You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2014/11/19 00:11:36 UTC
[1/2] trafficserver git commit: TS-2417 Add forward secrecy support
with DHE
Repository: trafficserver
Updated Branches:
refs/heads/master b0d8e2a52 -> 5e60704dd
TS-2417 Add forward secrecy support with DHE
Review: Susan H. & Leif
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/f1aec358
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/f1aec358
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/f1aec358
Branch: refs/heads/master
Commit: f1aec358f45207d9e3f20ffb972e32aa087078b0
Parents: b0d8e2a
Author: John Eaglesham <je...@8192.net>
Authored: Tue Nov 18 15:37:49 2014 -0700
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Tue Nov 18 15:44:59 2014 -0700
----------------------------------------------------------------------
.../configuration/records.config.en.rst | 7 ++
iocore/net/P_SSLConfig.h | 1 +
iocore/net/SSLConfig.cc | 3 +
iocore/net/SSLUtils.cc | 97 ++++++++++++++++++++
lib/perl/lib/Apache/TS/AdminClient.pm | 1 +
mgmt/RecordsConfig.cc | 2 +
6 files changed, 111 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index ded0832..0fbdd2d 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -2152,6 +2152,13 @@ SSL Termination
Unless this is an absolute path, it is loaded relative to the
path specified by :ts:cv:`proxy.config.ssl.server.cert.path`.
+.. ts:cv:: CONFIG proxy.config.ssl.server.dhparams_file STRING NULL
+
+ The name of a file containing a set of Diffie-Hellman key exchange
+ parameters. If not specified, 2048-bit DH parameters from RFC 5114 are
+ used. These parameters are only used if a DHE (or EDH) cipher suite has
+ been selected.
+
.. ts:cv:: CONFIG proxy.config.ssl.CA.cert.path STRING NULL
The location of the certificate authority file that client
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/iocore/net/P_SSLConfig.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index a3cb3ed..5388346 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -65,6 +65,7 @@ struct SSLConfigParams : public ConfigInfo
char * serverCACertFilename;
char * serverCACertPath;
char * configFilePath;
+ char * dhparamsFile;
char * cipherSuite;
char * client_cipherSuite;
int clientCertLevel;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/iocore/net/SSLConfig.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index cbfee9c..64025f1 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -69,6 +69,7 @@ SSLConfigParams::SSLConfigParams()
clientCACertPath =
cipherSuite =
client_cipherSuite =
+ dhparamsFile =
serverKeyPathOnly = NULL;
clientCertLevel = client_verify_depth = verify_depth = clientVerify = 0;
@@ -103,6 +104,7 @@ SSLConfigParams::cleanup()
ats_free_null(serverKeyPathOnly);
ats_free_null(cipherSuite);
ats_free_null(client_cipherSuite);
+ ats_free_null(dhparamsFile);
clientCertLevel = client_verify_depth = verify_depth = clientVerify = 0;
}
@@ -156,6 +158,7 @@ SSLConfigParams::initialize()
REC_ReadConfigInt32(clientCertLevel, "proxy.config.ssl.client.certification_level");
REC_ReadConfigStringAlloc(cipherSuite, "proxy.config.ssl.server.cipher_suite");
REC_ReadConfigStringAlloc(client_cipherSuite, "proxy.config.ssl.client.cipher_suite");
+ REC_ReadConfigStringAlloc(dhparamsFile, "proxy.config.ssl.server.dhparams_file");
int options;
int client_ssl_options;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index a6ef4b7..1755c0c 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -35,6 +35,8 @@
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/rand.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
#include <unistd.h>
#include <termios.h>
@@ -351,6 +353,98 @@ ssl_context_enable_sni(SSL_CTX * ctx, SSLCertLookup * /*lookup*/)
return ctx;
}
+/* Build 2048-bit MODP Group with 256-bit Prime Order Subgroup from RFC 5114 */
+static DH *get_dh2048()
+{
+ static const unsigned char dh2048_p[] = {
+ 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
+ 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
+ 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
+ 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
+ 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
+ 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
+ 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
+ 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
+ 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
+ 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
+ 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
+ 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
+ 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
+ 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
+ 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
+ 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
+ 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
+ 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
+ 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
+ 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
+ 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
+ 0x1E, 0x1A, 0x15, 0x97
+ };
+ static const unsigned char dh2048_g[] = {
