diff -ruN squid-2.5.STABLE7-RC1/ChangeLog squid-2.5.STABLE7-RC2/ChangeLog --- squid-2.5.STABLE7-RC1/ChangeLog Sat Sep 25 05:56:15 2004 +++ squid-2.5.STABLE7-RC2/ChangeLog Mon Sep 27 12:44:40 2004 @@ -25,8 +25,10 @@ - [Medium] Segfaults and other strange crashes when using heap policies. (Bug #1009) - [Minor] Supplementary group memberships not set (Bug #1021) + - [Cosmetic] ERR_TOO_BIG Portugese translation - [Minor] external_acl does not handle newlines (Bug #1038) - - [Major] NTLM authentication denial of service (Bug #1045) + - [Major] NTLM authentication denial of service when using msnt_auth + or fake_auth (Bug #1045) - [Medium] Memory leaks when using NTLM authentication without challenge reuse. (Bug #994) - [Minor] Temporary NTLM memory leak with challenge reuse enabled @@ -39,9 +41,22 @@ - [Minor] cachemgr config dumps mixed up Range and Request-Range headers in http_header_access & replace directives. (Bug #1056) - [Minor] Content-Disposition added as a well known header (Bug #961) + - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD + (Bug #1074) + - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) - [Medium] New acl types to match arbitrary HTTP headers. In addition the http_header_access & replace directivess now support arbitrary headers and not only the well known ones. (Bug #961) + [2.5.STABLE7-RC1] + - [Cosmetic] ncsa_auth now accepts Window formatted password files + (Bug #1078) + - [Cosmetic] Support the --program-prefix/suffix options or other + configure program name transforms (Bug #1019) + - [Minor] Fix race condition in CONNECT and also handle aborts of + CONNECT requests in a more graceful manner. (Bug #859) + - [Minor] New balance_on_multiple_ip directive to work around certain + broken load balancers and optimized ipcache on reload requests + Changes to squid-2.5.STABLE6 (9 Jul 2004) diff -ruN squid-2.5.STABLE7-RC1/Makefile.am squid-2.5.STABLE7-RC2/Makefile.am --- squid-2.5.STABLE7-RC1/Makefile.am Tue Feb 11 19:02:00 2003 +++ squid-2.5.STABLE7-RC2/Makefile.am Sat Sep 25 15:37:35 2004 @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in # -# $Id: Makefile.am,v 1.3.2.14 2003/02/12 02:02:00 hno Exp $ +# $Id: Makefile.am,v 1.3.2.15 2004/09/25 21:37:35 hno Exp $ # AUTOMAKE_OPTIONS = dist-bzip2 subdir-objects 1.5 @@ -8,7 +8,7 @@ SUBDIRS = lib @makesnmplib@ scripts src icons errors doc helpers DISTCLEANFILES = include/stamp-h include/stamp-h[0-9]* -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` dist-hook: @ for subdir in include include/samba/nsswitch; do \ diff -ruN squid-2.5.STABLE7-RC1/Makefile.in squid-2.5.STABLE7-RC2/Makefile.in --- squid-2.5.STABLE7-RC1/Makefile.in Sat Jul 10 06:11:39 2004 +++ squid-2.5.STABLE7-RC2/Makefile.in Sat Sep 25 15:37:58 2004 @@ -14,7 +14,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.6.2.22 2004/07/10 12:11:39 hno Exp $ +# $Id: Makefile.in,v 1.6.2.23 2004/09/25 21:37:58 hno Exp $ # SHELL = @SHELL@ @@ -123,7 +123,7 @@ SUBDIRS = lib @makesnmplib@ scripts src icons errors doc helpers DISTCLEANFILES = include/stamp-h include/stamp-h[0-9]* -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` EXTRA_DIST = \ ChangeLog \ diff -ruN squid-2.5.STABLE7-RC1/RELEASENOTES.html squid-2.5.STABLE7-RC2/RELEASENOTES.html --- squid-2.5.STABLE7-RC1/RELEASENOTES.html Sat Sep 25 09:11:25 2004 +++ squid-2.5.STABLE7-RC2/RELEASENOTES.html Mon Sep 27 13:16:11 2004 @@ -1,13 +1,13 @@ - + Squid 2.5 release notes

Squid 2.5 release notes

-

Squid Developers

$Id: release-2.5.html,v 1.1.2.35 2004/09/25 15:10:25 hno Exp $ +

Squid Developers

$Id: release-2.5.html,v 1.1.2.36 2004/09/27 18:44:40 hno Exp $
This document contains the release notes for version 2.5 of Squid. Squid is a WWW Cache application developed by the National Laboratory @@ -132,6 +132,7 @@
minimum_retry_timeout

This has been removed - it is not referenced anywhere in the source code.

short_icon_urls

New directive to enable an alternative way of referring to icons in FTP directory listings etc.

acl urllogin

New acl type to match the login component of Internet style URLs (protocol://user:password@host/path/to/file)

+
balance_on_multiple_ip

New directive to make it possible to disable the automatic round-robin load balancing on multiple IP addresses normally done by Squid.

