[squid-announce] Squid 3.5.26 is available

Amos Jeffries squid3 at treenet.co.nz
Tue Jun 6 04:04:49 UTC 2017

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.26 release!

This release is a bug fix release resolving several issues found in the
prior Squid releases.

The major changes to be aware of:

* Bug 4711: SubjectAlternativeNames is missing in some generated 

Previous releases of Squid were not able to generate valid mimic 
certificates from AltName server certificate field only. This leads to 
security error [missing_subjectAltName] in modern browsers (both 
Chrome/Firefox this time), and, net::ERR_CERT_COMMON_NAME_INVALID errors 
visible to users.

* Bug 4682: ignoring http_access deny when client-first bumping mode is used

This bug appears as Squid failing to identify some HTTP requests which 
are tunneled inside an already established client-first bumped tunnel, 
and this is results in ignoring http_access denied for these requests.

* Bug 4589: ssl_crtd: returning zero on failure

This bug has been affecting some init scripts that were depending on the 
tool return values to detect when it failed to initialize the 
certificate database. This does not resolve any initialization issues 
directly,  merely allows init scripts to be made aware of them before 
Squid is started.

* Bug 3102 and 3772: FTP directory listings display issues

These bugs appears as line wrap and path truncation errors in FTP 
directory listings from some FTP servers.

* OpenSSL support better compliance with license requirements

The OpenSSL license requires that all binaries which are built to 
utilize the library API (that includes any library derived from OpenSSL) 
must publicly advertise that OpenSSL or derivative library in all 
documentation detailing features of that software.

This release of Squid will now include the required OpenSSL 
advertisement on builds -v output where features are displayed. This is 
primarily intended as a way to easily identify which library is being 
used by Squid at run-time when multiple libraries are present on a system.

Please note even with this update Squid is still not directly compatible 
with the OpenSSL terms of distribution. Distributors of OpenSSL enabled 
Squid are required to ensure they meet both GPL and OpenSSL licensing 

  All users of Squid-3 with SSL-Bump functionality are encouraged to
upgrade to this release as soon as possible.

  All other users of Squid-3 are encouraged to upgrade to this release as
time permits.

  See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
   "squid -k parse" is starting to display even more
    useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers


or the mirrors. For a list of mirror sites see


If you encounter any issues with this release please file a bug report.

Amos Jeffries

More information about the squid-announce mailing list