[squid-dev] [squid-bugs] [Bug 4288] New: Incorrect behaviour when server-first and access denied
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 10 11:41:22 UTC 2015
Hi Christos,
If I am reading it right your earlier patch
<http://www.squid-cache.org/Versions/v4/changesets/squid-4-14145.patch>
should already contain the fix for this bug.
Can you double-check that please?
Amos
On 10/07/2015 10:53 p.m., bugzilla-daemon at squid-cache.org wrote:
> http://bugs.squid-cache.org/show_bug.cgi?id=4288
>
> Bug ID: 4288
> Summary: Incorrect behaviour when server-first and access
> denied
> Product: Squid
> Version: 3.5
> Hardware: All
> OS: Linux - All
> Status: UNCONFIRMED
> Severity: major
> Priority: P5
> Component: SSL-Bump
> Assignee: squid-bugs at lists.squid-cache.org
> Reporter: vlad at texpolimet.ru
> Browser: ---
>
> When there is a https request that cannot be proxied due to access denial
> AND squid is configured to inform users or redirect to some url
> AND the ssl-bump behavior is 'server-first'
> AND a connection is intercepted
> squid does not generate a mimic certificate based on original certificate,
> instead it generates an ip-based certificate and a client browser does not
> accept squid-generated information or headers.
>
> In this case squid should anyway connect to a requested server, acquire and
> mimic its certificate and then sign non-original content with its key.
> At least this should be configurable.
>
More information about the squid-dev
mailing list