Re: [squid-users] sslbump and always_direct

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Jan 2011 18:00:17 +1300

On 28/01/11 07:17, Ming Fu wrote:
> Hi Amos,
>
> Thanks for the insight.
> Do you remember the bug number? I want to understand the issue especially when unencrypted traffic can be sent.
>
> Ming
>

It is a bit twisted but involved with this design flaw bug:
http://bugs.squid-cache.org/show_bug.cgi?id=2117

Henriks comment #3 and #4 covers the problem.

In effect Squid handles the CONNECT as a special case whether tunnelling
or bumping. The results is that for a bump the re-CONNECT is done for
the internal request, not a reversion to the original CONNECT. So any
special headers on that first CONNECT may be lost by the bump.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Fri Jan 28 2011 - 05:00:23 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 28 2011 - 12:00:04 MST