[squid-dev] [PATCH] Handshake Problem during Renegotiation

Christos Tsantilas christos at chtsanti.net
Mon Nov 9 16:39:10 UTC 2015


I am also attaching the patch for squid-3.5.
The patch for trunk does not apply to 3.5



On 11/09/2015 06:25 PM, Christos Tsantilas wrote:
> Patch applied to trunk as r14390.
>
> On 11/06/2015 08:39 PM, Amos Jeffries wrote:
>> On 7/11/2015 7:17 a.m., Christos Tsantilas wrote:
>>> Project description:
>>>     - Squid receives SSL Hello from the client (TCP connection A).
>>>
>>>     - Squid successfully negotiates an SSL connection with the origin
>>> server (TCP connection B).
>>>
>>>     - Squid successfully negotiates an SSL connection with the client
>>> (TCP connection A).
>>>
>>>     - Squid marks connection B as "idle" and waits an HTTP request from
>>> connection A.
>>>
>>>     - The origin server continues talking to Squid (TCP connection B).
>>> Squid detects a network read on an idle connection and closes TCP
>>> connection B (and then the associated TCP connection A as well).
>>>
>>> This patch:
>>> - When squid detects a network read on server idle connection do an
>>> SSL_read to:
>>>      a) see if application data received from server and abort in
>>> this case
>>>      b) detect possible SSL error, or SSL shutdown message from server
>>>      c) or ignore if only SSL protocol related packets received.
>>>
>>> This is a Measurement Factory project
>>>
>>
>>
>> in src/client_side.cc:
>>
>> * Please use "TLS" in debugs messages instead of "SSL".
>>
>> * Please use "Tls" instead of "Ssl" in new symbol names such as the
>> handleIdleClientPinned***Read() method being added.
>>
>> * Missing whitespace; "if(!ssl)" should be "if (!ssl)"
>>
>> * Please use nullptr instead of NULL on new and altered lines.
>>
>> * Please debug output the full pinning.serverConnection instead of just
>> the FD on debugs with levels higher than 1 / IMPORTANT.
>>
>>
>> in src/client_side.h:
>>
>> * Please use "\returns" instead if "Returns" in the doxygen comment.
>>
>>
>> Since those are all cosmetic I dont think it needs another audit.
>>
>> +1. Please apply once the polishing edits are done.
>>
>>
>> Amos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-101-Handshake-Problem-during-Renegotiation-3.5-t5.patch
Type: text/x-patch
Size: 6907 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20151109/7f92c8bb/attachment-0001.bin>


More information about the squid-dev mailing list