- Public Certificates: (Virtual Cloud Only) There is a new Sauce Connect command-line argument that allows users to require that Sauce Labs internal tunneling infrastructure uses Certificates signed by a Certificate Authority (CA) rather than self-signed certificates.
- The new option is as follows: "--tunnel-cert public" (without the quotes).
- The Operating System on which SC runs needs to have its certificate store set up correctly. Here are some details per Operating System:
- OpenSSL stores CA certificates, which are accessed by the Sauce Connect Client
- The default OpenSSL certificates directory can be found using: openssl version -d
- Set the SSL_CERT_DIR environment variable to this folder or another containing certificates in PEM format
- You can also set the SSL_CERT_FILE environment variable to a file of certificates in PEM format
- The command line to update certificates is: update-ca-certificates
- Certificates will be read from the MacOS Keychain Access automatically
- Alternatively, if the Homebrew OpenSSL package is installed, the default cert.pem file can be used: `--tunnel-cainfo /usr/local/etc/openssl/cert.pem`
- Public Certificate Support for Real Device Cloud and Headless Cloud are coming soon!
- Note that Sauce Labs has never considered using self-signed certs on our internal tunneling infrastructure to be a security risk because our public signing key is pinned inside of Sauce Connect client. However, some customers' security scans flag the internal self-signed certs, and we are doing this to satisfy these customers and as a best practice.
- The characters used in Tunnel identifiers must now be only ASCII, so that the Sauce Labs WebUI will work correctly
- We removed the ANSII color codes from the Sauce Connect log, for readability reasons
Jun 25 2019
Fixed an issue where some page elements were not loaded when using Sauce Connect for an HTTP Auth page
Fixed an issue where the browser error “ERR_TUNNEL_CONNECTION_FAILED” was thrown when running Sauce Connect with a parent proxy that requires authentication (e.g. Wonderproxy) and disabling SSL bumping (-B)
Fixed an issue where a tunnel did not start if the direct domain list or SSL bumping list contains both a root domain and subdomains with the same root. (e.g. saucelabs.com and test.saucelabs.com)
Fixed a regression in Sauce Connect 4.5.2 where using PAC file rules to redirect the Sauce Connect tunnel traffic did not work in some cases. However, customers need to use --proxy-tunnel argument if they want to redirect KGP connection through PAC file rules.
Jan 16 2019
Sauce Connect will print a user friendly error instead of a call stack when an invalid path is provided to --logfile argument.
Input validation of tunnel domains, direct domains and No-SSL-bump domains arguments. Domain arguments with the asterisk wildcard character in the middle for e.g. dev*.local will fail input validation. The optional asterisk wildcard character can only be at the beginning of the domain name.
Added input validation for --pac argument. Sauce Connect will print an error and terminate when a relative PAC file path is provided.
Updated PAC file parser to fix intermittent parsing errors on startup.
Fixed an issue where Sauce Connect exits with status code 0 when invalid arguments are provided, Sauce Connect will now exit with status code 1.
Fixed an issue where Sauce Connect takes a minute to shutdown when an invalid tunnel domain, direct domain or No-SSL-bump domain is passed.
Fixed an issue where Sauce Connect fails to check for updates when -x argument is used.
Nov 30 2018
- Fixed a critical issue on Mac OS X where Sauce Connect throws a fatal error and terminates. This issue happens when WiFi is temporarily turned off or when the system wakes up from sleep or when internet connectivity is temporarily lost. The fatal error looks like below
"fatal: morestack on g0"
- Fixed an issue so that Sauce Connect terminates on startup if pid file location (--pidfile) is inaccessible.
- Fixed file descriptor leak.
Aug 23 2018
- Fixed a major bug in connection state logic that caused clients to exit prematurely.
- Support for YAML config file through
-c, --config-file arguments. Refer to Sauce Connect Command Line Reference for more information.
- Support for proxy credentials in
https_proxy environment variables on Mac and Linux platforms. Format should be
- Updated timestamp format in Sauce Connect log files to a more user friendly format "
- Print a warning about performance impact while running Sauce Connect in very verbose mode.
- Scrub access key from very verbose Sauce Connect logs.
Aug 03 2018
Feb 28 2018
- Fixed a bug where HTTP headers with empty values are not parsed correctly.
Dec 08 2017
- --proxy-userpwd option doesn't accept passwords with a special character.
- --proxy-userpwd option ignores authentication credentials for proxies in a PAC file. The initial attempt to fix this issue in 4.4.6 required some additional changes.
- --doctor option throws errors about 2 non-existent hosts.
- Sauce Connect fails to run on Windows systems with international characters in the path.
Nov 13 2017
- Improved error propagation from PAC files while using external functions like DNS resolution.
- Better error log messages when external function calls in PAC files fail.
