The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.26 release!
This release is a bug fix release resolving several issues found in the
prior Squid releases.
The major changes to be aware of:
* Bug 4711: SubjectAlternativeNames is missing in some generated
Previous releases of Squid were not able to generate valid mimic
certificates from AltName server certificate field only. This leads to
security error [missing_subjectAltName] in modern browsers (both
Chrome/Firefox this time), and, net::ERR_CERT_COMMON_NAME_INVALID errors
visible to users.
* Bug 4682: ignoring http_access deny when client-first bumping mode is used
This bug appears as Squid failing to identify some HTTP requests which
are tunneled inside an already established client-first bumped tunnel,
and this is results in ignoring http_access denied for these requests.
* Bug 4589: ssl_crtd: returning zero on failure
This bug has been affecting some init scripts that were depending on the
tool return values to detect when it failed to initialize the
certificate database. This does not resolve any initialization issues
directly, merely allows init scripts to be made aware of them before
Squid is started.
* Bug 3102 and 3772: FTP directory listings display issues
These bugs appears as line wrap and path truncation errors in FTP
directory listings from some FTP servers.
* OpenSSL support better compliance with license requirements
The OpenSSL license requires that all binaries which are built to
utilize the library API (that includes any library derived from OpenSSL)
must publicly advertise that OpenSSL or derivative library in all
documentation detailing features of that software.
This release of Squid will now include the required OpenSSL
advertisement on builds -v output where features are displayed. This is
primarily intended as a way to easily identify which library is being
used by Squid at run-time when multiple libraries are present on a system.
Please note even with this update Squid is still not directly compatible
with the OpenSSL terms of distribution. Distributors of OpenSSL enabled
Squid are required to ensure they meet both GPL and OpenSSL licensing
All users of Squid-3 with SSL-Bump functionality are encouraged to
upgrade to this release as soon as possible.
All other users of Squid-3 are encouraged to upgrade to this release as
See the ChangeLog for the full list of changes in this and earlier