[squid-dev] [PATCH] Handshake Problem during Renegotiation
Christos Tsantilas
christos at chtsanti.net
Mon Nov 9 16:25:31 UTC 2015
Patch applied to trunk as r14390.
On 11/06/2015 08:39 PM, Amos Jeffries wrote:
> On 7/11/2015 7:17 a.m., Christos Tsantilas wrote:
>> Project description:
>> - Squid receives SSL Hello from the client (TCP connection A).
>>
>> - Squid successfully negotiates an SSL connection with the origin
>> server (TCP connection B).
>>
>> - Squid successfully negotiates an SSL connection with the client
>> (TCP connection A).
>>
>> - Squid marks connection B as "idle" and waits an HTTP request from
>> connection A.
>>
>> - The origin server continues talking to Squid (TCP connection B).
>> Squid detects a network read on an idle connection and closes TCP
>> connection B (and then the associated TCP connection A as well).
>>
>> This patch:
>> - When squid detects a network read on server idle connection do an
>> SSL_read to:
>> a) see if application data received from server and abort in this case
>> b) detect possible SSL error, or SSL shutdown message from server
>> c) or ignore if only SSL protocol related packets received.
>>
>> This is a Measurement Factory project
>>
>
>
> in src/client_side.cc:
>
> * Please use "TLS" in debugs messages instead of "SSL".
>
> * Please use "Tls" instead of "Ssl" in new symbol names such as the
> handleIdleClientPinned***Read() method being added.
>
> * Missing whitespace; "if(!ssl)" should be "if (!ssl)"
>
> * Please use nullptr instead of NULL on new and altered lines.
>
> * Please debug output the full pinning.serverConnection instead of just
> the FD on debugs with levels higher than 1 / IMPORTANT.
>
>
> in src/client_side.h:
>
> * Please use "\returns" instead if "Returns" in the doxygen comment.
>
>
> Since those are all cosmetic I dont think it needs another audit.
>
> +1. Please apply once the polishing edits are done.
>
>
> Amos
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list