On 9/17/21 3:29 PM, Andreas Weigel wrote: > If splicing at step3, however, hostHeaderVerify is not called again with > the SNI I assume that the above statement would still be true if I remove the word "again" from it. This is how I interpreted it (i.e. hostHeaderVerify() is called once with the IP address and never with SNI). There are other ways to interpret that statement (e.g., hostHeaderVerify was called with SNI once, but you expected it to be called with SNI twice). > I was wondering if this could be considered a bug or if there is a > rationale to change the behavior in the "peek at step2, splice at step3" > scenario. If my interpretation above is correct, then this sounds like a bug to me: Squid/hostHeaderVerify() must validate every request target value Squid intends to use for cache lookups and/or connecting. If the request target changes from IP to SNI, then Squid must validate exactly twice. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users