.cc 2013-09-11 16:08:38.000000000 +1200 @@ -26,7 +26,7 @@ #include "digest_common.h" -#if _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #define snprintf _snprintf #include diff -u -r -N squid-3.3.8/helpers/digest_auth/eDirectory/ldap_backend.cc squid-3.3.9/helpers/digest_auth/eDirectory/ldap_backend.cc --- squid-3.3.8/helpers/digest_auth/eDirectory/ldap_backend.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/digest_auth/eDirectory/ldap_backend.cc 2013-09-11 16:08:38.000000000 +1200 @@ -11,7 +11,7 @@ #include "ldap_backend.h" -#if _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #define snprintf _snprintf #include @@ -332,7 +332,7 @@ /* On Windows ldap_start_tls_s is available starting from Windows XP, * so we need to bind at run-time with the function entry point */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (use_tls) { HMODULE WLDAP32Handle; diff -u -r -N squid-3.3.8/helpers/digest_auth/LDAP/ldap_backend.cc squid-3.3.9/helpers/digest_auth/LDAP/ldap_backend.cc --- squid-3.3.8/helpers/digest_auth/LDAP/ldap_backend.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/digest_auth/LDAP/ldap_backend.cc 2013-09-11 16:08:38.000000000 +1200 @@ -12,7 +12,7 @@ #include "ldap_backend.h" -#if _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #define snprintf _snprintf #include @@ -304,7 +304,7 @@ /* On Windows ldap_start_tls_s is available starting from Windows XP, * so we need to bind at run-time with the function entry point */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (use_tls) { HMODULE WLDAP32Handle; diff -u -r -N squid-3.3.8/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc squid-3.3.9/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc --- squid-3.3.8/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc 2013-09-11 16:08:38.000000000 +1200 @@ -51,7 +51,7 @@ #include #endif -#if _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ #define snprintf _snprintf #include @@ -451,7 +451,7 @@ /* On Windows ldap_start_tls_s is available starting from Windows XP, * so we need to bind at run-time with the function entry point */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (use_tls) { HMODULE WLDAP32Handle; diff -u -r -N squid-3.3.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.9/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.3.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-07-14 01:51:22.000000000 +1200 +++ squid-3.3.9/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-09-11 16:31:43.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2013-09-10" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.3.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-14 01:51:23.000000000 +1200 +++ squid-3.3.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-09-11 16:31:43.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-09-10" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.8/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.9/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.3.8/helpers/log_daemon/DB/log_db_daemon.8 2013-07-14 01:51:24.000000000 +1200 +++ squid-3.3.9/helpers/log_daemon/DB/log_db_daemon.8 2013-09-11 16:31:44.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2013-09-10" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.8/include/autoconf.h.in squid-3.3.9/include/autoconf.h.in --- squid-3.3.8/include/autoconf.h.in 2013-07-14 01:25:35.000000000 +1200 +++ squid-3.3.9/include/autoconf.h.in 2013-09-11 16:09:07.000000000 +1200 @@ -1067,6 +1067,9 @@ /* Define if you have PSAPI.DLL on Windows systems */ #undef HAVE_WIN32_PSAPI +/* Define to 1 if you have the header file. */ +#undef HAVE_WINDOWS_H + /* Define to 1 if you have the header file. */ #undef HAVE_WINSOCK2_H @@ -1079,6 +1082,9 @@ /* Define to 1 if you have the `write' function. */ #undef HAVE_WRITE +/* Define to 1 if you have the header file. */ +#undef HAVE_WS2TCPIP_H + /* Define to 1 if you have the `__res_init' function. */ #undef HAVE___RES_INIT diff -u -r -N squid-3.3.8/include/squid.h squid-3.3.9/include/squid.h --- squid-3.3.8/include/squid.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/include/squid.h 2013-09-11 16:08:38.000000000 +1200 @@ -115,7 +115,7 @@ #define SQUID_MAXPATHLEN 256 // TODO: determine if this is required. OR if compat/os/mswin.h works -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ /** \cond AUTODOCS-IGNORE */ using namespace Squid; /** \endcond */ diff -u -r -N squid-3.3.8/include/util.h squid-3.3.9/include/util.h --- squid-3.3.8/include/util.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/include/util.h 2013-09-11 16:08:38.000000000 +1200 @@ -111,7 +111,7 @@ /* Windows Port */ /* win32lib.c */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ SQUIDCEXTERN int chroot (const char *); #if !HAVE_GETTIMEOFDAY SQUIDCEXTERN int gettimeofday(struct timeval * ,void *); diff -u -r -N squid-3.3.8/include/version.h squid-3.3.9/include/version.h --- squid-3.3.8/include/version.h 2013-07-14 01:26:28.000000000 +1200 +++ squid-3.3.9/include/version.h 2013-09-11 16:09:46.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1373721912 +#define SQUID_RELEASE_TIME 1378872515 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.3.8/lib/dirent.c squid-3.3.9/lib/dirent.c --- squid-3.3.8/lib/dirent.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/lib/dirent.c 2013-09-11 16:08:38.000000000 +1200 @@ -49,7 +49,7 @@ #include "squid.h" /* The following code section is part of the native Windows Squid port */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #include "util.h" #include @@ -309,4 +309,4 @@ while ((dirp->dd_stat < lPos) && readdir(dirp)); } } -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ diff -u -r -N squid-3.3.8/lib/getopt.c squid-3.3.9/lib/getopt.c --- squid-3.3.8/lib/getopt.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/lib/getopt.c 2013-09-11 16:08:38.000000000 +1200 @@ -45,7 +45,7 @@ #define BADCH (int)'?' #define BADARG (int)':' -#define EMSG "" +#define EMSG (char*)"" /* * getopt -- diff -u -r -N squid-3.3.8/lib/Makefile.am squid-3.3.9/lib/Makefile.am --- squid-3.3.8/lib/Makefile.am 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/lib/Makefile.am 2013-09-11 16:08:38.000000000 +1200 @@ -1,12 +1,9 @@ include $(top_srcdir)/src/Common.am DIST_SUBDIRS = ntlmauth profiler rfcnb smblib libTrie +SUBDIRS= EXTRA_DIST= -SUBDIRS = rfcnb smblib -if ENABLE_AUTH_NTLM -SUBDIRS += ntlmauth -endif if USE_ESI SUBDIRS += libTrie endif @@ -14,23 +11,28 @@ SUBDIRS += profiler endif - install: all install-strip: all -if ENABLE_WIN32SPECIFIC -LIBSSPWIN32=libsspwin32.la -else -LIBSSPWIN32= -EXTRA_LTLIBRARIES = \ - libsspwin32.la -endif - noinst_LTLIBRARIES = \ libmiscencoding.la \ libmisccontainers.la \ - libmiscutil.la \ - $(LIBSSPWIN32) + libmiscutil.la + +# +# Some libraries are only available on Windows +# and others are unable to be built. +# +if ENABLE_WIN32SPECIFIC +noinst_LTLIBRARIES += libsspwin32.la +libsspwin32_la_SOURCES = sspwin32.c +else +SUBDIRS += rfcnb smblib +EXTRA_DIST += sspwin32.c +endif +if ENABLE_AUTH_NTLM +SUBDIRS += ntlmauth +endif # # dirent.c, encrypt.c and getopt.c are needed for native Windows support. @@ -71,10 +73,6 @@ util.c \ xusleep.c -# $(top_srcdir)/include/version.h should be a dependency -libsspwin32_la_SOURCES = \ - sspwin32.c - TESTS += tests/testAll check_PROGRAMS += tests/testAll diff -u -r -N squid-3.3.8/lib/Makefile.in squid-3.3.9/lib/Makefile.in --- squid-3.3.8/lib/Makefile.in 2013-07-14 01:25:50.000000000 +1200 +++ squid-3.3.9/lib/Makefile.in 2013-09-11 16:09:21.000000000 +1200 @@ -39,9 +39,17 @@ check_PROGRAMS = tests/testAll$(EXEEXT) TESTS = tests/testAll$(EXEEXT) testHeaders @USE_LOADABLE_MODULES_TRUE@am__append_1 = $(INCLTDL) -@ENABLE_AUTH_NTLM_TRUE@am__append_2 = ntlmauth -@USE_ESI_TRUE@am__append_3 = libTrie -@ENABLE_XPROF_STATS_TRUE@am__append_4 = profiler +@USE_ESI_TRUE@am__append_2 = libTrie +@ENABLE_XPROF_STATS_TRUE@am__append_3 = profiler + +# +# Some libraries are only available on Windows +# and others are unable to be built. +# +@ENABLE_WIN32SPECIFIC_TRUE@am__append_4 = libsspwin32.la +@ENABLE_WIN32SPECIFIC_FALSE@am__append_5 = rfcnb smblib +@ENABLE_WIN32SPECIFIC_FALSE@am__append_6 = sspwin32.c +@ENABLE_AUTH_NTLM_TRUE@am__append_7 = ntlmauth subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/acinclude/init.m4 \ @@ -75,9 +83,9 @@ rfc3596.lo Splay.lo stub_memaccount.lo util.lo xusleep.lo libmiscutil_la_OBJECTS = $(am_libmiscutil_la_OBJECTS) libsspwin32_la_LIBADD = -am_libsspwin32_la_OBJECTS = sspwin32.lo +am__libsspwin32_la_SOURCES_DIST = sspwin32.c +@ENABLE_WIN32SPECIFIC_TRUE@am_libsspwin32_la_OBJECTS = sspwin32.lo libsspwin32_la_OBJECTS = $(am_libsspwin32_la_OBJECTS) -@ENABLE_WIN32SPECIFIC_FALSE@am_libsspwin32_la_rpath = @ENABLE_WIN32SPECIFIC_TRUE@am_libsspwin32_la_rpath = am_tests_testAll_OBJECTS = testArray.$(OBJEXT) testRFC1035.$(OBJEXT) \ testRFC1738.$(OBJEXT) testMain.$(OBJEXT) @@ -120,8 +128,8 @@ $(tests_testAll_SOURCES) DIST_SOURCES = $(libmisccontainers_la_SOURCES) \ $(libmiscencoding_la_SOURCES) $(libmiscutil_la_SOURCES) \ - $(EXTRA_libmiscutil_la_SOURCES) $(libsspwin32_la_SOURCES) \ - $(tests_testAll_SOURCES) + $(EXTRA_libmiscutil_la_SOURCES) \ + $(am__libsspwin32_la_SOURCES_DIST) $(tests_testAll_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ @@ -385,19 +393,12 @@ COMPAT_LIB = -L$(top_builddir)/compat -lcompat-squid $(LIBPROFILER) subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1) DIST_SUBDIRS = ntlmauth profiler rfcnb smblib libTrie -EXTRA_DIST = -SUBDIRS = rfcnb smblib $(am__append_2) $(am__append_3) $(am__append_4) -@ENABLE_WIN32SPECIFIC_FALSE@LIBSSPWIN32 = -@ENABLE_WIN32SPECIFIC_TRUE@LIBSSPWIN32 = libsspwin32.la -@ENABLE_WIN32SPECIFIC_FALSE@EXTRA_LTLIBRARIES = \ -@ENABLE_WIN32SPECIFIC_FALSE@ libsspwin32.la - -noinst_LTLIBRARIES = \ - libmiscencoding.la \ - libmisccontainers.la \ - libmiscutil.la \ - $(LIBSSPWIN32) - +SUBDIRS = $(am__append_2) $(am__append_3) $(am__append_5) \ + $(am__append_7) +EXTRA_DIST = $(am__append_6) +noinst_LTLIBRARIES = libmiscencoding.la libmisccontainers.la \ + libmiscutil.la $(am__append_4) +@ENABLE_WIN32SPECIFIC_TRUE@libsspwin32_la_SOURCES = sspwin32.c # # dirent.c, encrypt.c and getopt.c are needed for native Windows support. @@ -438,11 +439,6 @@ util.c \ xusleep.c - -# $(top_srcdir)/include/version.h should be a dependency -libsspwin32_la_SOURCES = \ - sspwin32.c - tests_testAll_SOURCES = \ tests/testArray.h \ tests/testArray.cc \ diff -u -r -N squid-3.3.8/lib/rfcnb/session.c squid-3.3.9/lib/rfcnb/session.c --- squid-3.3.8/lib/rfcnb/session.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/lib/rfcnb/session.c 2013-09-11 16:08:38.000000000 +1200 @@ -84,7 +84,7 @@ /* Resolve that name into an IP address */ Service_Address = Called_Name; - if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ + if (strlen(Called_Address) != 0) { /* If the Called Address = "" */ Service_Address = Called_Address; } if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ diff -u -r -N squid-3.3.8/lib/smblib/smblib.c squid-3.3.9/lib/smblib/smblib.c --- squid-3.3.8/lib/smblib/smblib.c 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/lib/smblib/smblib.c 2013-09-11 16:08:38.000000000 +1200 @@ -152,7 +152,7 @@ calling[strlen(con -> myname)] = 0; /* Make it a string */ - if (strcmp(con -> address, "") == 0) + if (strlen(con -> address) == 0) address = con -> desthost; else address = con -> address; @@ -268,7 +268,7 @@ calling[strlen(con -> myname)] = 0; /* Make it a string */ - if (strcmp(con -> address, "") == 0) + if (strlen(con -> address) == 0) address = con -> desthost; else address = con -> address; diff -u -r -N squid-3.3.8/RELEASENOTES.html squid-3.3.9/RELEASENOTES.html --- squid-3.3.8/RELEASENOTES.html 2013-07-14 01:51:51.000000000 +1200 +++ squid-3.3.9/RELEASENOTES.html 2013-09-11 16:32:08.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.3.8 release notes + Squid 3.3.9 release notes -

Squid 3.3.8 release notes

+

Squid 3.3.9 release notes

Squid Developers


@@ -56,7 +56,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.3.8.

+

The Squid Team are pleased to announce the release of Squid-3.3.9.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.3/ or the mirrors.

diff -u -r -N squid-3.3.8/src/acl/MyPortName.cc squid-3.3.9/src/acl/MyPortName.cc --- squid-3.3.8/src/acl/MyPortName.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/acl/MyPortName.cc 2013-09-11 16:08:38.000000000 +1200 @@ -44,7 +44,7 @@ int ACLMyPortNameStrategy::match(ACLData * &data, ACLFilledChecklist *checklist) { - if (checklist->conn() != NULL) + if (checklist->conn() != NULL && checklist->conn()->port != NULL) return data->match(checklist->conn()->port->name); if (checklist->request != NULL) return data->match(checklist->request->myportname.termedBuf()); diff -u -r -N squid-3.3.8/src/auth/digest/auth_digest.cc squid-3.3.9/src/auth/digest/auth_digest.cc --- squid-3.3.8/src/auth/digest/auth_digest.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/auth/digest/auth_digest.cc 2013-09-11 16:08:38.000000000 +1200 @@ -817,7 +817,7 @@ vlen = 0; } - StringArea keyName(item, nlen-1); + StringArea keyName(item, nlen); String value; if (vlen > 0) { diff -u -r -N squid-3.3.8/src/cache_cf.cc squid-3.3.9/src/cache_cf.cc --- squid-3.3.8/src/cache_cf.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/cache_cf.cc 2013-09-11 16:08:38.000000000 +1200 @@ -1366,8 +1366,12 @@ addr->SetNoAddr(); else if ( (*addr = token) ) // try parse numeric/IPA (void) 0; - else - addr->GetHostByName(token); // dont use ipcache + else if (addr->GetHostByName(token)) // dont use ipcache + (void) 0; + else { // not an IP and not a hostname + debugs(3, DBG_CRITICAL, "FATAL: invalid IP address or domain name '" << token << "'"); + self_destruct(); + } } static void diff -u -r -N squid-3.3.8/src/cf.data.pre squid-3.3.9/src/cf.data.pre --- squid-3.3.8/src/cf.data.pre 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/cf.data.pre 2013-09-11 16:08:38.000000000 +1200 @@ -4466,10 +4466,12 @@ override-lastmod enforces min age even on objects that were modified recently. - reload-into-ims changes client no-cache or ``reload'' - to If-Modified-Since requests. Doing this VIOLATES the - HTTP standard. Enabling this feature could make you - liable for problems which it causes. + reload-into-ims changes a client no-cache or ``reload'' + request for a cached entry into a conditional request using + If-Modified-Since and/or If-None-Match headers, provided the + cached entry has a Last-Modified and/or a strong ETag header. + Doing this VIOLATES the HTTP standard. Enabling this feature + could make you liable for problems which it causes. ignore-reload ignores a client no-cache or ``reload'' header. Doing this VIOLATES the HTTP standard. Enabling @@ -8388,7 +8390,7 @@ DOC_END NAME: windows_ipaddrchangemonitor -IFDEF: _SQUID_MSWIN_ +IFDEF: _SQUID_WINDOWS_ COMMENT: on|off TYPE: onoff DEFAULT: on diff -u -r -N squid-3.3.8/src/cf_gen_defines squid-3.3.9/src/cf_gen_defines --- squid-3.3.8/src/cf_gen_defines 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/cf_gen_defines 2013-09-11 16:08:38.000000000 +1200 @@ -32,7 +32,7 @@ define["USE_WCCP"]="--enable-wccp" define["USE_WCCPv2"]="--enable-wccpv2" define["USE_QOS_TOS"]="--enable-zph-qos" - define["_SQUID_MSWIN_"]="MS Windows" + define["_SQUID_WINDOWS_"]="MS Windows" define["SO_MARK&&USE_LIBCAP"]="Packet MARK (Linux)" } /^IFDEF:/ { diff -u -r -N squid-3.3.8/src/client_side.cc squid-3.3.9/src/client_side.cc --- squid-3.3.8/src/client_side.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/client_side.cc 2013-09-11 16:08:38.000000000 +1200 @@ -2609,10 +2609,9 @@ goto finish; } - /* RFC 2616 section 10.5.6 : handle unsupported HTTP versions cleanly. */ - /* We currently only accept 0.9, 1.0, 1.1 */ + /* RFC 2616 section 10.5.6 : handle unsupported HTTP major versions cleanly. */ + /* We currently only support 0.9, 1.0, 1.1 properly */ if ( (http_ver.major == 0 && http_ver.minor != 9) || - (http_ver.major == 1 && http_ver.minor > 1 ) || (http_ver.major > 1) ) { clientStreamNode *node = context->getClientReplyContext(); @@ -3854,8 +3853,18 @@ // Try to add generated ssl context to storage. if (port->generateHostCertificates && isNew) { - if (signAlgorithm == Ssl::algSignTrusted) + if (signAlgorithm == Ssl::algSignTrusted) { + // Add signing certificate to the certificates chain + X509 *cert = port->signingCert.get(); + if (SSL_CTX_add_extra_chain_cert(sslContext, cert)) { + // increase the certificate lock + CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509); + } else { + const int ssl_error = ERR_get_error(); + debugs(33, DBG_IMPORTANT, "WARNING: can not add signing certificate to SSL context chain: " << ERR_error_string(ssl_error, NULL)); + } Ssl::addChainToSslContext(sslContext, port->certsToChain.get()); + } //else it is self-signed or untrusted do not attrach any certificate Ssl::LocalContextStorage & ssl_ctx_cache(Ssl::TheGlobalContextStorage.getLocalStorage(port->s)); @@ -4476,18 +4485,14 @@ bool valid = true; if (!Comm::IsConnOpen(pinning.serverConnection)) valid = false; - if (pinning.auth && request && strcasecmp(pinning.host, request->GetHost()) != 0) { + else if (pinning.auth && pinning.host && request && strcasecmp(pinning.host, request->GetHost()) != 0) valid = false; - } - if (request && pinning.port != request->port) { + else if (request && pinning.port != request->port) valid = false; - } - if (pinning.peer && !cbdataReferenceValid(pinning.peer)) { + else if (pinning.peer && !cbdataReferenceValid(pinning.peer)) valid = false; - } - if (aPeer != pinning.peer) { + else if (aPeer != pinning.peer) valid = false; - } if (!valid) { /* The pinning info is not safe, remove any pinning info */ diff -u -r -N squid-3.3.8/src/client_side_reply.cc squid-3.3.9/src/client_side_reply.cc --- squid-3.3.8/src/client_side_reply.