Re: SSL connction failed due to SNI after content redirection

Alex Wu <alex_wu2012@xxxxxxxxxxx> · Tue, 21 Jul 2015 13:34:12 -0700

The patch has been manually modified to meet code review.

Here is the patch without any manuall modification:

diff --git a/squid-3.5.6/src/ssl/PeerConnector.cc b/squid-3.5.6/src/ssl/PeerConnector.cc
index b4dfd8f..d307665 100644
--- a/squid-3.5.6/src/ssl/PeerConnector.cc
+++ b/squid-3.5.6/src/ssl/PeerConnector.cc
@@ -189,8 +189,13 @@ Ssl::PeerConnector::initializeSsl()

             // Use SNI TLS extension only when we connect directly
             // to the origin server and we know the server host name.
-            const char *sniServer = hostName ? hostName->c_str() :
-                                    (!request->GetHostIsNumeric() ? request->GetHost() : NULL);
+            const char *sniServer = NULL;
+            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
+            if (!hostName || redirected)
+                sniServer = request->GetHostIsNumeric() ? request->GetHost() : NULL;
+            else
+                sniServer = hostName->c_str();
+
             if (sniServer)
                 Ssl::setClientSNI(ssl, sniServer);
         }
~            

Alex




> Date: Tue, 21 Jul 2015 12:59:29 -0700
> From: hack.back@hotmail.com
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] SSL connction failed due to SNI after content	redirection
> 
> :~/squid-3.5.6-20150716-r13865# patch -p0 --verbose < sni.patch
> Hmm...  Looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |--- src/ssl/PeerConnector.cc
> |+++ src/ssl/PeerConnector.cc
> --------------------------
> Patching file src/ssl/PeerConnector.cc using Plan A...
> patch: **** malformed patch at line 16:                  debugs(83, 5,
> "SNIserve " << sniServer);
> 
> 
> 
> 
> 
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSL-connction-failed-due-to-SNI-after-content-redirection-tp4672339p4672366.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

 		 	   		  
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




