[squid-dev] [PATCH] server_name ACL
Tsantilas Christos
chtsanti at users.sourceforge.net
Tue Feb 24 20:29:06 UTC 2015
Hi all,
This patch adds server_name ACL matching server name(s) obtained from
various sources such as CONNECT request URI, client SNI, and SSL server
certificate CN.
During each SslBump step, Squid improves its understanding of a "true
server name", with a bias towards server-provided (and Squid-validated)
information.
The server-provided server names are retrieved from the server
certificate CN and Subject Alternate Names. The new server_name ACL
matches any of alternate names and CN. If the CN or an alternate name is
a wildcard, then the new ACL matches any domain that matches the domain
with the wildcard.
Other than supporting many sources of server name information (including
sources that may supply Squid with multiple server name variants and
wildcards), the new ACL is similar to dstdomain.
Also added a server_name_regex ACL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server_name-acl-t7.patch
Type: text/x-patch
Size: 44302 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20150224/1f223015/attachment-0001.bin>
More information about the squid-dev
mailing list