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/client_side_reply.cc 2013-09-11 16:08:38.000000000 +1200 @@ -38,6 +38,7 @@ #include "clientStream.h" #include "dlink.h" #include "errorpage.h" +#include "ETag.h" #include "fd.h" #include "fde.h" #include "format/Token.h" @@ -291,6 +292,13 @@ #endif http->request->lastmod = old_entry->lastmod; + + if (!http->request->header.has(HDR_IF_NONE_MATCH)) { + ETag etag = {NULL, -1}; // TODO: make that a default ETag constructor + if (old_entry->hasEtag(etag) && !etag.weak) + http->request->etag = etag.str; + } + debugs(88, 5, "clientReplyContext::processExpired : lastmod " << entry->lastmod ); http->storeEntry(entry); assert(http->out.offset == 0); diff -u -r -N squid-3.3.8/src/comm/ConnOpener.cc squid-3.3.9/src/comm/ConnOpener.cc --- squid-3.3.8/src/comm/ConnOpener.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/comm/ConnOpener.cc 2013-09-11 16:08:38.000000000 +1200 @@ -339,7 +339,7 @@ if (failRetries_ < Config.connect_retries) { debugs(5, 5, HERE << conn_ << ": * - try again"); - sleep(); + retrySleep(); return; } else { // send ERROR back to the upper layer. @@ -352,7 +352,7 @@ /// Close and wait a little before trying to open and connect again. void -Comm::ConnOpener::sleep() +Comm::ConnOpener::retrySleep() { Must(!calls_.sleep_); closeFd(); diff -u -r -N squid-3.3.8/src/comm/ConnOpener.h squid-3.3.9/src/comm/ConnOpener.h --- squid-3.3.8/src/comm/ConnOpener.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/comm/ConnOpener.h 2013-09-11 16:08:38.000000000 +1200 @@ -47,7 +47,7 @@ void connected(); void lookupLocalAddress(); - void sleep(); + void retrySleep(); void restart(); bool createFd(); diff -u -r -N squid-3.3.8/src/comm/Loops.h squid-3.3.9/src/comm/Loops.h --- squid-3.3.8/src/comm/Loops.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/comm/Loops.h 2013-09-11 16:08:38.000000000 +1200 @@ -36,7 +36,7 @@ * This is a per-port limit for ICP/HTCP ports. * DNS has a separate limit. */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #define INCOMING_UDP_MAX 1 #else #define INCOMING_UDP_MAX 15 @@ -45,7 +45,7 @@ /** * Max number of DNS messages to receive per call to DNS read handler */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #define INCOMING_DNS_MAX 1 #else #define INCOMING_DNS_MAX 15 @@ -55,7 +55,7 @@ * Max number of new TCP connections to accept per call to the TCP listener poller. * This is a per-port limit for HTTP/HTTPS ports. */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #define INCOMING_TCP_MAX 1 #else #define INCOMING_TCP_MAX 10 diff -u -r -N squid-3.3.8/src/comm.cc squid-3.3.9/src/comm.cc --- squid-3.3.8/src/comm.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/comm.cc 2013-09-11 16:08:38.000000000 +1200 @@ -670,7 +670,7 @@ commSetReuseAddr(new_socket); if (addr.GetPort() > (unsigned short) 0) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (sock_type != SOCK_DGRAM) #endif commSetNoLinger(new_socket); @@ -729,7 +729,7 @@ fd_table[conn->fd].flags.close_on_exec = 1; if (conn->local.GetPort() > (unsigned short) 0) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (AI->ai_socktype != SOCK_DGRAM) #endif fd_table[conn->fd].flags.nolinger = 1; @@ -1330,7 +1330,7 @@ int commSetNonBlocking(int fd) { -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ int flags; int dummy = 0; #endif @@ -1350,7 +1350,7 @@ } else { #endif #endif -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ if ((flags = fcntl(fd, F_GETFL, dummy)) < 0) { debugs(50, 0, "FD " << fd << ": fcntl F_GETFL: " << xstrerror()); @@ -1374,7 +1374,7 @@ int commUnsetNonBlocking(int fd) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int nonblocking = FALSE; if (ioctlsocket(fd, FIONBIO, (unsigned long *) &nonblocking) < 0) { diff -u -r -N squid-3.3.8/src/debug.cc squid-3.3.9/src/debug.cc --- squid-3.3.8/src/debug.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/debug.cc 2013-09-11 16:08:38.000000000 +1200 @@ -62,7 +62,7 @@ static void _db_print_stderr(const char *format, va_list args); static void _db_print_file(const char *format, va_list args); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ extern LPCRITICAL_SECTION dbg_mutex; typedef BOOL (WINAPI * PFInitializeCriticalSectionAndSpinCount) (LPCRITICAL_SECTION, DWORD); #endif @@ -76,7 +76,7 @@ va_list args2; va_list args3; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ /* Multiple WIN32 threads may call this simultaneously */ if (!dbg_mutex) { @@ -129,7 +129,7 @@ _db_print_syslog(format, args3); #endif -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ LeaveCriticalSection(dbg_mutex); #endif @@ -485,7 +485,7 @@ --i; snprintf(from, MAXPATHLEN, "%s.%d", debug_log_file, i - 1); snprintf(to, MAXPATHLEN, "%s.%d", debug_log_file, i); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ remove (to); #endif @@ -496,14 +496,14 @@ * You can't rename open files on Microsoft "operating systems" * so we close before renaming. */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (debug_log != stderr) fclose(debug_log); #endif /* Rotate the current log to .0 */ if (Debug::rotateNumber > 0) { snprintf(to, MAXPATHLEN, "%s.%d", debug_log_file, 0); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ remove (to); #endif diff -u -r -N squid-3.3.8/src/DiskIO/AIO/AIODiskIOModule.cc squid-3.3.9/src/DiskIO/AIO/AIODiskIOModule.cc --- squid-3.3.8/src/DiskIO/AIO/AIODiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/AIO/AIODiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -50,7 +50,7 @@ {} void -AIODiskIOModule::shutdown() +AIODiskIOModule::gracefulShutdown() {} DiskIOStrategy * diff -u -r -N squid-3.3.8/src/DiskIO/AIO/AIODiskIOModule.h squid-3.3.9/src/DiskIO/AIO/AIODiskIOModule.h --- squid-3.3.8/src/DiskIO/AIO/AIODiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/AIO/AIODiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -42,7 +42,7 @@ static AIODiskIOModule &GetInstance(); AIODiskIOModule(); virtual void init(); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/DiskIO/AIO/aio_win32.cc squid-3.3.9/src/DiskIO/AIO/aio_win32.cc --- squid-3.3.8/src/DiskIO/AIO/aio_win32.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/AIO/aio_win32.cc 2013-09-11 16:08:38.000000000 +1200 @@ -32,8 +32,11 @@ */ #include "squid.h" +#include "DiskIO/AIO/aio_win32.h" #include "comm.h" -#include "aio_win32.h" +#include "fd.h" +#include "StatCounters.h" +#include "win32.h" #if HAVE_ERRNO_H #include diff -u -r -N squid-3.3.8/src/DiskIO/AIO/aio_win32.h squid-3.3.9/src/DiskIO/AIO/aio_win32.h --- squid-3.3.8/src/DiskIO/AIO/aio_win32.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/AIO/aio_win32.h 2013-09-11 16:08:38.000000000 +1200 @@ -42,7 +42,7 @@ typedef int64_t off64_t; #endif -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ union sigval { int sival_int; /* integer value */ @@ -104,6 +104,6 @@ int aio_open(const char *, int); void aio_close(int); -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ #endif /* USE_DISKIO_AIO */ #endif /* __WIN32_AIO_H__ */ diff -u -r -N squid-3.3.8/src/DiskIO/Blocking/BlockingDiskIOModule.cc squid-3.3.9/src/DiskIO/Blocking/BlockingDiskIOModule.cc --- squid-3.3.8/src/DiskIO/Blocking/BlockingDiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/Blocking/BlockingDiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -49,7 +49,7 @@ {} void -BlockingDiskIOModule::shutdown() +BlockingDiskIOModule::gracefulShutdown() {} DiskIOStrategy* diff -u -r -N squid-3.3.8/src/DiskIO/Blocking/BlockingDiskIOModule.h squid-3.3.9/src/DiskIO/Blocking/BlockingDiskIOModule.h --- squid-3.3.8/src/DiskIO/Blocking/BlockingDiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/Blocking/BlockingDiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -41,7 +41,7 @@ static BlockingDiskIOModule &GetInstance(); BlockingDiskIOModule(); virtual void init(); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.cc squid-3.3.9/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.cc --- squid-3.3.8/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -79,7 +79,7 @@ } void -DiskDaemonDiskIOModule::shutdown() +DiskDaemonDiskIOModule::gracefulShutdown() { initialised = false; } diff -u -r -N squid-3.3.8/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.h squid-3.3.9/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.h --- squid-3.3.8/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskDaemon/DiskDaemonDiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -41,7 +41,7 @@ static DiskDaemonDiskIOModule &GetInstance(); DiskDaemonDiskIOModule(); virtual void init(); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/DiskIO/DiskIOModule.cc squid-3.3.9/src/DiskIO/DiskIOModule.cc --- squid-3.3.8/src/DiskIO/DiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -95,7 +95,7 @@ while (GetModules().size()) { DiskIOModule *fs = GetModules().back(); GetModules().pop_back(); - fs->shutdown(); + fs->gracefulShutdown(); } } diff -u -r -N squid-3.3.8/src/DiskIO/DiskIOModule.h squid-3.3.9/src/DiskIO/DiskIOModule.h --- squid-3.3.8/src/DiskIO/DiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -65,7 +65,7 @@ virtual void init() = 0; //virtual void registerWithCacheManager(void); - virtual void shutdown() = 0; + virtual void gracefulShutdown() = 0; virtual DiskIOStrategy *createStrategy() = 0; virtual char const *type () const = 0; diff -u -r -N squid-3.3.8/src/DiskIO/DiskThreads/aiops_win32.cc squid-3.3.9/src/DiskIO/DiskThreads/aiops_win32.cc --- squid-3.3.8/src/DiskIO/DiskThreads/aiops_win32.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskThreads/aiops_win32.cc 2013-09-11 16:08:38.000000000 +1200 @@ -36,6 +36,7 @@ #include "squid_windows.h" #include "DiskIO/DiskThreads/CommIO.h" #include "DiskThreads.h" +#include "fd.h" #include "SquidConfig.h" #include "SquidTime.h" #include "Store.h" @@ -210,7 +211,7 @@ MemAllocator *pool; if ((pool = squidaio_get_pool(size)) != NULL) { - pool->free(p); + pool->freeOne(p); } else xfree(p); } @@ -222,7 +223,7 @@ int len = strlen(str) + 1; if ((pool = squidaio_get_pool(len)) != NULL) { - pool->free(str); + pool->freeOne(str); } else xfree(str); } @@ -296,7 +297,9 @@ done_queue.blocked = 0; - CommIO::NotifyIOCompleted(); + // Initialize the thread I/O pipes before creating any threads + // see bug 3189 comment 5 about race conditions. + CommIO::Initialize(); /* Create threads and get them to sit in their wait loop */ squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t)); @@ -716,7 +719,7 @@ resultp->aio_errno = requestp->err; } - squidaio_request_pool->free(requestp); + squidaio_request_pool->freeOne(requestp); } /* squidaio_cleanup_request */ int diff -u -r -N squid-3.3.8/src/DiskIO/DiskThreads/CommIO.cc squid-3.3.9/src/DiskIO/DiskThreads/CommIO.cc --- squid-3.3.8/src/DiskIO/DiskThreads/CommIO.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskThreads/CommIO.cc 2013-09-11 16:08:38.000000000 +1200 @@ -37,6 +37,7 @@ #include "DiskIO/DiskThreads/CommIO.h" #include "fd.h" #include "globals.h" +#include "win32.h" void CommIO::Initialize() diff -u -r -N squid-3.3.8/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.cc squid-3.3.9/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.cc --- squid-3.3.8/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -52,7 +52,7 @@ } void -DiskThreadsDiskIOModule::shutdown() +DiskThreadsDiskIOModule::gracefulShutdown() { DiskThreadsIOStrategy::Instance.done(); } diff -u -r -N squid-3.3.8/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.h squid-3.3.9/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.h --- squid-3.3.8/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/DiskThreads/DiskThreadsDiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -42,7 +42,7 @@ DiskThreadsDiskIOModule(); virtual void init(); //virtual void registerWithCacheManager(void); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/DiskIO/IpcIo/IpcIoDiskIOModule.cc squid-3.3.9/src/DiskIO/IpcIo/IpcIoDiskIOModule.cc --- squid-3.3.8/src/DiskIO/IpcIo/IpcIoDiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/IpcIo/IpcIoDiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -18,7 +18,7 @@ {} void -IpcIoDiskIOModule::shutdown() +IpcIoDiskIOModule::gracefulShutdown() {} DiskIOStrategy* diff -u -r -N squid-3.3.8/src/DiskIO/IpcIo/IpcIoDiskIOModule.h squid-3.3.9/src/DiskIO/IpcIo/IpcIoDiskIOModule.h --- squid-3.3.8/src/DiskIO/IpcIo/IpcIoDiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/IpcIo/IpcIoDiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -10,7 +10,7 @@ static IpcIoDiskIOModule &GetInstance(); IpcIoDiskIOModule(); virtual void init(); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/DiskIO/Mmapped/MmappedDiskIOModule.cc squid-3.3.9/src/DiskIO/Mmapped/MmappedDiskIOModule.cc --- squid-3.3.8/src/DiskIO/Mmapped/MmappedDiskIOModule.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/Mmapped/MmappedDiskIOModule.cc 2013-09-11 16:08:38.000000000 +1200 @@ -18,7 +18,7 @@ {} void -MmappedDiskIOModule::shutdown() +MmappedDiskIOModule::gracefulShutdown() {} DiskIOStrategy* diff -u -r -N squid-3.3.8/src/DiskIO/Mmapped/MmappedDiskIOModule.h squid-3.3.9/src/DiskIO/Mmapped/MmappedDiskIOModule.h --- squid-3.3.8/src/DiskIO/Mmapped/MmappedDiskIOModule.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/DiskIO/Mmapped/MmappedDiskIOModule.h 2013-09-11 16:08:38.000000000 +1200 @@ -10,7 +10,7 @@ static MmappedDiskIOModule &GetInstance(); MmappedDiskIOModule(); virtual void init(); - virtual void shutdown(); + virtual void gracefulShutdown(); virtual char const *type () const; virtual DiskIOStrategy* createStrategy(); diff -u -r -N squid-3.3.8/src/dns_internal.cc squid-3.3.9/src/dns_internal.cc --- squid-3.3.8/src/dns_internal.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/dns_internal.cc 2013-09-11 16:08:38.000000000 +1200 @@ -236,7 +236,7 @@ static void idnsFreeNameservers(void); static void idnsFreeSearchpath(void); static void idnsParseNameservers(void); -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ static void idnsParseResolvConf(void); #endif #if _SQUID_WINDOWS_ @@ -366,7 +366,7 @@ } } -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ static void idnsParseResolvConf(void) { @@ -1535,7 +1535,7 @@ assert(0 == nns); idnsParseNameservers(); -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ if (0 == nns) idnsParseResolvConf(); diff -u -r -N squid-3.3.8/src/dnsserver.cc squid-3.3.9/src/dnsserver.cc --- squid-3.3.8/src/dnsserver.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/dnsserver.cc 2013-09-11 16:08:38.000000000 +1200 @@ -497,7 +497,7 @@ } } -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ { WSADATA wsaData; @@ -511,7 +511,7 @@ memset(request, '\0', REQ_SZ); if (fgets(request, REQ_SZ, stdin) == NULL) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ WSACleanup(); #endif exit(1); diff -u -r -N squid-3.3.8/src/fd.cc squid-3.3.9/src/fd.cc --- squid-3.3.8/src/fd.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/fd.cc 2013-09-11 16:08:38.000000000 +1200 @@ -49,7 +49,7 @@ int default_read_method(int, char *, int); int default_write_method(int, const char *, int); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int socket_read_method(int, char *, int); int socket_write_method(int, const char *, int); int file_read_method(int, char *, int); @@ -122,7 +122,7 @@ *F = fde(); } -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int socket_read_method(int fd, char *buf, int len) @@ -222,7 +222,7 @@ F->type = type; F->flags.open = 1; F->epoll_state = 0; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ F->win32.handle = _get_osfhandle(fd); @@ -369,6 +369,7 @@ if (Squid_MaxFD - newReserve < min(256, Squid_MaxFD / 2)) fatalf("Too few filedescriptors available in the system (%d usable of %d).\n", Squid_MaxFD - newReserve, Squid_MaxFD); - debugs(51, DBG_CRITICAL, "Reserved FD adjusted from " << RESERVED_FD << " to " << newReserve << " due to failures"); + debugs(51, DBG_CRITICAL, "Reserved FD adjusted from " << RESERVED_FD << " to " << newReserve << + " due to failures (" << (Squid_MaxFD - newReserve) << "/" << Squid_MaxFD << " file descriptors available)"); RESERVED_FD = newReserve; } diff -u -r -N squid-3.3.8/src/fde.cc squid-3.3.9/src/fde.cc --- squid-3.3.8/src/fde.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/fde.cc 2013-09-11 16:08:38.000000000 +1200 @@ -55,7 +55,7 @@ if (!flags.open) return; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ storeAppendPrintf(&dumpEntry, "%4d 0x%-8lX %-6.6s %4d %7" PRId64 "%c %7" PRId64 "%c %-21s %s\n", fdNumber, @@ -79,7 +79,7 @@ { int i; storeAppendPrintf(dumpEntry, "Active file descriptors:\n"); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ storeAppendPrintf(dumpEntry, "%-4s %-10s %-6s %-4s %-7s* %-7s* %-21s %s\n", "File", @@ -94,7 +94,7 @@ "Nwrite", "Remote Address", "Description"); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ storeAppendPrintf(dumpEntry, "---- ---------- ------ ---- -------- -------- --------------------- ------------------------------\n"); #else storeAppendPrintf(dumpEntry, "---- ------ ---- -------- -------- --------------------- ------------------------------\n"); diff -u -r -N squid-3.3.8/src/fde.h squid-3.3.9/src/fde.h --- squid-3.3.8/src/fde.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/fde.h 2013-09-11 16:08:38.000000000 +1200 @@ -136,7 +136,7 @@ SSL *ssl; SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed #endif -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ struct { long handle; } win32; @@ -189,7 +189,7 @@ ssl = NULL; dynamicSslContext = NULL; #endif -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ win32.handle = NULL; #endif tosFromServer = '\0'; diff -u -r -N squid-3.3.8/src/fs/coss/store_dir_coss.cc squid-3.3.9/src/fs/coss/store_dir_coss.cc --- squid-3.3.8/src/fs/coss/store_dir_coss.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/fs/coss/store_dir_coss.cc 2013-09-11 16:08:38.000000000 +1200 @@ -901,14 +901,7 @@ if (::stat(path, &swap_sb) < 0) { debugs (47, 2, "COSS swap space space being allocated."); -#if _SQUID_MSWIN_ - - mkdir(path); -#else - mkdir(path, 0700); -#endif - } /* should check here for directories instead of files, and for file size diff -u -r -N squid-3.3.8/src/fs/ufs/UFSSwapDir.cc squid-3.3.9/src/fs/ufs/UFSSwapDir.cc --- squid-3.3.8/src/fs/ufs/UFSSwapDir.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/fs/ufs/UFSSwapDir.cc 2013-09-11 16:08:38.000000000 +1200 @@ -574,14 +574,7 @@ } else { fatalf("Swap directory %s is not a directory.", aPath); } - -#if _SQUID_MSWIN_ - - } else if (0 == mkdir(aPath)) { -#else - } else if (0 == mkdir(aPath, 0755)) { -#endif debugs(47, (should_exist ? DBG_IMPORTANT : 3), aPath << " created"); created = 1; } else { @@ -1306,14 +1299,7 @@ if (dir_pointer == NULL) { if (errno == ENOENT) { debugs(36, DBG_CRITICAL, HERE << "WARNING: Creating " << p1); -#if _SQUID_MSWIN_ - - if (mkdir(p1) == 0) -#else - if (mkdir(p1, 0777) == 0) -#endif - return 0; } diff -u -r -N squid-3.3.8/src/globals.h squid-3.3.9/src/globals.h --- squid-3.3.8/src/globals.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/globals.h 2013-09-11 16:08:38.000000000 +1200 @@ -113,7 +113,7 @@ extern int64_t store_maxobjsize; /* -1 */ extern hash_table *proxy_auth_username_cache; /* NULL */ extern int incoming_sockets_accepted; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ extern unsigned int WIN32_Socks_initialized; /* 0 */ #endif #if _SQUID_WINDOWS_ diff -u -r -N squid-3.3.8/src/helper.cc squid-3.3.9/src/helper.cc --- squid-3.3.8/src/helper.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/helper.cc 2013-09-11 16:08:38.000000000 +1200 @@ -97,7 +97,7 @@ void HelperServerBase::closePipesSafely() { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int no = index + 1; shutdown(writePipe->fd, SD_BOTH); @@ -110,7 +110,7 @@ readPipe->close(); writePipe->close(); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (hIpc) { if (WaitForSingleObject(hIpc, 5000) != WAIT_OBJECT_0) { getCurrentTime(); @@ -126,7 +126,7 @@ void HelperServerBase::closeWritePipeSafely() { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int no = index + 1; shutdown(writePipe->fd, (readPipe->fd == writePipe->fd ? SD_BOTH : SD_SEND)); @@ -137,7 +137,7 @@ readPipe->fd = -1; writePipe->close(); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (hIpc) { if (WaitForSingleObject(hIpc, 5000) != WAIT_OBJECT_0) { getCurrentTime(); diff -u -r -N squid-3.3.8/src/http.cc squid-3.3.9/src/http.cc --- squid-3.3.8/src/http.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/http.cc 2013-09-11 16:08:38.000000000 +1200 @@ -1715,10 +1715,17 @@ HttpHeaderPos pos = HttpHeaderInitPos; assert (hdr_out->owner == hoRequest); - /* append our IMS header */ + /* use our IMS header if the cached entry has Last-Modified time */ if (request->lastmod > -1) hdr_out->putTime(HDR_IF_MODIFIED_SINCE, request->lastmod); + // Add our own If-None-Match field if the cached entry has a strong ETag. + // copyOneHeaderFromClientsideRequestToUpstreamRequest() adds client ones. + if (request->etag.defined()) { + hdr_out->addEntry(new HttpHeaderEntry(HDR_IF_NONE_MATCH, NULL, + request->etag.termedBuf())); + } + bool we_do_ranges = decideIfWeDoRanges (request); String strConnection (hdr_in->getList(HDR_CONNECTION)); diff -u -r -N squid-3.3.8/src/HttpHeader.cc squid-3.3.9/src/HttpHeader.cc --- squid-3.3.8/src/HttpHeader.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/HttpHeader.cc 2013-09-11 16:08:38.000000000 +1200 @@ -107,6 +107,7 @@ {"Expires", HDR_EXPIRES, ftDate_1123}, {"From", HDR_FROM, ftStr}, {"Host", HDR_HOST, ftStr}, + {"HTTP2-Settings", HDR_HTTP2_SETTINGS, ftStr}, /* for now */ {"If-Match", HDR_IF_MATCH, ftStr}, /* for now */ {"If-Modified-Since", HDR_IF_MODIFIED_SINCE, ftDate_1123}, {"If-None-Match", HDR_IF_NONE_MATCH, ftStr}, /* for now */ @@ -251,6 +252,7 @@ static HttpHeaderMask RequestHeadersMask; /* set run-time using RequestHeaders */ static http_hdr_type RequestHeadersArr[] = { HDR_AUTHORIZATION, HDR_FROM, HDR_HOST, + HDR_HTTP2_SETTINGS, HDR_IF_MATCH, HDR_IF_MODIFIED_SINCE, HDR_IF_NONE_MATCH, HDR_IF_RANGE, HDR_MAX_FORWARDS, HDR_ORIGIN, @@ -261,7 +263,7 @@ static HttpHeaderMask HopByHopHeadersMask; static http_hdr_type HopByHopHeadersArr[] = { - HDR_CONNECTION, HDR_KEEP_ALIVE, /*HDR_PROXY_AUTHENTICATE,*/ HDR_PROXY_AUTHORIZATION, + HDR_CONNECTION, HDR_HTTP2_SETTINGS, HDR_KEEP_ALIVE, /*HDR_PROXY_AUTHENTICATE,*/ HDR_PROXY_AUTHORIZATION, HDR_TE, HDR_TRAILER, HDR_TRANSFER_ENCODING, HDR_UPGRADE, HDR_PROXY_CONNECTION }; diff -u -r -N squid-3.3.8/src/HttpHeader.h squid-3.3.9/src/HttpHeader.h --- squid-3.3.8/src/HttpHeader.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/HttpHeader.h 2013-09-11 16:08:38.000000000 +1200 @@ -83,6 +83,7 @@ HDR_EXPIRES, /**< RFC 2608, 2616 */ HDR_FROM, /**< RFC 2608, 2616 */ HDR_HOST, /**< RFC 2608, 2616 */ + HDR_HTTP2_SETTINGS, /**< HTTP/2.0 upgrade header. see draft-ietf-httpbis-http2-04 */ /*HDR_IF,*/ /* RFC 2518 */ HDR_IF_MATCH, /**< RFC 2608, 2616 */ HDR_IF_MODIFIED_SINCE, /**< RFC 2608, 2616 */ diff -u -r -N squid-3.3.8/src/HttpRequest.cc squid-3.3.9/src/HttpRequest.cc --- squid-3.3.8/src/HttpRequest.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/HttpRequest.cc 2013-09-11 16:08:38.000000000 +1200 @@ -172,6 +172,8 @@ extacl_message.clean(); + etag.clean(); + #if USE_ADAPTATION adaptHistory_ = NULL; #endif @@ -217,19 +219,16 @@ // XXX: what to do with copy->peer_login? copy->lastmod = lastmod; + copy->etag = etag; copy->vary_headers = vary_headers ? xstrdup(vary_headers) : NULL; // XXX: what to do with copy->peer_domain? - copy->myportname = myportname; copy->tag = tag; -#if USE_AUTH - copy->extacl_user = extacl_user; - copy->extacl_passwd = extacl_passwd; -#endif copy->extacl_log = extacl_log; copy->extacl_message = extacl_message; - assert(copy->inheritProperties(this)); + const bool inheritWorked = copy->inheritProperties(this); + assert(inheritWorked); return copy; } @@ -264,8 +263,12 @@ errDetail = aReq->errDetail; #if USE_AUTH auth_user_request = aReq->auth_user_request; + extacl_user = aReq->extacl_user; + extacl_passwd = aReq->extacl_passwd; #endif + myportname = aReq->myportname; + // main property is which connection the request was received on (if any) clientConnectionManager = aReq->clientConnectionManager; diff -u -r -N squid-3.3.8/src/HttpRequest.h squid-3.3.9/src/HttpRequest.h --- squid-3.3.8/src/HttpRequest.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/HttpRequest.h 2013-09-11 16:08:38.000000000 +1200 @@ -211,6 +211,9 @@ String x_forwarded_for_iterator; /* XXX a list of IP addresses */ #endif /* FOLLOW_X_FORWARDED_FOR */ + /// A strong etag of the cached entry. Used for refreshing that entry. + String etag; + public: bool multipartRangeRequest() const; diff -u -r -N squid-3.3.8/src/icmp/Icmp4.h squid-3.3.9/src/icmp/Icmp4.h --- squid-3.3.8/src/icmp/Icmp4.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/icmp/Icmp4.h 2013-09-11 16:08:38.000000000 +1200 @@ -83,7 +83,7 @@ #if _SQUID_WINDOWS_ #include "fde.h" -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #if HAVE_WINSOCK2_H #include @@ -123,7 +123,7 @@ uint32_t timestamp; /* not part of ICMP, but we need it */ } icmphdr; -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ #ifndef ICMP_ECHO #define ICMP_ECHO 8 diff -u -r -N squid-3.3.8/src/icmp/IcmpPinger.cc squid-3.3.9/src/icmp/IcmpPinger.cc --- squid-3.3.8/src/icmp/IcmpPinger.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/icmp/IcmpPinger.cc 2013-09-11 16:08:38.000000000 +1200 @@ -58,7 +58,7 @@ Close(); } -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ void Win32SockCleanup(void) { @@ -70,7 +70,7 @@ int IcmpPinger::Open(void) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ WSADATA wsaData; WSAPROTOCOL_INFO wpi; @@ -152,7 +152,7 @@ return icmp_sock; -#else /* !_SQUID_MSWIN_ */ +#else /* !_SQUID_WINDOWS_ */ /* non-windows apps use stdin/out pipes as the squid channel(s) */ socket_from_squid = 0; // use STDIN macro ?? @@ -164,7 +164,7 @@ void IcmpPinger::Close(void) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ shutdown(icmp_sock, SD_BOTH); close(icmp_sock); diff -u -r -N squid-3.3.8/src/icmp/IcmpSquid.cc squid-3.3.9/src/icmp/IcmpSquid.cc --- squid-3.3.8/src/icmp/IcmpSquid.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/icmp/IcmpSquid.cc 2013-09-11 16:08:38.000000000 +1200 @@ -263,11 +263,11 @@ if (localhost.SetIPv4()) SendEcho(localhost, S_ICMP_ECHO, "localhost"); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ debugs(37, 4, HERE << "Pinger handle: 0x" << std::hex << hIpc << std::dec << ", PID: " << pid); -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ return icmp_sock; #else /* USE_ICMP */ return -1; @@ -284,7 +284,7 @@ debugs(37, DBG_IMPORTANT, HERE << "Closing Pinger socket on FD " << icmp_sock); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ send(icmp_sock, (const void *) "$shutdown\n", 10, 0); @@ -292,7 +292,7 @@ comm_close(icmp_sock); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (hIpc) { if (WaitForSingleObject(hIpc, 12000) != WAIT_OBJECT_0) { diff -u -r -N squid-3.3.8/src/icmp/pinger.cc squid-3.3.9/src/icmp/pinger.cc --- squid-3.3.8/src/icmp/pinger.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/icmp/pinger.cc 2013-09-11 16:08:38.000000000 +1200 @@ -72,7 +72,7 @@ #include "IcmpPinger.h" #include "ip/tools.h" -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #if HAVE_WINSOCK2_H #include @@ -106,7 +106,7 @@ /* non-windows use STDOUT for feedback to squid */ #define LINK_TO_SQUID 1 -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ // ICMP Engines are declared global here so they can call each other easily. IcmpPinger control; diff -u -r -N squid-3.3.8/src/ip/Address.cc squid-3.3.9/src/ip/Address.cc --- squid-3.3.8/src/ip/Address.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ip/Address.cc 2013-09-11 16:08:38.000000000 +1200 @@ -1021,7 +1021,7 @@ } void -Ip::Address::GetInAddr(in6_addr &buf) const +Ip::Address::GetInAddr(struct in6_addr &buf) const { memcpy(&buf, &m_SocketAddr.sin6_addr, sizeof(struct in6_addr)); } @@ -1030,7 +1030,7 @@ Ip::Address::GetInAddr(struct in_addr &buf) const { if ( IsIPv4() ) { - Map6to4((const in6_addr)m_SocketAddr.sin6_addr, buf); + Map6to4(m_SocketAddr.sin6_addr, buf); return true; } diff -u -r -N squid-3.3.8/src/ip/Address.h squid-3.3.9/src/ip/Address.h --- squid-3.3.8/src/ip/Address.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ip/Address.h 2013-09-11 16:08:38.000000000 +1200 @@ -45,7 +45,7 @@ #if HAVE_NETINET_IP_H #include #endif -#if _SQUID_MSWIN_ +#if HAVE_WS2TCPIP_H #include #endif #if HAVE_NETDB_H diff -u -r -N squid-3.3.8/src/ip/testAddress.cc squid-3.3.9/src/ip/testAddress.cc --- squid-3.3.8/src/ip/testAddress.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ip/testAddress.cc 2013-09-11 16:08:38.000000000 +1200 @@ -108,7 +108,7 @@ insock.sin_len = sizeof(struct sockaddr_in); #endif - Ip::Address anIPA((const struct sockaddr_in)insock); + Ip::Address anIPA(insock); /* test stored values */ CPPUNIT_ASSERT( !anIPA.IsAnyAddr() ); diff -u -r -N squid-3.3.8/src/main.cc squid-3.3.9/src/main.cc --- squid-3.3.8/src/main.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/main.cc 2013-09-11 16:08:38.000000000 +1200 @@ -203,7 +203,7 @@ static void mainSetCwd(void); static int checkRunningPid(void); -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ static const char *squid_start_script = "squid_start"; #endif @@ -619,7 +619,7 @@ { do_rotate = 1; RotateSignal = sig; -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ #if !HAVE_SIGACTION signal(sig, rotate_logs); @@ -633,7 +633,7 @@ { do_reconfigure = 1; ReconfigureSignal = sig; -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ #if !HAVE_SIGACTION signal(sig, reconfigure); @@ -662,7 +662,7 @@ " pid " << ppid << ": " << xstrerror()); } -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ #if KILL_PARENT_OPT if (!IamMasterProcess() && ppid > 1) { @@ -1020,7 +1020,7 @@ setSystemLimits(); debugs(1, DBG_IMPORTANT, "With " << Squid_MaxFD << " file descriptors available"); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ debugs(1, DBG_IMPORTANT, "With " << _getmaxstdio() << " CRT stdio descriptors available"); @@ -1577,7 +1577,7 @@ exit(0); } -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ /* * This function is run when Squid is in daemon mode, just * before the parent forks and starts up the child process. @@ -1620,7 +1620,7 @@ } } -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ static int checkRunningPid(void) @@ -1650,7 +1650,7 @@ static void watch_child(char *argv[]) { -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ char *prog; #if _SQUID_NEXT_ @@ -1819,7 +1819,7 @@ } /* NOTREACHED */ -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ } diff -u -r -N squid-3.3.8/src/mgr/InfoAction.cc squid-3.3.9/src/mgr/InfoAction.cc --- squid-3.3.8/src/mgr/InfoAction.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/mgr/InfoAction.cc 2013-09-11 16:08:38.000000000 +1200 @@ -115,7 +115,7 @@ gb_saved_count += stats.gb_saved_count; gb_freed_count += stats.gb_freed_count; max_fd += stats.max_fd; - biggest_fd += stats.biggest_fd; + biggest_fd = max(biggest_fd, stats.biggest_fd); number_fd += stats.number_fd; opening_fd += stats.opening_fd; num_fd_free += stats.num_fd_free; diff -u -r -N squid-3.3.8/src/neighbors.cc squid-3.3.9/src/neighbors.cc --- squid-3.3.8/src/neighbors.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/neighbors.cc 2013-09-11 16:08:38.000000000 +1200 @@ -204,8 +204,6 @@ return do_ping; ACLFilledChecklist checklist(p->access, request, NULL); - checklist.src_addr = request->client_addr; - checklist.my_addr = request->my_addr; return (checklist.fastCheck() == ACCESS_ALLOWED); } diff -u -r -N squid-3.3.8/src/Server.cc squid-3.3.9/src/Server.cc --- squid-3.3.8/src/Server.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/Server.cc 2013-09-11 16:08:38.000000000 +1200 @@ -696,7 +696,8 @@ // subscribe to receive adapted body adaptedBodySource = rep->body_pipe; // assume that ICAP does not auto-consume on failures - assert(adaptedBodySource->setConsumerIfNotLate(this)); + const bool result = adaptedBodySource->setConsumerIfNotLate(this); + assert(result); } else { // no body if (doneWithAdaptation()) // we may still be sending virgin response diff -u -r -N squid-3.3.8/src/ssl/certificate_db.cc squid-3.3.9/src/ssl/certificate_db.cc --- squid-3.3.8/src/ssl/certificate_db.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/certificate_db.cc 2013-09-11 16:08:38.000000000 +1200 @@ -23,7 +23,7 @@ Ssl::Lock::Lock(std::string const &aFilename) : filename(aFilename), -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ hFile(INVALID_HANDLE_VALUE) #else fd(-1) @@ -33,7 +33,7 @@ bool Ssl::Lock::locked() const { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ return hFile != INVALID_HANDLE_VALUE; #else return fd != -1; @@ -43,7 +43,7 @@ void Ssl::Lock::lock() { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ hFile = CreateFile(TEXT(filename.c_str()), GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) #else @@ -52,7 +52,7 @@ #endif throw std::runtime_error("Failed to open file " + filename); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (!LockFile(hFile, 0, 0, 1, 0)) #else if (flock(fd, LOCK_EX) != 0) @@ -62,7 +62,7 @@ void Ssl::Lock::unlock() { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (hFile != INVALID_HANDLE_VALUE) { UnlockFile(hFile, 0, 0, 1, 0); CloseHandle(hFile); diff -u -r -N squid-3.3.8/src/ssl/certificate_db.h squid-3.3.9/src/ssl/certificate_db.h --- squid-3.3.8/src/ssl/certificate_db.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/certificate_db.h 2013-09-11 16:08:38.000000000 +1200 @@ -23,7 +23,7 @@ const char *name() const { return filename.c_str(); } private: std::string filename; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ HANDLE hFile; ///< Windows file handle. #else int fd; ///< Linux file descriptor. diff -u -r -N squid-3.3.8/src/ssl/ErrorDetail.cc squid-3.3.9/src/ssl/ErrorDetail.cc --- squid-3.3.8/src/ssl/ErrorDetail.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/ErrorDetail.cc 2013-09-11 16:08:38.000000000 +1200 @@ -87,6 +87,132 @@ "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"}, {X509_V_ERR_KEYUSAGE_NO_CERTSIGN, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"}, +#if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER) + { + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33 + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34 + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN) + { + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35 + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36 + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_NON_CA) + { + X509_V_ERR_INVALID_NON_CA, //37 + "X509_V_ERR_INVALID_NON_CA" + }, +#endif +#if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED) + { + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38 + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE) + { + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39 + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE" + }, +#endif +#if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED) + { + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40 + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED" + }, +#endif +#if defined(X509_V_ERR_INVALID_EXTENSION) + { + X509_V_ERR_INVALID_EXTENSION, //41 + "X509_V_ERR_INVALID_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_POLICY_EXTENSION) + { + X509_V_ERR_INVALID_POLICY_EXTENSION, //42 + "X509_V_ERR_INVALID_POLICY_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_NO_EXPLICIT_POLICY) + { + X509_V_ERR_NO_EXPLICIT_POLICY, //43 + "X509_V_ERR_NO_EXPLICIT_POLICY" + }, +#endif +#if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE) + { + X509_V_ERR_DIFFERENT_CRL_SCOPE, //44 + "X509_V_ERR_DIFFERENT_CRL_SCOPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE) + { + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45 + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE" + }, +#endif +#if defined(X509_V_ERR_UNNESTED_RESOURCE) + { + X509_V_ERR_UNNESTED_RESOURCE, //46 + "X509_V_ERR_UNNESTED_RESOURCE" + }, +#endif +#if defined(X509_V_ERR_PERMITTED_VIOLATION) + { + X509_V_ERR_PERMITTED_VIOLATION, //47 + "X509_V_ERR_PERMITTED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_EXCLUDED_VIOLATION) + { + X509_V_ERR_EXCLUDED_VIOLATION, //48 + "X509_V_ERR_EXCLUDED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_SUBTREE_MINMAX) + { + X509_V_ERR_SUBTREE_MINMAX, //49 + "X509_V_ERR_SUBTREE_MINMAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53 + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR) + { + X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54 + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR" + }, +#endif {X509_V_ERR_APPLICATION_VERIFICATION, "X509_V_ERR_APPLICATION_VERIFICATION"}, { SSL_ERROR_NONE, "SSL_ERROR_NONE"}, diff -u -r -N squid-3.3.8/src/ssl/gadgets.cc squid-3.3.9/src/ssl/gadgets.cc --- squid-3.3.8/src/ssl/gadgets.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/gadgets.cc 2013-09-11 16:08:38.000000000 +1200 @@ -410,7 +410,7 @@ serial = BN_bin2bn(md, n, NULL); // if the serial is "0" set it to '1' - if (BN_is_zero(serial)) + if (BN_is_zero(serial) == true) BN_one(serial); // serial size does not exceed 20 bytes diff -u -r -N squid-3.3.8/src/ssl/support.cc squid-3.3.9/src/ssl/support.cc --- squid-3.3.8/src/ssl/support.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/support.cc 2013-09-11 16:08:38.000000000 +1200 @@ -1488,11 +1488,7 @@ if (X509_check_issued(certificate, certificate) == X509_V_OK) debugs(83, 5, "Certificate is self-signed, will not be chained"); else { - if (sk_X509_push(chain, certificate)) - CRYPTO_add(&(certificate->references), 1, CRYPTO_LOCK_X509); - else - debugs(83, DBG_IMPORTANT, "WARNING: unable to add signing certificate to cert chain"); - // and add to the chain any certificate loaded from the file + // and add to the chain any other certificate exist in the file while (X509 *ca = PEM_read_bio_X509(bio.get(), NULL, NULL, NULL)) { if (!sk_X509_push(chain, ca)) debugs(83, DBG_IMPORTANT, "WARNING: unable to add CA certificate to cert chain"); diff -u -r -N squid-3.3.8/src/ssl/support.h squid-3.3.9/src/ssl/support.h --- squid-3.3.8/src/ssl/support.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/ssl/support.h 2013-09-11 16:08:38.000000000 +1200 @@ -244,7 +244,7 @@ bool setClientSNI(SSL *ssl, const char *fqdn); } //namespace Ssl -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #if defined(__cplusplus) @@ -272,6 +272,6 @@ #endif /* __cplusplus */ -#endif /* _SQUID_MSWIN_ */ +#endif /* _SQUID_WINDOWS_ */ #endif /* SQUID_SSL_SUPPORT_H */ diff -u -r -N squid-3.3.8/src/store.cc squid-3.3.9/src/store.cc --- squid-3.3.8/src/store.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/store.cc 2013-09-11 16:08:38.000000000 +1200 @@ -1952,6 +1952,17 @@ } bool +StoreEntry::hasEtag(ETag &etag) const +{ + if (const HttpReply *reply = getReply()) { + etag = reply->header.getETag(HDR_ETAG); + if (etag.str) + return true; + } + return false; +} + +bool StoreEntry::hasIfMatchEtag(const HttpRequest &request) const { const String reqETags = request.header.getList(HDR_IF_MATCH); diff -u -r -N squid-3.3.8/src/store_dir.cc squid-3.3.9/src/store_dir.cc --- squid-3.3.8/src/store_dir.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/store_dir.cc 2013-09-11 16:08:38.000000000 +1200 @@ -127,7 +127,7 @@ * The following is a workaround for create store directories sequentially * when running on native Windows port. */ -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ if (fork()) return; @@ -136,7 +136,7 @@ aStore.create(); -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ exit(0); @@ -148,7 +148,7 @@ { swapDir->create(); -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ pid_t pid; diff -u -r -N squid-3.3.8/src/Store.h squid-3.3.9/src/Store.h --- squid-3.3.8/src/Store.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/Store.h 2013-09-11 16:08:38.000000000 +1200 @@ -140,6 +140,8 @@ bool hasIfMatchEtag(const HttpRequest &request) const; /// has ETag matching at least one of the If-None-Match etags bool hasIfNoneMatchEtag(const HttpRequest &request) const; + /// whether this entry has an ETag; if yes, puts ETag value into parameter + bool hasEtag(ETag &etag) const; /** What store does this entry belong too ? */ virtual RefCount store() const; diff -u -r -N squid-3.3.8/src/tools.cc squid-3.3.9/src/tools.cc --- squid-3.3.8/src/tools.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/tools.cc 2013-09-11 16:08:38.000000000 +1200 @@ -366,7 +366,7 @@ #endif #endif /* PRINT_STACK_TRACE */ -#if SA_RESETHAND == 0 && !_SQUID_MSWIN_ +#if SA_RESETHAND == 0 && !_SQUID_WINDOWS_ signal(SIGSEGV, SIG_DFL); signal(SIGBUS, SIG_DFL); @@ -454,7 +454,7 @@ void sig_child(int sig) { -#if !