Changes since version 1.5-dev12 :

Baptiste Assmann (1):
      BUILD: fix build issue without USE_OPENSSL

Cyril Bonté (4):
      BUILD: fix compilation error with DEBUG_FULL
      DOC: ssl: remove prefer-server-ciphers documentation
      DOC: ssl: surround keywords with quotes
      DOC: fix minor typo on http-send-name-header

Emeric Brun (40):
      MINOR: ssl: try to load Diffie-Hellman parameters from cert file
      DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading
      MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation
      DOC: ssl: add 'ecdhe' statement on 'bind'
      MEDIUM: ssl: add client certificate authentication support
      DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind'
      MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present
      DOC: ssl: add fetch and ACL 'client_cert'
      MINOR: ssl: add ignore verify errors options
      DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind'
      MINOR: ssl: add fetch and ACL 'ssl_verify_result'
      DOC: ssl: add fetch and ACL 'ssl_verify_result'
      MINOR: ssl: add fetches and ACLs to return verify errors
      DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth'
      MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1
      MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory
      MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
      DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
      MEDIUM: config: authorize frontend and listen without bind.
      MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption
      DOC: ssl: add 'no-tls-tickets' statement documentation.
      BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.
      BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature.
      BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL.
      BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686.
      MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners.
      BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes
      MINOR: ssl: add 'crt-base' and 'ca-base' global statements.
      MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'.
      MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file'
      MINOR: ssl: use bit fields to  store ssl options instead of one int each
      MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind.
      MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server
      MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
      BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3'
      MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
      MEDIUM: ssl: reject ssl server keywords in default-server statement
      MINOR: ssl: add statement 'no-tls-tickets' on server side.
      MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers.
      DOC: Fix rename of options cafile and crlfile to ca-file and crl-file.