Aug 14 2017
- Added round trip time to kgp metric (RoundTripTimeMs) to understand the latency impact on each tunnel (another data point that can be used to understand reasons for slower jobs)
- We've described the ways this information can be accessed in our docs
- On top of monitoring metrics that were released as part of the previous release, we are is now exposing additional tunnel monitoring via our REST API.
- Specifically, users will be able to track the number of jobs is currently running through each of tunnel by hitting a dedicated rest API endpoint (docs have been updated to include it as well).
- Fixed a bug that would cause the client to segfault if a REST request failed
Jul 20 2017
Starting with 4.4.7 customers will be able to track the bandwidth of traffic going through the tunnel (received & transmitted) by connecting to the local HTTP server.
More information on the configuration and what data is exposed & how to access it is available on our documentation
* Team has addressed the issue with Sauce Connect creating too many TCP Connections
* Proxy Connection issues when customers are using PAC files on Windows have been resolved
* Backlashes in PAC files no longer cause errors during the SC Launch
Jun 12 2017
Version 4.4.6 introduces a new method to access the health of the Sauce Connect. When Sauce Connect Proxy is running the following health metrics are exposed.
- Sauce Connect connections status indicating if this currently alive and healthy.
- Timestamp when the connection status changed.
- A running count of how many times the connection was re-established.
For more information please refer : Understanding Sauce Connect Proxy Client Metrics
Bug Fixes and Improvements:
Fixes a bug that would cause SC to use invalid URL's in it's internal proxy, causing --proxy and --pac functionality to break.
Better logging to indicate the requirement of specifying the absolute path of the PAC file when using the --pac command line flag to start Sauce Connect.
Apr 21 2017
fixed an issue that would cause Go runtime panics on Mac OSX Sierra
fixed a bug introduced in 4.4.4 that caused --proxy-userpwd flag to not function as intended
Simplified client shutdown options. --wait-tunnel-shutdown flag has been removed in Sauce Connect Proxy. From 4.4.5, users won’t require the flag, as the default shutdown behavior has been updated so that Sauce Connect will wait for up to 5 minutes based on pending tests before shutting down, as it normally would when the flag is used.
Mar 16 2017
Mar 10 2017
Support for glibc versions 2.12 and newer instead of 2.14 and newer. This should enable installation of Sauce Connect in RHEL 6/ Cent OS 6 versions and linux distributions that rely on glibc 2.12.
The IP Address of the Virtual Machine that ran the job is included as a header ( X-SL-Chef-IP header) in the logs.
Bug Fixes :
Some log lines may have been dropped in cases where a large amount of parallel tests were running through a single client
AJAX requests/responses arriving out of order
Windows client crash when using the p/-proxy flag
a/-auth flag not working as expected since version 4.4.0
Client not exiting gracefully if it's parent process died
Mar 09 2017
- Updated to libcurl 7.51.0
- Updated to c-ares 1.12.0
- Removed libunwind
- Fixed bug on Windows where the client would panic if run with the option
--doctor and without the
- Added license file for open source libraries and updated the SC license
- Fixed bug to display correct number of jobs when shutting down a tunnel
Nov 30 2016
Oct 19 2016
Sep 14 2016
- Fixed a bug with how the
--no-remove-colliding-tunnels flag was working for High Availability mode.
- systemd & upstart configuration examples to the tarball
Aug 12 2016
Sauce Connect Proxy client will no longer resend packets that have already been received by the tunnel at Sauce's data center, thereby reducing resent traffic in poor network conditions.
Dependency for GLIBC updated to version 2.14.
General bug fixes
Aug 10 2016
When we released Sauce Connect 4.3.15 some customers noticed an issue causing intermittent crashes in the built-in HTTP proxy typically seen when a PAC is used and HTTPS websites are accessed.
A new version (4.3.16) containing a fix for this is now available for download here:
May 27 2016
May 18 2016
- SC now triggers a KGP reconnect if it detects no keepalives have gone through after 30 seconds
- We have added the ability to specify standard out (-) as a log file
- SC now makes sure perfect forward secrecy and TLS1.1 or TLS1.2 is used when connecting to the tunnel VM
Apr 05 2016
More details on stability improvements can be found in this blog post: http://sauceio.com/index.php/2016/01/introducing-stability-improvements-to-sauce-connect/
- Quitting Sauce Connect on Windows doesn't shut down tunnel
- Illegal instruction: 4 on OS X with SC 4.3.12
- Race condition when Sauce Connect is trying to clean up its KGP thread
- Upgrade OpenSSL to 1.0.1q in SC build
Jan 27 2016
- http_parser failing to detect where a header field starts
- Port number is cut off when using PAC
- SC for Windows crashes on Windows 2012 R2
Nov 10 2015
- Users can now specify which DNS SC should use by adding a “--DNS" flag.
- Tunnel VMs now have descriptive domain names for easier debugging.
- OpenSSL has been upgraded to 1.0.1p.
- Bug fixes
Aug 11 2015