From rousskov at measurement-factory.com  Thu Mar 13 17:44:02 2008
From: rousskov at measurement-factory.com (Alex Rousskov)
Date: Thu, 13 Mar 2008 11:44:02 -0600
Subject: Polygraph v3.1.5 available
Message-ID: <1205430242.60560.429.camel@pail.measurement-factory.com>

Hi there,

	Polygraph version 3.1.5 is now available at
http://www.web-polygraph.org/downloads/

This major public release includes NTLM authentication support. NTLMSPP
authentication is working in our tests. GSSAPI (a.k.a., SPNEGO)
algorithm is implemented but untested (we are waiting for a proxy with
GSSAPI support). Authentication documentation is available at
http://www.web-polygraph.org/docs/userman/auth.html

This release also includes foreign content handling improvements,
portability improvements and bug fixes. The code has been in use by
Factory customers for a while and appears to be stable. The change log
for the entire 3.1 branch is quoted below.

Enjoy,

Alex.
----------- change log -----------------
version 3.1.5
2008/03/13

- Initial and mostly untested support for NTLM/GSSAPI proxy
  authentication. We need to find a proxy that supports
  NTLM/GSSAPI to test this feature.

- Added support for recycling or sharing of SSL certificates that
  have identical generation parameters. The support is enabled
  by setting PGL SslWrap::sharing_group to a non-empty string.
  The certificates within the same group will be shared if their
  openssl generation commands are the same.
  
  Sharing provides significant speedup in Polygraph start times
  when hundreds of servers require certificate generation.
  
- Some Linux kernels have gettimeofday bugs that cause time
  jumps of approximately 72 minutes, especially on SMP systems.
  We saw it on an 8-CPU box running 2.6.18-8.el5. For 2002
  discussion, start at
  http://www.kernel-traffic.org/kernel-traffic/kt20020708_174.html#1
  
  We now try to ignore individual jumps exceeding 60 minutes. If
  the time did change, the change will be honored during the
  second gettimeofday() call.

- Make NTLM code compile when SSL is disabled. Polygraph will
  assert if NTLM is used without SSL support because it needs
  SSL code for NTLM.

- Removed extra terminating CRLF after CONNECT headers.


version 3.1.4
2007/11/12

- Use the first (top) supported Proxy-Authenticate method
  instead of the last one.

- Use the last '@' in NTLM credentials to separate the host name
  from the user name because the user name itself may contain '@'.

- Robots were not parsing some CONNECT responses correctly.

- Send full Request URL only if we are talking directly to a
  proxy. Sending an HTTP request inside the CONNECT transaction
  is not talking directly to a proxy.

- Do not try to parse content as markup if we are not going to
  request embedded objects due to non-positive embed_recur.


version 3.1.3
2007/06/13

- Tolerate binary log "level" statistics with negative mean level
  data, which may be caused by level sum overflow.

- Fixed --log and --sample_log command-line option descriptions.
  (Mikhail Fedotov).

- Removed no longer used or maintained nmake-specific Makefiles.


version 3.1.1
2007/03/07

- Fixed the 'theInOff <= theCapacity' assertion.


version 3.1.0
2007/03/05

- Support client-side NTLM authentication with proxies.

- Fixed a bug resulting in a stuck client transaction when the
  HTTP request did not fit into a single I/O.

- Make GCC4 on Ubuntu6 happier (Mikhail Fedotov).





From richard at the-moon.net  Mon Mar 17 04:48:48 2008
From: richard at the-moon.net (Richard Wall)
Date: Mon, 17 Mar 2008 04:48:48 +0000
Subject: Polygraph v3.1.5 available
In-Reply-To: <1205430242.60560.429.camel@pail.measurement-factory.com>
References: <1205430242.60560.429.camel@pail.measurement-factory.com>
Message-ID: <fa6a0cb50803162148y2ad8c6aap37810ea31c97c316@mail.gmail.com>

On Thu, Mar 13, 2008 at 5:44 PM, Alex Rousskov
<rousskov at measurement-factory.com> wrote:
> Hi there,
>
>         Polygraph version 3.1.5 is now available at
>  http://www.web-polygraph.org/downloads/

Thanks Alex,

I had to do this to get it to compile on Ubuntu Gutsy.

--- src/runtime/SslWrap.cc      2008-03-17 04:28:27 +0000
+++ src/runtime/SslWrap.cc      2008-03-17 04:32:12 +0000
@@ -6,6 +6,7 @@
 #include "base/polygraph.h"

 #include <stdlib.h>
+#include <cassert>
 #include "xstd/h/iomanip.h"
 #include "xstd/Checksum.h"
 #include "xstd/Map.h"

>  This major public release includes NTLM authentication support. NTLMSPP
>  authentication is working in our tests. GSSAPI (a.k.a., SPNEGO)
>  algorithm is implemented but untested (we are waiting for a proxy with
>  GSSAPI support). Authentication documentation is available at
>  http://www.web-polygraph.org/docs/userman/auth.html

NTLM support will be really useful. I'm hoping to start using it this week.

-RichardW


From rousskov at measurement-factory.com  Mon Mar 17 15:17:21 2008
From: rousskov at measurement-factory.com (Alex Rousskov)
Date: Mon, 17 Mar 2008 09:17:21 -0600
Subject: Polygraph v3.1.5 available
In-Reply-To: <fa6a0cb50803162148y2ad8c6aap37810ea31c97c316@mail.gmail.com>
References: <1205430242.60560.429.camel@pail.measurement-factory.com>
	<fa6a0cb50803162148y2ad8c6aap37810ea31c97c316@mail.gmail.com>
Message-ID: <1205767041.60560.956.camel@pail.measurement-factory.com>

On Mon, 2008-03-17 at 04:48 +0000, Richard Wall wrote:

> I had to do this to get it to compile on Ubuntu Gutsy.
> ...
> +++ src/runtime/SslWrap.cc      2008-03-17 04:32:12 +0000
> +#include <cassert>

Noted, thank you. The SslWrap code should have used Assert() defined in
xstd/Assert.h instead of assert(). Your fix should work. I have attached
the committed fix.

Thanks,

Alex.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: assert.diff
Type: text/x-patch
Size: 1299 bytes
Desc: not available
URL: <http://lists.web-polygraph.org/pipermail/users/attachments/20080317/2a5a872c/attachment.bin>