[squid-dev] [PATCH] %ssl::<cert_errors logformat code

Tsantilas Christos chtsanti at users.sourceforge.net
Tue Sep 29 15:11:29 UTC 2015


A new version of this patch.

On 09/24/2015 04:11 PM, Amos Jeffries wrote:
> On 17/09/2015 8:08 p.m., Tsantilas Christos wrote:
>>
>> Currently Squid with SSL bumping only logs SSL errors that have caused
>> Squid to block traffic. It does not log SSL errors that are mimicked.
>> Logging a list with all encountered (and ignored) errors is interesting
>> for debugging and statistics reasons.
>>
>> The new %ssl::<cert_errors logformat code lists server certificate
>> validation errors detected by Squid (including OpenSSL and the
>> certificate validation helper components)
>>
>> This is a Measurement Factory project
>>
>
> in cf.data.pre:
>
> * Please leave a 1-line whitespace gap between these very long
> descriptions. Same as you can see above the cert_issuer option description.
>
>
> in src/format/Format.cc:
>
> * please shuffle the switch case up above the two "not implemented"
> existing ones.
>
>   * Also leave whitespace around the new case code. The existing ones are
> only squashed together since they both fall through to the same break.
>
> * sslErrorName can be a static function local to this .cc
>   - that avoids the need to touch Format.h

all of the above fixed in this new patch.


>
>
> Amos
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Log-all-SSL-errors-t4.patch
Type: text/x-patch
Size: 11245 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20150929/735481e2/attachment.bin>


More information about the squid-dev mailing list