Changes since version 2.4-dev6 : Amaury Denoyelle (19): BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name MINOR: reg-tests: add http-reuse test CLEANUP: srv: fix comment for pool-max-conn CLEANUP: backend: remove an obsolete comment on conn_backend_get REORG: backend: simplify conn_backend_get BUG/MEDIUM: session: only retrieve ready idle conn from session BUG/MEDIUM: backend: never reuse a connection for tcp mode MINOR: h1: reject websocket handshake if missing key MEDIUM: h1: generate WebSocket key on response if needed MINOR: mux_h2: define H2_SF_EXT_CONNECT_SENT stream flag MEDIUM: h2: parse Extended CONNECT reponse to htx MEDIUM: mux_h2: generate Extended CONNECT from htx upgrade MEDIUM: h1: add a WebSocket key on handshake if needed MEDIUM: mux_h2: generate Extended CONNECT response MEDIUM: h2: parse Extended CONNECT request to htx MEDIUM: h2: send connect protocol h2 settings MINOR: vtc: add test for h1/h2 protocol upgrade translation MINOR: vtc: add websocket test BUG/MINOR: backend: check available list allocation for reuse Christopher Faulet (39): BUG/MINOR: stats: Continue to fill frontend stats on unimplemented metric BUG/MINOR: stats: Init the metric variable when frontend stats are filled BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown BUG/MINOR: stats: Remove a break preventing ST_F_QCUR to be set for servers BUG/MINOR: stats: Add a break after filling ST_F_MODE field for servers MEDIUM: stream-int: Take care of EOS if the SI wake callback function MINOR: mux-h1: Try to wake up data layer first before calling its wake callback MINOR: mux-h1: Wake up H1C after its creation if input buffer is not empty MEDIUM: mux-h1: Add ST_READY state for the H1 connections MINOR: stream: Add a function to validate TCP to H1 upgrades MEDIUM: http-ana: Do nothing in wait-for-request analyzer if not htx BUG/MEDIUM: stream: Don't immediatly ack the TCP to H1 upgrades BUG/MAJOR: mux-h1: Properly handle TCP to H1 upgrades MINOR: htx/http-ana: Save info about Upgrade option in the Connection header MEDIUM: http-ana: Refuse invalid 101-switching-protocols responses BUG/MINOR: h2/mux-h2: Reject 101 responses with a PROTOCOL_ERROR h2s error MINOR: mux-h1/mux-fcgi: Don't set TUNNEL mode if payload length is unknown MINOR: mux-h1: Split H1C_F_WAIT_OPPOSITE flag to separate input/output sides MINOR: mux-h2: Add 2 flags to help to properly handle tunnel mode MEDIUM: mux-h2: Block client data on server side waiting tunnel establishment MEDIUM: mux-h2: Close streams when processing data for an aborted tunnel MEDIUM: mux-h1: Properly handle tunnel establishments and aborts BUG/MAJOR: mux-h1/mux-h2/htx: Fix HTTP tunnel management at the mux level MINOR: htx: Rename HTX_FL_EOI flag into HTX_FL_EOM REGTESTS: Don't run http_msg_full_on_eom script on the 2.4 anymore MINOR: htx: Add a function to know if a block is the only one in a message MAJOR: htx: Remove the EOM block type and use HTX_FL_EOM instead MINOR: mux-h1: Add a flag on H1 streams with a response known to be bodyless MEDIUM: mux-h1: Don't emit any payload for bodyless responses MINOR: mux-h1: Don't emit C-L and T-E headers for 204 and 1xx responses MINOR: mux-h1: Don't add Connection close/keep-alive header for 1xx messages MINOR: h2/mux-h2: Add flags to notify the response is known to have no body MEDIUM: mux-h2: Don't emit DATA frame for bodyless responses MEDIUM: http-ana: Deal with L7 retries in HTTP analysers REGTESTS: Fix required versions for several scripts REGTEST: Don't use the websocket to validate http-check MINOR: mux-h1/trace: add traces at level ERROR for all kind of errors MINOR: mux-fcgi/trace: add traces at level ERROR for all kind of errors MINOR: h1: Raise the chunk size limit up to (2^52 - 1) Ilya Shipitsin (2): BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version CLEANUP: assorted typo fixes in the code and comments Remi Tricot-Le Breton (5): MINOR: ssl: Server ssl context prepare function refactoring MINOR: ssl: Certificate chain loading refactorization MEDIUM: ssl: Load client certificates in a ckch for backend servers MEDIUM: ssl: Enable backend certificate hot update MINOR: ssl: Remove client_crt member of the server's ssl context Tim Duesterhus (5): DOC: Improve documentation of the various hdr() fetches MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set. BUILD: Include stdlib.h in compiler.h if DEBUG_USE_ABORT is set CI: Fix DEBUG_STRICT definition for Coverity CI: Fix the coverity builds William Dauchy (6): MINOR: contrib/prometheus-exporter: better output of Not-a-Number CLEANUP: stats: improve field selection for frontend http fields MEDIUM: stats: allow to select one field in `stats_fill_be_stats` MINOR: contrib/prometheus-exporter: use fill_be_stats for backend dump MEDIUM: stats: allow to select one field in `stats_fill_sv_stats` MINOR: contrib/prometheus-exporter: use fill_sv_stats for server dump William Lallemand (9): CLEANUP: ssl/cli: rework free in cli_io_handler_commit_cert() CLEANUP: ssl: remove SSL_CTX function parameter CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() REGTESTS: set_ssl_server_cert.vtc: remove the abort command REGTESTS: set_ssl_server_cert.vtc: check the Sha1 Fingerprint REGTESTS: set_ssl_server_cert.vtc: check the sha1 from the server REGTESTS: set_ssl_server_cert.vtc: set as broken Willy Tarreau (2): BUG/MEDIUM: listener: do not accept connections faster than we can process them Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them"