Changes since version 1.5-dev12 : Cyril Bonté (1): BUILD: fix compilation error with DEBUG_FULL Emeric Brun (23): MINOR: ssl: try to load Diffie-Hellman parameters from cert file DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation DOC: ssl: add 'ecdhe' statement on 'bind' MEDIUM: ssl: add client certificate authentication support DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind' MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present DOC: ssl: add fetch and ACL 'client_cert' MINOR: ssl: add ignore verify errors options DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind' MINOR: ssl: add fetch and ACL 'ssl_verify_result' DOC: ssl: add fetch and ACL 'ssl_verify_result' MINOR: ssl: add fetches and ACLs to return verify errors DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth' MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1 MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. MEDIUM: config: authorize frontend and listen without bind. MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption DOC: ssl: add 'no-tls-tickets' statement documentation. BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified. BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature. Guillaume Castagnino (1): DOC: duplicate ssl_sni section Willy Tarreau (43): MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection BUG/MAJOR: ssl: missing tests in ACL fetch functions MINOR: config: add a function to indent error messages REORG: split "protocols" files into protocol and listener MEDIUM: config: replace ssl_conf by bind_conf CLEANUP: listener: remove unused conf->file and conf->line MEDIUM: listener: add a minimal framework to register "bind" keyword options MEDIUM: config: move the "bind" TCP parameters to proto_tcp MEDIUM: move bind SSL parsing to ssl_sock MINOR: config: improve error reporting for "bind" lines MEDIUM: config: move the common "bind" settings to listener.c MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c MEDIUM: config: enumerate full list of registered "bind" keywords upon error MINOR: listener: add a scope field in the bind keyword lists MINOR: config: pass the file and line to config keyword parsers MINOR: stats: fill the file and line numbers in the stats frontend MINOR: config: set the bind_conf entry on listeners created from a "listen" line. MAJOR: listeners: use dual-linked lists to chain listeners with frontends REORG: listener: move unix perms from the listener to the bind_conf BUG: backend: balance hdr was broken since 1.5-dev11 MINOR: standard: make memprintf() support a NULL destination MINOR: config: make str2listener() use memprintf() to report errors. MEDIUM: stats: remove the stats_sock struct from the global struct MINOR: ssl: set the listeners' data layer to ssl during parsing MEDIUM: stats: make use of the standard "bind" parsers to parse global socket DOC: move bind options to their own section DOC: stats: refer to "bind" section for "stats socket" settings DOC: fix index to reference bind and server options BUG: http: do not print garbage on invalid requests in debug mode BUG/MINOR: config: check the proper pointer to report unknown protocol CLEANUP: connection: offer conn_prepare() to set up a connection CLEANUP: config: fix typo inteface => interface BUG: stats: fix regression introduced by commit 4348fad1 MINOR: cli: allow to set frontend maxconn to zero BUG/MAJOR: http: chunk parser was broken with buffer changes MEDIUM: monitor: simplify handling of monitor-net and mode health MINOR: connection: add a pointer to the connection owner MEDIUM: connection: make use of the owner instead of container_of BUG/MINOR: ssl: report the L4 connection as established when possible BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload BUG/MINOR: config: use a copy of the file name in proxy configurations BUG/MEDIUM: listener: don't pause protocols that do not support it MEDIUM: proxy: add the global frontend to the list of normal proxies