[squid-dev] [PATCH] Fix external_acl problems
Christos Tsantilas
christos at chtsanti.net
Mon Feb 1 15:09:55 UTC 2016
On 01/29/2016 02:46 PM, Amos Jeffries wrote:
> On 29/01/2016 8:10 a.m., Christos Tsantilas wrote:
>> Hi all,
>>
>> After the patch r14351 created the following problems:
>> - external_acl requires AccessLogEntry but ALE is not available
>> in many cases such as ssl_bump ACLs.
>> - The %<cert_subject stopped working because it was supported by
>> external_acl code and not by logformat code.
>>
>> This patch:
>> - Passes AccessLogEntry in most cases.
>> For example, PeerConnector-related classes are now covered.
>> - Implements the %<cert_subject formating code for logformat.
>>
>>
>> Still there are cases which are not handled correctly:
>> - In the case of transparent SSL bumping, the patch uses a local
>> AccessLogEntry to allow external_acl work with the ssl_bump access list.
>>
>> - The slow acls inside Ssl::PeerConnector can not support external_acl
>> in the case of PeerPoolMgr
>>
>> - Most of the fast acls does not support ALE based acls. I know that
>> currently the only ALE based acl is the external_acl, which is slow acl,
>> but my opinion is that it is not bad idea to support cases the
>> external_acl result is stored in cache.
>>
>> - Also we need to check and review if the informations passed with the
>> ALE is the same passed using the FilledChecklist object. This is not
>> obvious.
>>
>>
>> This is a Measurement Factory project.
>>
>
> +1. Please apply.
>
> But note that PeerConnector child classes are now in different files
> when merging to trunk.
Still I am not able to compile trunk.
I will merge to trunk after the problems is fixed.
>
> Amos
>
>
More information about the squid-dev
mailing list