[squid-dev] [PATCH] SNI information is not set on transparent bumping mode
Tsantilas Christos
chtsanti at users.sourceforge.net
Mon Feb 9 16:14:16 UTC 2015
On 02/09/2015 02:26 PM, Amos Jeffries wrote:
> On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
>> SNI information is not set on transparent bumping mode
>>
>> Forward SNI (obtained from an intercepted client connection) to servers
>> when SslBump peeks or stares at the server certificate.
>>
>> SslBump was not forwarding SNI to servers when Squid obtained SNI from
>> an intercepted client while peeking (or staring) at client Hello.
>>
>> This patch also fixes squid to consider hostname included in SNI
>> information more reliable than the hostname provided in CONNECT request
>> for certificates CN verify
>>
>
> +1. ... and please apply ASAP.
Applied to trunk as rev:13919
>
> Amos
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>
More information about the squid-dev
mailing list