[squid-dev] [PATCH] Handshake Problem during Renegotiation

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 6 18:39:06 UTC 2015


On 7/11/2015 7:17 a.m., Christos Tsantilas wrote:
> Project description:
>    - Squid receives SSL Hello from the client (TCP connection A).
> 
>    - Squid successfully negotiates an SSL connection with the origin
> server (TCP connection B).
> 
>    - Squid successfully negotiates an SSL connection with the client
> (TCP connection A).
> 
>    - Squid marks connection B as "idle" and waits an HTTP request from
> connection A.
> 
>    - The origin server continues talking to Squid (TCP connection B).
> Squid detects a network read on an idle connection and closes TCP
> connection B (and then the associated TCP connection A as well).
> 
> This patch:
> - When squid detects a network read on server idle connection do an
> SSL_read to:
>     a) see if application data received from server and abort in this case
>     b) detect possible SSL error, or SSL shutdown message from server
>     c) or ignore if only SSL protocol related packets received.
> 
> This is a Measurement Factory project
> 


in src/client_side.cc:

* Please use "TLS" in debugs messages instead of "SSL".

* Please use "Tls" instead of "Ssl" in new symbol names such as the
handleIdleClientPinned***Read() method being added.

* Missing whitespace; "if(!ssl)" should be "if (!ssl)"

* Please use nullptr instead of NULL on new and altered lines.

* Please debug output the full pinning.serverConnection instead of just
the FD on debugs with levels higher than 1 / IMPORTANT.


in src/client_side.h:

* Please use "\returns" instead if "Returns" in the doxygen comment.


Since those are all cosmetic I dont think it needs another audit.

+1. Please apply once the polishing edits are done.


Amos



More information about the squid-dev mailing list