[squid-dev] [PATCH] SNI information is not set on transparent bumping mode

Amos Jeffries squid3 at treenet.co.nz
Mon Feb 9 12:26:46 UTC 2015


On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
> SNI information is not set on transparent bumping mode
> 
> Forward SNI (obtained from an intercepted client connection) to servers
> when SslBump peeks or stares at the server certificate.
> 
> SslBump was not forwarding SNI to servers when Squid obtained SNI from
> an intercepted client while peeking (or staring) at client Hello.
> 
> This patch also fixes squid to consider hostname included in SNI
> information more reliable than the hostname provided in CONNECT request
> for certificates CN verify
> 

+1. ... and please apply ASAP.

Amos



More information about the squid-dev mailing list