+ 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
+ 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
+ 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
+ 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
+ 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
+ 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
+ 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
+ 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
+ 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
+ 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
+ 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
+ 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
+ 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
+ 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
+ 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
+ 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
+ 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
+ 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
+ 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
+ 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
+ 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
+ 0x6C, 0xC4, 0x16, 0x59
+ };
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL) return(NULL);
+ dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_free(dh);
+ return(NULL);
+ }
+ return(dh);
+}
+
+static SSL_CTX *
+ssl_context_enable_dhe(const char * dhparams_file, SSL_CTX * ctx)
+{
+ DH * server_dh;
+
+ if (dhparams_file) {
+ scoped_BIO bio(BIO_new_file(dhparams_file, "r"));
+ server_dh = PEM_read_bio_DHparams(bio.get(), NULL, NULL, NULL);
+ } else {
+ server_dh = get_dh2048();
+ }
+
+ if (!server_dh) {
+ Error("SSL dhparams source returned invalid parameters");
+ return NULL;
+ }
+
+ if (!SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE) ||
+ !SSL_CTX_set_tmp_dh(ctx, server_dh)) {
+ DH_free(server_dh);
+ Error("failed to configure SSL DH");
+ return NULL;
+ }
+
+ DH_free(server_dh);
+
+ return ctx;
+}
+
static SSL_CTX *
ssl_context_enable_ecdh(SSL_CTX * ctx)
{
@@ -1290,6 +1384,9 @@ SSLInitServerContext(
SSL_CTX_set_default_passwd_cb_userdata(CTX, NULL);\
}
SSL_CLEAR_PW_REFERENCES(ud,ctx)
+ if (!ssl_context_enable_dhe(params->dhparamsFile, ctx)) {
+ goto fail;
+ }
return ssl_context_enable_ecdh(ctx);
fail:
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/lib/perl/lib/Apache/TS/AdminClient.pm
----------------------------------------------------------------------
diff --git a/lib/perl/lib/Apache/TS/AdminClient.pm b/lib/perl/lib/Apache/TS/AdminClient.pm
index 0dc4a8a..676ad74 100644
--- a/lib/perl/lib/Apache/TS/AdminClient.pm
+++ b/lib/perl/lib/Apache/TS/AdminClient.pm
@@ -701,6 +701,7 @@ The Apache Traffic Server Administration Manual will explain what these strings
proxy.config.ssl.server.cert.path
proxy.config.ssl.server.cipher_suite
proxy.config.ssl.server.honor_cipher_order
+ proxy.config.ssl.server.dhparams_file
proxy.config.ssl.SSLv2
proxy.config.ssl.SSLv3
proxy.config.ssl.TLSv1
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f1aec358/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 3c659e5..3fbbfdd 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1311,6 +1311,8 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.allow_client_renegotiation", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
+ {RECT_CONFIG, "proxy.config.ssl.server.dhparams_file", RECD_STRING, NULL, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
+ ,
//##############################################################################
//#
//# OCSP (Online Certificate Status Protocol) Stapling Configuration
[2/2] trafficserver git commit: Update CHANGES and fix indentation
and punctuation.
Posted by zw...@apache.org.
Update CHANGES and fix indentation and punctuation.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/5e60704d
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/5e60704d
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/5e60704d
Branch: refs/heads/master
Commit: 5e60704dd4f6d512ac6ef8701ce6675bb1bbd64b
Parents: f1aec35
Author: Leif Hedstrom <zw...@apache.org>
Authored: Tue Nov 18 15:44:16 2014 -0700
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Tue Nov 18 15:45:50 2014 -0700
----------------------------------------------------------------------
CHANGES | 87 +++++++++++++++++++++++++++++++++---------------------------
1 file changed, 48 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5e60704d/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index d996913..8537d90 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,15 +1,18 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 5.2.0
+ *) [TS-2417] Add forward secrecy support with DHE.
+ Author: John Eaglesham <je...@8192.net>
+
*) [TS-3202] Enforce token character constraints on method field in HTTP header.
*) [TS-2009] Fail HTTP header parsing for null characters.
- *) [TS-3153] Ability to disable/modify NPN advertisement list based on SNI
+ *) [TS-3153] Ability to disable/modify NPN advertisement list based on SNI.
*) [TS-3196] Prevent crash due to de-allocated read VIO continuation.
