Sauce Labs is pleased to announce the release of Sauce Connect Proxy 4.6.1.
This release includes these changes. Use the download links to get that latest and previous versions.
Version Number | Change Description | Release Date |
---|
|
Sauce Labs is changing how we manage SSL certificates to improve assurance and compatibility with SSL-inspecting web proxies. NEW FEATURES 1. Public Certificates Sauce Connect Proxy 4.6.1 supports public certificates; private certificates are no longer supported for this and all subsequent releases of Sauce Connect Proxy The Operating System on which SC runs needs to have its certificate store set up correctly. Here are some details per Operating System: Linux OpenSSL stores CA certificates, which are accessed by the Sauce Connect Client The default OpenSSL certificates directory can be found using: openssl version -d Set the SSL_CERT_DIR environment variable to this folder or another containing certificates in PEM format You can also set the SSL_CERT_FILE environment variable to a file of certificates in PEM format Certificates will be automatically updated, manual certificate update can be achieved via command line: update-ca-certificates
Windows: OSX: Certificates will be read from the MacOS Keychain Access automatically Alternatively, if the Homebrew OpenSSL package is installed, the default cert.pem file can be used: `--tunnel-cainfo /usr/local/etc/openssl/cert.pem
2. OCSP tunnel certificate validation This feature lets the SC client validate that the tunnel endpoint's public certificate has not been revoked OCSP relies on Public Key Infrastructure and needs to make additional HTTP requests to OCSP servers associated with the tunnel endpoint’s certificate chain; this is configurable via the following customer accessible SC parameters: "soft-fail" policy allows SC to run unless OCSP server returns “revoked” status; e.g., timeouts, unknown status, etc will not stop SC from connecting to tunnel; connection to OCSP server is set to timeout after 5 seconds "hard-fail" policy blocks SC from running unless OCSP server returns “good” status; e.g., timeouts, revoked certificate, unknown status, etc. will stop SC from connecting to tunnel; connection to OCSP server is set to timeout after 10 seconds “log-only” policy is similar to “soft-fail”, except it only logs errors and never blocks "bypass" allows customers to skip OCSP checks
--ocsp log-only # default, only logs OCSP --ocsp attempt # soft-fail --ocsp strict # hard-fail --no-ocsp-verify # bypass - OCSP supports the following existing flags:
--kgp-host, --kgp-port, --proxy, --pac, --no-autodetect, --proxy-tunnel, --tunnel-cainfo, --tunnel-capath
3. Selenium Relay 4. Application Notarization - MacOS Catalina support BUG FIXES Fix compatibility of --pac, --proxy and --proxy-userpwd flags Characters used in Tunnel identifiers must now be only ASCII, so that the Sauce Labs WebUI will work correctly Removed the ANSII color codes from the Sauce Connect log, for readability reasons Fixed handling of WebSockets on HTTP/2 servers
| |