On 08/21/2015 01:28 AM, Amos Jeffries wrote: > Christos has managed (we think) to resolve a fairly major design issue > that has been plaguing the 3.5 series peek-and-splice feature so far. > (<http://wiki.squid-cache.org/Features/SslPeekAndSplice>) Clarification: No major design issue has been resolved. The design has not changed. We fixed the implementation to match the documented design. I cannot come up with a specific previously-working configuration example that our fix would break, but that does not mean such configurations do not exist. If your ssl_bump peek or stare rule could match at step #3, then you were in a danger zone: Our buggy code used to incorrectly splice or bump (depending on various complex factors) when such a match happens at step3. After the fix, such a match can never happen: peek and stare rules are now correctly ignored during step3. Here is an example of a configuration that was _not_ working reliably before the fix (under certain atypical but realistic conditions such as IE on Windows XP): ssl_bump peek all ssl_bump splice all The above configuration should work as expected after the fix. The change is not meant to resolve any assertions. However, since it affects when/whether Squid splices or bumps, the change may affect the asserting code as well. Hope this clarifies, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