- *) [TS-3199] Do not wait for body for HEAD method
+ *) [TS-3199] Do not wait for body for HEAD method.
*) [TS-3192] Implement proxy.config.config_dir.
@@ -17,35 +20,36 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-3194] Remove unused proxy.config.plugin.plugin_mgmt_dir configuration.
- *) [TS-3185] Increase the default spdy initial_window_size_in setting to 1 mb
+ *) [TS-3185] Increase the default spdy initial_window_size_in setting to 1MB.
- *) [TS-3178] ProxyAllocators Improvements
+ *) [TS-3178] ProxyAllocators Improvements.
- *) [TS-2812] Initial version of header_normalize plugin
+ *) [TS-2812] Initial version of header_normalize plugin.
*) [TS-2959] Fix compiler issue for MultiCache.
*) [TS-3155] Added value_get_index to MimeField.
- *) [TS-3184] spdy window_update not triggered correctly
+ *) [TS-3184] spdy window_update not triggered correctly.
*) [TS-3024] Build with OPENSSL_NO_SSL_INTERN
Author: Susan Hinrichs <sh...@network-geographics.com>
- *) [TS-1175] Replace LogBuffer's new/delete buffer alloc with ioBufAllocator
+ *) [TS-1175] Replace LogBuffer's new/delete buffer alloc with
+ ioBufAllocator.
- *) [TS-1432] Adding TSMutexDestroy API
+ *) [TS-1432] Adding TSMutexDestroy API.
*) [TS-3171] Minor style updates to Tokenizer interface.
*) [TS-3156] Remove MutexLock bool operators.
Author: Powell Molleti <po...@yahoo-inc.com>
- *) [TS-2682] Add per remap support for background fetch plugin
+ *) [TS-2682] Add per remap support for background fetch plugin.
*) [TS-2683]: Enhance the bg fetch plugin to support configuration
control with inclusion/exclusion criteria based on client-ip
- or any header
+ or any header.
*) [TS-3149] Move Via decode out of traffic_line and make a separate tool.
Author: Meera Mosale Nataraja <me...@gmail.com>
@@ -67,13 +71,13 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-3152] stop offerring HTTP/2 over TLS by default.
- *) [TS-3060] Fix memory leak in cleaning up tunnel resources
+ *) [TS-3060] Fix memory leak in cleaning up tunnel resources.
*) [TS-3147] Improvements fo ESI plugin.
*) [TS-3145] Add traffic_line --backtrace option.
- *) [TS-2503]: Dynamic TLS Record Sizing for better page load latencies
+ *) [TS-2503]: Dynamic TLS Record Sizing for better page load latencies.
*) [TS-3139] New script, traffic_primer, which will fetch a URL from origin
(or another proxy) and PUSH the same object to a given set of
@@ -82,30 +86,32 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-3135] Disable SSLv3 by default. This can be enabled again by adding a
line to records.config for proxy.config.ssl.SSLv3.
- *) [TS-3129] Parent proxy configuration does not work for incoming HTTPS requests
+ *) [TS-3129] Parent proxy configuration does not work for incoming HTTPS
+ requests.
- *) [TS-3127] Add config for OpenSSL session cache auto clear
+ *) [TS-3127] Add config for OpenSSL session cache auto clear.
- *) [TS-3125] SSL ctx is set to a constant allowing for potential inappropriate session reuse
+ *) [TS-3125] SSL ctx is set to a constant allowing for potential
+ inappropriate session reuse.
- *) [TS-3060] Enhance POST timeout scenario to send HTTP status response
+ *) [TS-3060] Enhance POST timeout scenario to send HTTP status response.
*) [TS-3120] Overlapping remap rank when using .include directives.
Author: Feifei Cai <ff...@yahoo-inc.com>
- *) [TS-3080] Optimized SSL session caching
+ *) [TS-3080] Optimized SSL session caching.
- *) [TS-3121] Prevent sending garbage HTTP/0.8 responses from SPDY
+ *) [TS-3121] Prevent sending garbage HTTP/0.8 responses from SPDY.
- *) [TS-3116] Add support for tracking the use of the ioBuffers
+ *) [TS-3116] Add support for tracking the use of the ioBuffers.
- *) [TS-3106] Keep Alive not correctly applied to errored pages
+ *) [TS-3106] Keep Alive not correctly applied to errored pages.
*) [TS-3109] Fix traffic_layout libhwloc linking on Ubuntu.
- *) [TS-2314] - remove possible invalid array index access from debug log
+ *) [TS-2314] - remove possible invalid array index access from debug log.
- *) [TS-3112] - Add null pointer check for contp
+ *) [TS-3112] - Add null pointer check for contp.
*) [TS-3103] Improve privilege elevation.
@@ -117,15 +123,16 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-2289] Removed old unused AIO modes.
- *) [TS-3098] Fix the ability to configure keep-alive on post to the origin
+ *) [TS-3098] Fix the ability to configure keep-alive on post to the origin.
- *) [TS-3085] Large POSTs over (relatively) slower connections failing
+ *) [TS-3085] Large POSTs over (relatively) slower connections failing.
- *) [TS-3092] Set SSL CTX timeout regardless of Session Cache
+ *) [TS-3092] Set SSL CTX timeout regardless of Session Cache.
*) [TS-2095] Replace TS_FLAG_HEADERS wich AC_CHECK_HEADERS.
- *) [TS-2314] New config to allow unsatifiable Range: request to go straight to Origin
+ *) [TS-2314] New config to allow unsatifiable Range: request to go straight
+ to Origin.
*) [TS-3006] Add SSL extensions and examples.
Author: Susan Hinrichs <sh...@network-geographics.com>
@@ -142,7 +149,8 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-3059] Add the TSTextLogObjectRollingSizeMbSet API function.
Author: Brian Rectanus <br...@qualys.com>
- *) [TS-3081] FetchSM needs to notify body done, when no more read bytes in the buffer.
+ *) [TS-3081] FetchSM needs to notify body done, when no more read bytes in
+ the buffer.
*) [TS-2945] Add target port number support to the balancer plugin.
@@ -150,33 +158,34 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-3076] Fix minor strtok_r errors.
- *) [TS-2938] fix core dump in 307 redirect follow handling
+ *) [TS-2938] fix core dump in 307 redirect follow handling.
- *) [TS-3035] fix duplicate logging on error transactions
+ *) [TS-3035] fix duplicate logging on error transactions.
- *) [TS-2955] support variable expansion in set-redirect operator for header_rewrite
+ *) [TS-2955] support variable expansion in set-redirect operator for header_rewrite.
- *) [TS-3023] Support space separated values in inline plugin parameters in remap rules
+ *) [TS-3023] Support space separated values in inline plugin parameters in
+ remap rules.
*) [TS-3051] Fix libaio error handling.
*) [TS-3071] Optionally emit JSON numbers in stats_over_http.
Thanks to Saltuk Alakus <sa...@gmail.com>
- *) [TS-3069] Add mysql_remap to autoconf
+ *) [TS-3069] Add mysql_remap to autoconf.
*) [TS-3066] Fix various build issues for OmniOS, broken since 5.0.x.
*) [TS-407] Cleanup the syslog facility setup for traffic_server.
- *) [TS-3049] - Enhance FetchSM to handle response with "Connection:Close" header
- and limit the response header/body duplication to non-streaming scenarios for backward
- compatibility with TSFetchUrl()
+ *) [TS-3049] - Enhance FetchSM to handle response with "Connection:Close"
+ header and limit the response header/body duplication to non-streaming
+ scenarios for backward compatibility with TSFetchUrl().
*) [TS-3039] Plug SSL memory leaks in OCSP stapling support.
- *) [TS-2832] docs: Add links from an API description to the source
- code for that object
+ *) [TS-2832] docs: Add links from an API description to the source code for
+ that object.
*) [TS-3020] Blind Tunnel fake request URL is IPv4 only.
Author: Patrick McGleenon <Pa...@openwave.com>
@@ -206,12 +215,12 @@ Changes with Apache Traffic Server 5.2.0
*) [TS-2983] Fix protocol probe to not skip data.
- *) [TS-3026] SPDY not forwarding Accept-Encoding for FF
+ *) [TS-3026] SPDY not forwarding Accept-Encoding for FF.
*) [TS-2970] Fix assertions with transparent pass through.
Author: Susan Hinrichs <sh...@network-geographics.com>
- *) [TS-3150] atscppapi should support streaming HTTP fetch
+ *) [TS-3150] atscppapi should support streaming HTTP fetch.
Changes with Apache Traffic Server 5.1.0