Guillaume Castagnino (1):
      DOC: duplicate ssl_sni section

Willy Tarreau (116):
      MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
      BUG/MAJOR: ssl: missing tests in ACL fetch functions
      MINOR: config: add a function to indent error messages
      REORG: split "protocols" files into protocol and listener
      MEDIUM: config: replace ssl_conf by bind_conf
      CLEANUP: listener: remove unused conf->file and conf->line
      MEDIUM: listener: add a minimal framework to register "bind" keyword options
      MEDIUM: config: move the "bind" TCP parameters to proto_tcp
      MEDIUM: move bind SSL parsing to ssl_sock
      MINOR: config: improve error reporting for "bind" lines
      MEDIUM: config: move the common "bind" settings to listener.c
      MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c
      MEDIUM: config: enumerate full list of registered "bind" keywords upon error
      MINOR: listener: add a scope field in the bind keyword lists
      MINOR: config: pass the file and line to config keyword parsers
      MINOR: stats: fill the file and line numbers in the stats frontend
      MINOR: config: set the bind_conf entry on listeners created from a "listen" line.
      MAJOR: listeners: use dual-linked lists to chain listeners with frontends
      REORG: listener: move unix perms from the listener to the bind_conf
      BUG: backend: balance hdr was broken since 1.5-dev11
      MINOR: standard: make memprintf() support a NULL destination
      MINOR: config: make str2listener() use memprintf() to report errors.
      MEDIUM: stats: remove the stats_sock struct from the global struct
      MINOR: ssl: set the listeners' data layer to ssl during parsing
      MEDIUM: stats: make use of the standard "bind" parsers to parse global socket
      DOC: move bind options to their own section
      DOC: stats: refer to "bind" section for "stats socket" settings
      DOC: fix index to reference bind and server options
      BUG: http: do not print garbage on invalid requests in debug mode
      BUG/MINOR: config: check the proper pointer to report unknown protocol
      CLEANUP: connection: offer conn_prepare() to set up a connection
      CLEANUP: config: fix typo inteface => interface
      BUG: stats: fix regression introduced by commit 4348fad1
      MINOR: cli: allow to set frontend maxconn to zero
      BUG/MAJOR: http: chunk parser was broken with buffer changes
      MEDIUM: monitor: simplify handling of monitor-net and mode health
      MINOR: connection: add a pointer to the connection owner
      MEDIUM: connection: make use of the owner instead of container_of
      BUG/MINOR: ssl: report the L4 connection as established when possible
      BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload
      BUG/MINOR: config: use a copy of the file name in proxy configurations
      BUG/MEDIUM: listener: don't pause protocols that do not support it
      MEDIUM: proxy: add the global frontend to the list of normal proxies
      BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
      MINOR: signal: really ignore signals configured with no handler
      MINOR: buffers: add a few functions to write chars, strings and blocks
      MINOR: raw_sock: always report asynchronous connection errors
      MEDIUM: raw_sock: improve connection error reporting
      REORG: connection: rename the data layer the "transport layer"
      REORG: connection: rename app_cb "data"
      MINOR: connection: provide a generic data layer wakeup callback
      MINOR: connection: split conn_prepare() in two functions
      MINOR: connection: add an init callback to the data_cb struct
      MEDIUM: session: use a specific data_cb for embryonic sessions
      MEDIUM: connection: use a generic data-layer init() callback
      MEDIUM: connection: reorganize connection flags
      MEDIUM: connection: only call the data->wake callback on activity
      MEDIUM: connection: make it possible for data->wake to return an error
      MEDIUM: session: register a data->wake callback to process errors
      MEDIUM: connection: don't call the data->init callback upon error
      MEDIUM: connection: it's not the data layer's role to validate the connection
      MEDIUM: connection: automatically disable polling on error
      REORG: connection: move the PROXY protocol management to connection.c
      MEDIUM: connection: add a new local send-proxy transport callback
      MAJOR: checks: make use of the connection layer to send checks
      REORG: server: move the check-specific parts into a check subsection
      MEDIUM: checks: use real buffers to store requests and responses
      MEDIUM: check: add the ctrl and transport layers in the server check structure
      MAJOR: checks: completely use the connection transport layer
      MEDIUM: checks: add the "check-ssl" server option
      MEDIUM: checks: enable the PROXY protocol with health checks
      CLEANUP: checks: remove minor warnings for assigned but not used variables
      MEDIUM: tcp: enable TCP Fast Open on systems which support it
      BUG: connection: fix regression from commit 9e272bf9
      CLEANUP: cttproxy: remove a warning on undeclared close()
      BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used
      MEDIUM: listener: add support for linux's accept4() syscall
      MINOR: halog: sort output by cookie code
      BUG/MINOR: halog: -ad/-ac report the correct number of output lines
      BUG/MINOR: halog: fix help message for -ut/-uto
      MINOR: halog: add a parameter to limit output line count
      BUILD: accept4: move the socketcall declaration outside of accept4()
      MINOR: server: add minimal infrastructure to parse keywords
      MINOR: standard: make indent_msg() support empty messages
      MEDIUM: server: check for registered keywords when parsing unknown keywords
      MEDIUM: server: move parsing of keyword "id" to server.c
      BUG/MEDIUM: config: check-send-proxy was ignored if SSL was not builtin
      MEDIUM: ssl: move "server" keyword SSL options parsing to ssl_sock.c
      MEDIUM: log: suffix the frontend's name with '~' when using SSL
      MEDIUM: connection: always unset the transport layer upon close
      BUG/MINOR: session: fix some leftover from debug code
      BUG/MEDIUM: session: enable the conn_session_update() callback
      MEDIUM: connection: add a flag to hold the transport layer
      MEDIUM: log: add a new LW_XPRT flag to pin the transport layer
      MINOR: log: make lf_text use a const char *
      MEDIUM: log: report SSL ciphers and version in logs using logformat %sslc/%sslv
      REORG: http: rename msg->buf to msg->chn since it's a channel
      CLEANUP: http: use 'chn' to name channel variables, not 'buf'
      CLEANUP: channel: use 'chn' instead of 'buf' as local variable names
      CLEANUP: tcp: use 'chn' instead of 'buf' or 'b' for channel pointer names
      CLEANUP: stream_interface: use 'chn' instead of 'b' to name channel pointers
      CLEANUP: acl: use 'chn' instead of 'b' to name channel pointers
      MAJOR: channel: replace the struct buffer with a pointer to a buffer
      OPTIM: channel: reorganize struct members to improve cache efficiency
      CLEANUP: session: remove term_trace which is not used anymore
      OPTIM: session: reorder struct session fields
      OPTIM: connection: pack the struct target
      DOC: document relations between internal entities
      MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information
      BUILD: ssl: fix shctx build on older compilers
      MEDIUM: ssl: add support for the "npn" bind keyword
      BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions
      MINOR: chunk: provide string compare functions
      MINOR: sample: accept fetch keywords without parenthesis
      MEDIUM: sample: pass an empty list instead of a null for fetch args
      MINOR: ssl: improve socket behaviour upon handshake abort.

bedis (1):
      MINOR: samples: update the url_param fetch to match parameters in the path