Changes since version 3.3-dev8 :

Amaury Denoyelle (11):
      CLEANUP: quic: fix typo in quic_tx trace
      TESTS: quic: add unit-tests for QUIC TX part
      MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant
      BUG/MINOR: quic: properly support GSO on backend side
      BUG/MINOR: hq-interop: adjust parsing/encoding on backend side
      OPTIM: check: do not delay MUX for ALPN if SSL not active
      BUG/MEDIUM: checks: fix ALPN inheritance from server
      BUG/MINOR: check: ensure checks are compatible with QUIC servers
      MINOR: check: reject invalid check config on a QUIC server
      MINOR: quic: display build warning for compat layer on recent OpenSSL
      DOC: quic: clarifies limited-quic support

Aurelien DARRAGON (2):
      BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init
      MINOR: stats-file: use explicit unsigned integer bitshift for user slots

Christopher Faulet (27):
      BUG/MINOR: acl: Fix error message about several '-m' parameters
      MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function
      BUG/MEDIUM: server: Use sni as pool connection name for SSL server only
      BUG/MINOR: server: Update healthcheck when server settings are changed via CLI
      OPTIM: backend: Don't set SNI for non-ssl connections
      OPTIM: proto_rhttp: Don't set SNI for non-ssl connections
      OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections
      BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections
      MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default
      MEDIUM: httpcheck/ssl: Base the SNI value on the HTTP host header by default
      OPTIM: tcpcheck: Reorder tcpchek_connect structure fields to fill holes
      REGTESTS: ssl: Add a script to test the automatic SNI selection
      REGTESTS: ssl: Fix the script about automatic SNI selection
      BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations
      MINOR: pools: Don't dump anymore info about pools when purge is forced
      BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught
      BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states
      BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full
      BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset
      BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding
      BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream
      BUG/MAJOR: stream: Force channel analysis on successful synchronous send
      BUG/MEDIUM: resolvers: Properly cache do-resolv resolution
      BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers
      BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer
      BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value
      BUG/MEDIUM: resolvers: Accept to create resolution without hostname

Collison, Steven (1):
      DOC: proxy-protocol: Add TLS group and sig scheme TLVs

Frederic Lecaille (5):
      MINOR: quic: add useful trace about padding params values
      BUG/MINOR: quic: too short PADDING frame for too short packets
      MINOR: quic: SSL session reuse for QUIC
      MINOR: quic: get rid of ->target quic_conn struct member
      MINOR: quic-be: make SSL/QUIC objects use their own indexes (ssl_qc_app_data_index)

Olivier Houchard (9):
      BUG/MEDIUM: ssl: Properly initialize msg_controllen.
      BUG/MEDIUM: h1: Allow reception if we have early data
      BUG/MEDIUM: ssl: create the mux immediately on early data
      MINOR: ssl: Add a flag to let it known we have an ALPN negociated
      MINOR: ssl: Use the new flag to know when the ALPN has been set.
      MEDIUM: server: Introduce the concept of path parameters
      MEDIUM: server: Make use of the stored ALPN stored in the server
      BUG/MEDIUM: ssl: Fix a crash when using QUIC
      BUG/MEDIUM: ssl: Fix a crash if we failed to create the mux

Remi Tricot-Le Breton (2):
      BUG/MINOR: ssl: Potential NULL deref in trace macro
      BUG/MINOR: ssl: Fix potential NULL deref in trace callback

William Lallemand (6):
      BUG/MINOR: acme: null pointer dereference upon allocation failure
      BUG/MEDIUM: jws: return size_t in JWS functions
      BUG/MINOR: ocsp: prototype inconsistency
      MINOR: ocsp: put internal functions as static ones
      MINOR: ssl: set functions as static when no protypes in the .h
      BUILD: ssl: functions defined but not used

Willy Tarreau (35):
      BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
      MINOR: debug: report the process id in warnings and panics
      DEBUG: stream: count the number of passes in the connect loop
      MINOR: debug: report the number of loops and ctxsw for each thread
      MINOR: debug: report the time since last wakeup and call
      DEBUG: peers: export functions that use locks
      MINOR: stick-table: permit stksess_new() to temporarily allocate more entries
      MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed
      MEDIUM: stick-tables: give up on lock contention in process_table_expire()
      MEDIUM: stick-tables: don't wait indefinitely in stktable_add_pend_updates()
      MEDIUM: peers: don't even try to process updates under contention
      CLEANUP: backend: clarify the role of the init_mux variable in connect_server()
      CLEANUP: backend: invert the condition to start the mux in connect_server()
      CLEANUP: backend: simplify the complex ifdef related to 0RTT in connect_server()
      CLEANUP: backend: clarify the cases where we want to use early data
      BUILD: ssl: address a recent build warning when QUIC is enabled
      BUG/MINOR: activity: fix reporting of task latency
      MINOR: activity: indicate the number of calls on "show tasks"
      MINOR: tools: don't emit "+0" for symbol names which exactly match known ones
      BUG/MEDIUM: stick-tables: don't loop on non-expirable entries
      DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting
      MEDIUM: dns: bind the nameserver sockets to the initiating thread
      MEDIUM: resolvers: make the process_resolvers() task single-threaded
      BUG/MINOR: stick-table: make sure never to miss a process_table_expire update
      MEDIUM: stick-table: move process_table_expire() to a single thread
      MEDIUM: peers: move process_peer_sync() to a single thread
      MINOR: activity: don't report the lat_tot column for show profiling tasks
      MINOR: activity: add a new lkw_avg column to show profiling stats
      MINOR: activity: collect time spent waiting on a lock for each task
      MINOR: thread: add a lock level information in the thread_ctx
      MINOR: activity: add a new lkd_avg column to show profiling stats
      MINOR: activity: collect time spent with a lock held for each task
      MINOR: activity: add a new mem_avg column to show profiling stats
      MINOR: activity: collect CPU time spent on memory allocations for each task
      MINOR: activity/memory: count allocations performed under a lock