Search squid archive

Re: ssl_bump updates coming in 3.5.8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/21/2015 01:28 AM, Amos Jeffries wrote:

> Christos has managed (we think) to resolve a fairly major design issue
> that has been plaguing the 3.5 series peek-and-splice feature so far.
> (<http://wiki.squid-cache.org/Features/SslPeekAndSplice>)


Clarification: No major design issue has been resolved. The design has
not changed. We fixed the implementation to match the documented design.

I cannot come up with a specific previously-working configuration
example that our fix would break, but that does not mean such
configurations do not exist. If your ssl_bump peek or stare rule could
match at step #3, then you were in a danger zone: Our buggy code used to
incorrectly splice or bump (depending on various complex factors) when
such a match happens at step3. After the fix, such a match can never
happen: peek and stare rules are now correctly ignored during step3.

Here is an example of a configuration that was _not_ working reliably
before the fix (under certain atypical but realistic conditions such as
IE on Windows XP):

  ssl_bump peek all
  ssl_bump splice all

The above configuration should work as expected after the fix.


The change is not meant to resolve any assertions. However, since it
affects when/whether Squid splices or bumps, the change may affect the
asserting code as well.


Hope this clarifies,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux