[squid-dev] [PATCH] Handshake Problem during Renegotiation
christos at chtsanti.net
Mon Nov 9 16:39:10 UTC 2015
I am also attaching the patch for squid-3.5.
The patch for trunk does not apply to 3.5
On 11/09/2015 06:25 PM, Christos Tsantilas wrote:
> Patch applied to trunk as r14390.
> On 11/06/2015 08:39 PM, Amos Jeffries wrote:
>> On 7/11/2015 7:17 a.m., Christos Tsantilas wrote:
>>> Project description:
>>> - Squid receives SSL Hello from the client (TCP connection A).
>>> - Squid successfully negotiates an SSL connection with the origin
>>> server (TCP connection B).
>>> - Squid successfully negotiates an SSL connection with the client
>>> (TCP connection A).
>>> - Squid marks connection B as "idle" and waits an HTTP request from
>>> connection A.
>>> - The origin server continues talking to Squid (TCP connection B).
>>> Squid detects a network read on an idle connection and closes TCP
>>> connection B (and then the associated TCP connection A as well).
>>> This patch:
>>> - When squid detects a network read on server idle connection do an
>>> SSL_read to:
>>> a) see if application data received from server and abort in
>>> this case
>>> b) detect possible SSL error, or SSL shutdown message from server
>>> c) or ignore if only SSL protocol related packets received.
>>> This is a Measurement Factory project
>> in src/client_side.cc:
>> * Please use "TLS" in debugs messages instead of "SSL".
>> * Please use "Tls" instead of "Ssl" in new symbol names such as the
>> handleIdleClientPinned***Read() method being added.
>> * Missing whitespace; "if(!ssl)" should be "if (!ssl)"
>> * Please use nullptr instead of NULL on new and altered lines.
>> * Please debug output the full pinning.serverConnection instead of just
>> the FD on debugs with levels higher than 1 / IMPORTANT.
>> in src/client_side.h:
>> * Please use "\returns" instead if "Returns" in the doxygen comment.
>> Since those are all cosmetic I dont think it needs another audit.
>> +1. Please apply once the polishing edits are done.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6907 bytes
Desc: not available
More information about the squid-dev