_SQUID_MSWIN_ +#if !_SQUID_WINDOWS_ #if _SQUID_NEXT_ union wait status; #else @@ -994,7 +994,7 @@ debugs(50, DBG_CRITICAL, "sigaction: sig=" << sig << " func=" << func << ": " << xstrerror()); #else -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ /* On Windows, only SIGINT, SIGILL, SIGFPE, SIGTERM, SIGBREAK, SIGABRT and SIGSEGV signals are supported, so we must care of don't call signal() for other value. diff -u -r -N squid-3.3.8/src/unlinkd.cc squid-3.3.9/src/unlinkd.cc --- squid-3.3.8/src/unlinkd.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/unlinkd.cc 2013-09-11 16:08:38.000000000 +1200 @@ -149,7 +149,7 @@ void unlinkdClose(void) -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ { if (unlinkd_wfd > -1) { @@ -224,7 +224,7 @@ #if USE_POLL && _SQUID_OSF_ /* pipes and poll() don't get along on DUNIX -DW */ IPC_STREAM, -#elif _SQUID_MSWIN_ +#elif _SQUID_WINDOWS_ /* select() will fail on a pipe */ IPC_TCP_SOCKET, #else @@ -265,7 +265,7 @@ debugs(2, DBG_IMPORTANT, "Unlinkd pipe opened on FD " << unlinkd_wfd); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ debugs(2, 4, "Unlinkd handle: 0x" << std::hex << hIpc << std::dec << ", PID: " << pid); diff -u -r -N squid-3.3.8/src/win32.cc squid-3.3.9/src/win32.cc --- squid-3.3.8/src/win32.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/win32.cc 2013-09-11 16:08:38.000000000 +1200 @@ -35,7 +35,7 @@ #include "squid_windows.h" #include "win32.h" -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #if HAVE_WIN32_PSAPI #include #endif diff -u -r -N squid-3.3.8/src/win32.h squid-3.3.9/src/win32.h --- squid-3.3.8/src/win32.h 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/win32.h 2013-09-11 16:08:38.000000000 +1200 @@ -33,7 +33,7 @@ * */ -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #if HAVE_SYS_TIME_H #include diff -u -r -N squid-3.3.8/src/WinSvc.cc squid-3.3.9/src/WinSvc.cc --- squid-3.3.8/src/WinSvc.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/src/WinSvc.cc 2013-09-11 16:08:38.000000000 +1200 @@ -35,7 +35,7 @@ #include "protos.h" #include "squid_windows.h" -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ #ifndef _MSWSOCK_ #include #endif diff -u -r -N squid-3.3.8/tools/cachemgr.cc squid-3.3.9/tools/cachemgr.cc --- squid-3.3.8/tools/cachemgr.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/cachemgr.cc 2013-09-11 16:08:38.000000000 +1200 @@ -164,7 +164,7 @@ static int check_target_acl(const char *hostname, int port); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ static int s_iInitCount = 0; int Win32SockInit(void) @@ -610,7 +610,7 @@ read_reply(int s, cachemgr_request * req) { char buf[4 * 1024]; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ int reply; char *tmpfile = tempnam(NULL, "tmp0000"); @@ -634,7 +634,7 @@ parse_menu = 1; if (fp == NULL) { -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ perror(tmpfile); xfree(tmpfile); #else @@ -646,7 +646,7 @@ return 1; } -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ while ((reply=recv(s, buf , sizeof(buf), 0)) > 0) fwrite(buf, 1, reply, fp); @@ -785,7 +785,7 @@ } fclose(fp); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ remove(tmpfile); xfree(tmpfile); @@ -902,7 +902,7 @@ cachemgr_request *req; now = time(NULL); -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ Win32SockInit(); atexit(Win32SockCleanup); @@ -1027,7 +1027,7 @@ else return NULL; -#if _SQUID_MSWIN_ +#if _SQUID_WINDOWS_ if (strlen(buf) == 0 || strlen(buf) == 4000) #else diff -u -r -N squid-3.3.8/tools/purge/conffile.cc squid-3.3.9/tools/purge/conffile.cc --- squid-3.3.8/tools/purge/conffile.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/conffile.cc 2013-09-11 16:08:38.000000000 +1200 @@ -34,10 +34,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "conffile.hh" #include #include diff -u -r -N squid-3.3.8/tools/purge/conffile.hh squid-3.3.9/tools/purge/conffile.hh --- squid-3.3.8/tools/purge/conffile.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/conffile.hh 2013-09-11 16:08:38.000000000 +1200 @@ -39,16 +39,12 @@ #define _CONFFILE_HH #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL typedef int bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ diff -u -r -N squid-3.3.8/tools/purge/convert.cc squid-3.3.9/tools/purge/convert.cc --- squid-3.3.8/tools/purge/convert.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/convert.cc 2013-09-11 16:08:38.000000000 +1200 @@ -40,9 +40,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif #include "convert.hh" #include diff -u -r -N squid-3.3.8/tools/purge/convert.hh squid-3.3.9/tools/purge/convert.hh --- squid-3.3.8/tools/purge/convert.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/convert.hh 2013-09-11 16:08:38.000000000 +1200 @@ -39,16 +39,12 @@ #define _CONVERT_HH #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL 1 typedef char bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ #include diff -u -r -N squid-3.3.8/tools/purge/copyout.cc squid-3.3.9/tools/purge/copyout.cc --- squid-3.3.8/tools/purge/copyout.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/copyout.cc 2013-09-11 16:08:38.000000000 +1200 @@ -35,10 +35,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "squid.h" #include "copyout.hh" diff -u -r -N squid-3.3.8/tools/purge/copyout.hh squid-3.3.9/tools/purge/copyout.hh --- squid-3.3.8/tools/purge/copyout.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/copyout.hh 2013-09-11 16:08:38.000000000 +1200 @@ -35,16 +35,12 @@ #define _COPYOUT_HH #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL typedef int bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ int diff -u -r -N squid-3.3.8/tools/purge/purge.cc squid-3.3.9/tools/purge/purge.cc --- squid-3.3.8/tools/purge/purge.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/purge.cc 2013-09-11 16:08:38.000000000 +1200 @@ -90,10 +90,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "squid.h" #include "util.h" diff -u -r -N squid-3.3.8/tools/purge/signal.cc squid-3.3.9/tools/purge/signal.cc --- squid-3.3.8/tools/purge/signal.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/signal.cc 2013-09-11 16:08:38.000000000 +1200 @@ -41,11 +41,6 @@ // Initial revision // // - -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "squid.h" #include "signal.hh" diff -u -r -N squid-3.3.8/tools/purge/signal.hh squid-3.3.9/tools/purge/signal.hh --- squid-3.3.8/tools/purge/signal.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/signal.hh 2013-09-11 16:08:38.000000000 +1200 @@ -55,16 +55,12 @@ #endif #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL typedef int bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ #if 1 // so far, all systems I know use void diff -u -r -N squid-3.3.8/tools/purge/socket.cc squid-3.3.9/tools/purge/socket.cc --- squid-3.3.8/tools/purge/socket.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/socket.cc 2013-09-11 16:08:38.000000000 +1200 @@ -42,10 +42,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "socket.hh" #include #include diff -u -r -N squid-3.3.8/tools/purge/socket.hh squid-3.3.9/tools/purge/socket.hh --- squid-3.3.8/tools/purge/socket.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/socket.hh 2013-09-11 16:08:38.000000000 +1200 @@ -45,16 +45,12 @@ #define _SOCKET_HH #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL typedef int bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ #include diff -u -r -N squid-3.3.8/tools/purge/squid-tlv.cc squid-3.3.9/tools/purge/squid-tlv.cc --- squid-3.3.8/tools/purge/squid-tlv.cc 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/squid-tlv.cc 2013-09-11 16:08:38.000000000 +1200 @@ -32,10 +32,6 @@ // Initial revision // // -#if (defined(__GNUC__) || defined(__GNUG__)) && !defined(__clang__) -#pragma implementation -#endif - #include "squid.h" //#include #include "squid-tlv.hh" diff -u -r -N squid-3.3.8/tools/purge/squid-tlv.hh squid-3.3.9/tools/purge/squid-tlv.hh --- squid-3.3.8/tools/purge/squid-tlv.hh 2013-07-14 01:25:14.000000000 +1200 +++ squid-3.3.9/tools/purge/squid-tlv.hh 2013-09-11 16:08:38.000000000 +1200 @@ -35,16 +35,12 @@ #define SQUID_TLV_HH #if !defined(__cplusplus) -#if defined(__GNUC__) || defined(__GNUG__) -#pragma interface -#else #ifndef HAVE_BOOL #define HAVE_BOOL typedef int bool; #define false 0 #define true 1 #endif -#endif #endif /* __cplusplus */ #include