On 02/04/2014 05:36 AM, Юрий Пайков wrote: > I found a feature request here > http://wiki.squid-cache.org/Features/SslPeekAndSplice > Its status says: "stalled due to lack of sponsor interest", though there > several commits with quite a few impovements. Anybody knows how "usable" > is that code? It's usability is approximately 7 :-) The code is not usable "as is" in production environments, but does contain a lot of essential knowledge that took us several months to discover. We have uncovered many SSL and OpenSSL limitations in the project area and were able to work around some of them. We think we now understand how things can work and have mostly working code for various stages of Peek and Splice. The missing pieces are: * Configuration: Very complex and difficult to get right because there are many stages of Peek and Splice, the decisions at the current stage affects future stages, and the intended future stages affect the decisions at previous stages! Attacking this problem directly produces a long list of squid.conf directives with complex interactions that are next to impossible to configure correctly. We have an alternative configuration design plan that we are almost happy about, but virtually no proper configuration code yet. * Connecting existing code snippets for various Peek and Splice stages to the configuration and to each other. * Getting the code ready for production use. We need to remove a lot of shortcuts and simplifications in the existing code. * More testing, documentation, and submission for the official review. The wiki page has been updated to contain the above information. The project is suspended until * either we find sponsors (quite likely within the next month or two given the current level of interest; please contact me off list if interested) or * somebody volunteers to finish it (requires, among other things, working with OpenSSL internals; we can share configuration blueprints but no hand-holding is available at this time). HTH, Alex.