@@ -311,6 +312,7 @@ not only the well known headers known by Squid
  • new acl types req_hdr and resp_hdr to match arbitrary HTTP headers, useful to block certain malware/spyware etc.
    • +
  • new balance_on_multiple_ip squid.conf directive
  • a number of other minor and cosmetic bugfixes. See the list of squid-2.5.STABLE6 patches and the ChangeLog file for details.
    • diff -ruN squid-2.5.STABLE7-RC1/configure squid-2.5.STABLE7-RC2/configure --- squid-2.5.STABLE7-RC1/configure Sat Sep 25 09:11:17 2004 +++ squid-2.5.STABLE7-RC2/configure Mon Sep 27 13:15:58 2004 @@ -1000,7 +1000,7 @@ # Define the identity of the package. PACKAGE=squid -VERSION=2.5.STABLE7-RC1 +VERSION=2.5.STABLE7-RC2 cat >> confdefs.h <&6 echo "configure:1057: checking whether to enable maintainer-specific portions of Makefiles" >&5 # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. diff -ruN squid-2.5.STABLE7-RC1/configure.in squid-2.5.STABLE7-RC2/configure.in --- squid-2.5.STABLE7-RC1/configure.in Sat Sep 25 09:11:17 2004 +++ squid-2.5.STABLE7-RC2/configure.in Mon Sep 27 13:15:58 2004 @@ -3,15 +3,15 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.251.2.64 2004/09/25 15:03:09 hno Exp $ +dnl $Id: configure.in,v 1.251.2.66 2004/09/27 19:14:57 hno Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_AUX_DIR(cfgaux) -AM_INIT_AUTOMAKE(squid, 2.5.STABLE7-RC1) +AM_INIT_AUTOMAKE(squid, 2.5.STABLE7-RC2) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.251.2.64 $)dnl +AC_REVISION($Revision: 1.251.2.66 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE diff -ruN squid-2.5.STABLE7-RC1/helpers/basic_auth/NCSA/ncsa_auth.c squid-2.5.STABLE7-RC2/helpers/basic_auth/NCSA/ncsa_auth.c --- squid-2.5.STABLE7-RC1/helpers/basic_auth/NCSA/ncsa_auth.c Wed Aug 20 06:35:51 2003 +++ squid-2.5.STABLE7-RC2/helpers/basic_auth/NCSA/ncsa_auth.c Sat Sep 25 14:53:17 2004 @@ -88,8 +88,8 @@ if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || (buf[0] == '\n')) continue; - user = strtok(buf, ":\n"); - passwd = strtok(NULL, ":\n"); + user = strtok(buf, ":\n\r"); + passwd = strtok(NULL, ":\n\r"); if ((strlen(user) > 0) && passwd) { u = xmalloc(sizeof(*u)); u->user = xstrdup(user); diff -ruN squid-2.5.STABLE7-RC1/include/version.h squid-2.5.STABLE7-RC2/include/version.h --- squid-2.5.STABLE7-RC1/include/version.h Sat Sep 25 09:11:17 2004 +++ squid-2.5.STABLE7-RC2/include/version.h Mon Sep 27 13:15:58 2004 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1096125074 +#define SQUID_RELEASE_TIME 1096312556 #endif diff -ruN squid-2.5.STABLE7-RC1/src/Makefile.am squid-2.5.STABLE7-RC2/src/Makefile.am --- squid-2.5.STABLE7-RC1/src/Makefile.am Sun Nov 10 08:30:03 2002 +++ squid-2.5.STABLE7-RC2/src/Makefile.am Sat Sep 25 15:37:35 2004 @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.16.2.9 2002/11/10 15:30:03 hno Exp $ +# $Id: Makefile.am,v 1.16.2.10 2004/09/25 21:37:35 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -273,16 +273,16 @@ DEFAULT_PREFIX = $(prefix) DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf -DEFAULT_DNSSERVER = $(libexecdir)/dnsserver$(EXEEXT) +DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOG_PREFIX = $(localstatedir)/logs DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid DEFAULT_SWAP_DIR = $(localstatedir)/cache -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) -DEFAULT_UNLINKD = $(libexecdir)/unlinkd$(EXEEXT) -DEFAULT_DISKD = $(libexecdir)/diskd$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ DEFAULT_MIB_PATH = $(datadir)/mib.txt diff -ruN squid-2.5.STABLE7-RC1/src/Makefile.in squid-2.5.STABLE7-RC2/src/Makefile.in --- squid-2.5.STABLE7-RC1/src/Makefile.in Wed Sep 1 04:30:29 2004 +++ squid-2.5.STABLE7-RC2/src/Makefile.in Sat Sep 25 15:37:59 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.225.2.19 2004/09/01 10:30:29 hno Exp $ +# $Id: Makefile.in,v 1.225.2.20 2004/09/25 21:37:59 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -375,16 +375,16 @@ DEFAULT_PREFIX = $(prefix) DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf -DEFAULT_DNSSERVER = $(libexecdir)/dnsserver$(EXEEXT) +DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOG_PREFIX = $(localstatedir)/logs DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid DEFAULT_SWAP_DIR = $(localstatedir)/cache -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) -DEFAULT_UNLINKD = $(libexecdir)/unlinkd$(EXEEXT) -DEFAULT_DISKD = $(libexecdir)/diskd$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ DEFAULT_MIB_PATH = $(datadir)/mib.txt diff -ruN squid-2.5.STABLE7-RC1/src/auth/basic/auth_basic.c squid-2.5.STABLE7-RC2/src/auth/basic/auth_basic.c --- squid-2.5.STABLE7-RC1/src/auth/basic/auth_basic.c Sat Jul 17 13:53:25 2004 +++ squid-2.5.STABLE7-RC2/src/auth/basic/auth_basic.c Sat Sep 25 15:03:49 2004 @@ -1,5 +1,5 @@ /* - * $Id: auth_basic.c,v 1.14.2.7 2004/07/17 19:53:25 hno Exp $ + * $Id: auth_basic.c,v 1.14.2.8 2004/09/25 21:03:49 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -309,10 +309,11 @@ storeAppendPrintf(entry, " %s", list->key); list = list->next; } - storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s children %d\n%s %s credentialsttl %d seconds\n", + storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s children %d\n%s %s credentialsttl %d seconds\n%s %s casesensitive %s\n", name, "basic", config->basicAuthRealm, name, "basic", config->authenticateChildren, - name, "basic", (int) config->credentialsTTL); + name, "basic", (int) config->credentialsTTL, + name, "basic", config->casesensitive ? "on" : "off"); } diff -ruN squid-2.5.STABLE7-RC1/src/cf.data.pre squid-2.5.STABLE7-RC2/src/cf.data.pre --- squid-2.5.STABLE7-RC1/src/cf.data.pre Sat Sep 25 05:56:16 2004 +++ squid-2.5.STABLE7-RC2/src/cf.data.pre Mon Sep 27 12:17:38 2004 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.245.2.73 2004/09/25 11:56:16 hno Exp $ +# $Id: cf.data.pre,v 1.245.2.75 2004/09/27 18:17:38 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1491,6 +1491,7 @@ auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours +auth_param basic casesensitive off NOCOMMENT_END DOC_END @@ -3847,6 +3848,19 @@ By enabling this directive Squid attempts to detect such broken replies and automatically assume the reply is finished after 10 seconds timeout. +DOC_END + +NAME: balance_on_multiple_ip +TYPE: onoff +LOC: Config.onoff.balance_on_multiple_ip +DEFAULT: on +DOC_START + Some load balancing servers based on round robin DNS have been + found not to preserve user session state across requests + to different IP addresses. + + By default Squid rotates IP's per request. By disabling + this directive only connection failure trigers rotation. DOC_END NAME: pipeline_prefetch diff -ruN squid-2.5.STABLE7-RC1/src/client_side.c squid-2.5.STABLE7-RC2/src/client_side.c --- squid-2.5.STABLE7-RC1/src/client_side.c Sat Jul 17 10:15:31 2004 +++ squid-2.5.STABLE7-RC2/src/client_side.c Mon Sep 27 12:17:38 2004 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.561.2.58 2004/07/17 16:15:31 hno Exp $ + * $Id: client_side.c,v 1.561.2.59 2004/09/27 18:17:38 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -2325,13 +2325,23 @@ e = http->entry = storeGetPublicByRequest(r); else e = http->entry = NULL; - /* Release negatively cached IP-cache entries on reload */ - if (r->flags.nocache) + /* Release IP-cache entries on reload */ + if (r->flags.nocache) { +#if USE_DNSSERVERS ipcacheInvalidate(r->host); +#else + ipcacheInvalidateNegative(r->host); +#endif /* USE_DNSSERVERS */ + } #if HTTP_VIOLATIONS - else if (r->flags.nocache_hack) + else if (r->flags.nocache_hack) { +#if USE_DNSSERVERS ipcacheInvalidate(r->host); -#endif +#else + ipcacheInvalidateNegative(r->host); +#endif /* USE_DNSSERVERS */ + } +#endif /* HTTP_VIOLATIONS */ #if USE_CACHE_DIGESTS http->lookup_type = e ? "HIT" : "MISS"; #endif diff -ruN squid-2.5.STABLE7-RC1/src/comm.c squid-2.5.STABLE7-RC2/src/comm.c --- squid-2.5.STABLE7-RC1/src/comm.c Sat Nov 29 11:52:59 2003 +++ squid-2.5.STABLE7-RC2/src/comm.c Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: comm.c,v 1.324.2.3 2003/11/29 18:52:59 hno Exp $ + * $Id: comm.c,v 1.324.2.4 2004/09/27 18:17:39 hno Exp $ * * DEBUG: section 5 Socket Functions * AUTHOR: Harvest Derived @@ -290,7 +290,8 @@ } assert(ia->cur < ia->count); cs->in_addr = ia->in_addrs[ia->cur]; - ipcacheCycleAddr(cs->host, NULL); + if (Config.onoff.balance_on_multiple_ip) + ipcacheCycleAddr(cs->host, NULL); cs->addrcount = ia->count; cs->connstart = squid_curtime; commConnectHandle(cs->fd, cs); diff -ruN squid-2.5.STABLE7-RC1/src/ipcache.c squid-2.5.STABLE7-RC2/src/ipcache.c --- squid-2.5.STABLE7-RC1/src/ipcache.c Thu Feb 12 02:32:09 2004 +++ squid-2.5.STABLE7-RC2/src/ipcache.c Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: ipcache.c,v 1.236.2.3 2004/02/12 09:32:09 hno Exp $ + * $Id: ipcache.c,v 1.236.2.4 2004/09/27 18:17:39 hno Exp $ * * DEBUG: section 14 IP Cache * AUTHOR: Harvest Derived @@ -116,6 +116,7 @@ static void ipcacheRelease(ipcache_entry * i) { + debug(14, 3) ("ipcacheRelease: Releasing entry for '%s'\n", (const char *) i->hash.key); hash_remove_link(ip_table, (hash_link *) i); dlinkDelete(&i->lru, &lru_list); ipcacheFreeEntry(i); @@ -332,7 +333,7 @@ return i; } assert(answers); - for (j = 0, k = 0; k < nr; k++) { + for (k = 0; k < nr; k++) { if (answers[k].type != RFC1035_TYPE_A) continue; if (answers[k].class != RFC1035_CLASS_IN) @@ -582,6 +583,20 @@ */ } +void +ipcacheInvalidateNegative(const char *name) +{ + ipcache_entry *i; + if ((i = ipcache_get(name)) == NULL) + return; + if (i->flags.negcached) + i->expires = squid_curtime; + /* + * NOTE, don't call ipcacheRelease here becuase we might be here due + * to a thread started from a callback. + */ +} + ipcache_addrs * ipcacheCheckNumeric(const char *name) { @@ -669,6 +684,7 @@ if (!ia->bad_mask[k]) { ia->bad_mask[k] = TRUE; ia->badcount++; + i->expires = XMIN(squid_curtime + XMAX(60, Config.negativeDnsTtl), i->expires); debug(14, 2) ("ipcacheMarkBadAddr: %s [%s]\n", name, inet_ntoa(addr)); } ipcacheCycleAddr(name, ia); diff -ruN squid-2.5.STABLE7-RC1/src/protos.h squid-2.5.STABLE7-RC2/src/protos.h --- squid-2.5.STABLE7-RC1/src/protos.h Wed Feb 4 10:42:28 2004 +++ squid-2.5.STABLE7-RC2/src/protos.h Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.420.2.22 2004/02/04 17:42:28 hno Exp $ + * $Id: protos.h,v 1.420.2.23 2004/09/27 18:17:39 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -585,10 +585,9 @@ extern EVH ipcache_purgelru; extern const ipcache_addrs *ipcache_gethostbyname(const char *, int flags); extern void ipcacheInvalidate(const char *); -extern void ipcacheReleaseInvalid(const char *); +extern void ipcacheInvalidateNegative(const char *); extern void ipcache_init(void); extern void stat_ipcache_get(StoreEntry *); -extern int ipcacheQueueDrain(void); extern void ipcacheCycleAddr(const char *name, ipcache_addrs *); extern void ipcacheMarkBadAddr(const char *name, struct in_addr); extern void ipcacheMarkGoodAddr(const char *name, struct in_addr); diff -ruN squid-2.5.STABLE7-RC1/src/ssl.c squid-2.5.STABLE7-RC2/src/ssl.c --- squid-2.5.STABLE7-RC1/src/ssl.c Mon Jun 7 15:20:34 2004 +++ squid-2.5.STABLE7-RC2/src/ssl.c Mon Sep 27 12:07:30 2004 @@ -1,6 +1,6 @@ /* - * $Id: ssl.c,v 1.118.2.6 2004/06/07 21:20:34 hno Exp $ + * $Id: ssl.c,v 1.118.2.7 2004/09/27 18:07:30 hno Exp $ * * DEBUG: section 26 Secure Sockets Layer Proxy * AUTHOR: Duane Wessels @@ -51,6 +51,7 @@ #if DELAY_POOLS delay_id delay_id; #endif + int connected; } SslStateData; static const char *const conn_established = "HTTP/1.0 200 Connection established\r\n\r\n"; @@ -91,7 +92,9 @@ debug(26, 3) ("sslClientClosed: FD %d\n", fd); assert(fd == sslState->client.fd); sslState->client.fd = -1; - if (sslState->server.fd == -1) + if (sslState->server.fd != -1) + comm_close(sslState->server.fd); + else sslStateFree(sslState); } @@ -152,7 +155,9 @@ } else if (sslState->client.len == 0) { comm_close(sslState->server.fd); } - if (sslState->server.fd > -1) { + if (!sslState->connected) { + /* Not yet connected. wait.. */ + } else if (sslState->server.fd > -1) { if (sslState->client.len > 0) { commSetSelect(sslState->server.fd, COMM_SELECT_WRITE, @@ -354,13 +359,7 @@ { SslStateData *sslState = data; debug(26, 3) ("sslTimeout: FD %d\n", fd); - /* temporary lock to save our own feets (comm_close -> sslClientClosed -> Free) */ - cbdataLock(sslState); - if (sslState->client.fd > -1) - comm_close(sslState->client.fd); - if (sslState->server.fd > -1) - comm_close(sslState->server.fd); - cbdataUnlock(sslState); + comm_close(sslState->client.fd); } static void @@ -379,13 +378,7 @@ { SslStateData *sslState = data; assert(sslState != NULL); - /* temporary lock to save our own feets (comm_close -> sslClientClosed -> Free) */ - cbdataLock(sslState); - if (sslState->client.fd > -1) - comm_close(sslState->client.fd); - if (sslState->server.fd > -1) - comm_close(sslState->server.fd); - cbdataUnlock(sslState); + comm_close(sslState->client.fd); } @@ -424,6 +417,7 @@ err->callback_data = sslState; errorSend(sslState->client.fd, err); } else { + sslState->connected = 1; if (sslState->servers->peer) sslProxyConnected(sslState->server.fd, sslState); else @@ -557,19 +551,11 @@ Config.Timeout.lifetime, sslTimeout, sslState); - commSetTimeout(sslState->server.fd, - Config.Timeout.connect, - sslConnectTimeout, - sslState); + sslSetSelect(sslState); peerSelect(request, NULL, sslPeerSelectComplete, sslState); - /* - * Disable the client read handler until peer selection is complete - * Take control away from client_side.c. - */ - commSetSelect(sslState->client.fd, COMM_SELECT_READ, NULL, NULL, 0); } static void @@ -599,10 +585,6 @@ debug(26, 3) ("sslProxyConnected: Sending {%s}\n", sslState->client.buf); sslState->client.len = mb.size; memBufClean(&mb); - commSetTimeout(sslState->server.fd, - Config.Timeout.read, - sslTimeout, - sslState); sslSetSelect(sslState); } @@ -647,6 +629,10 @@ sslState->delay_id = 0; } #endif + commSetTimeout(sslState->server.fd, + Config.Timeout.connect, + sslConnectTimeout, + sslState); commConnectStart(sslState->server.fd, sslState->host, sslState->port, diff -ruN squid-2.5.STABLE7-RC1/src/structs.h squid-2.5.STABLE7-RC2/src/structs.h --- squid-2.5.STABLE7-RC1/src/structs.h Sat Sep 25 05:56:16 2004 +++ squid-2.5.STABLE7-RC2/src/structs.h Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.408.2.26 2004/09/25 11:56:16 hno Exp $ + * $Id: structs.h,v 1.408.2.27 2004/09/27 18:17:39 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -604,6 +604,7 @@ int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; + int balance_on_multiple_ip; } onoff; acl *aclList; struct {