Search squid archive

Re: SslPeekAndSplice - Truth or Myth ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/04/2014 05:36 AM, Юрий Пайков wrote:
> I found a feature request here
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
> Its status says: "stalled due to lack of sponsor interest", though there
> several commits with quite a few impovements. Anybody knows how "usable"
> is that code?

It's usability is approximately 7 :-)

The code is not usable "as is" in production environments, but does
contain a lot of essential knowledge that took us several months to
discover. We have uncovered many SSL and OpenSSL limitations in the
project area and were able to work around some of them. We think we now
understand how things can work and have mostly working code for various
stages of Peek and Splice.

The missing pieces are:

* Configuration: Very complex and difficult to get right because there
are many stages of Peek and Splice, the decisions at the current stage
affects future stages, and the intended future stages affect the
decisions at previous stages! Attacking this problem directly produces a
long list of squid.conf directives with complex interactions that are
next to impossible to configure correctly. We have an alternative
configuration design plan that we are almost happy about, but virtually
no proper configuration code yet.

* Connecting existing code snippets for various Peek and Splice stages
to the configuration and to each other.

* Getting the code ready for production use. We need to remove a lot of
shortcuts and simplifications in the existing code.

* More testing, documentation, and submission for the official review.

The wiki page has been updated to contain the above information.

The project is suspended until

* either we find sponsors (quite likely within the next month or two
given the current level of interest; please contact me off list if
interested) or

* somebody volunteers to finish it (requires, among other things,
working with OpenSSL internals; we can share configuration blueprints
but no hand-holding is available at this time).


HTH,

Alex.





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux