[squid-dev] Hello and ssl_bump and External ACLs - 4.0.2
Christos Tsantilas
christos at chtsanti.net
Thu Jan 28 15:35:19 UTC 2016
Hi Dave,
We are working on a patch which solves this problem and other related
or similar problems. It requires more complex patch than my initial
patch posted here.
On 01/28/2016 05:23 PM, Dave Lewthwaite wrote:
> Hi,
>
>
>
> I appreciate it’s been a while but I’m still keen to get to the bottom of this problem.
>
> I am currently working with nightly squid-4.0.4-20160124-r14504 applying a modified patch from earlier in this thread (I had to modify as some of the objects have moved around and are accessed differently). This results in the same problem, however, I was able to get it all working for normal proxy ports (HTTP where clients do CONNECT) by adding this line -
>
> acl_checklist->al = pipeline.front()->http->al;
>
>
> Into ConnStateData::startPeekAndSpliceDone() from client_side.cc - the external ACL is then correctly evaluated with all the correct fields supplied and the splice/bump decision is made correctly.
>
> It doesn’t work for transparent interception however (https_port and IPTables redirect) but it’s the ACL checking in this function that goes wrong.
>
> I’m happy to try any suggestions and/or provide debug info etc.
>
> Thanks in advance.
>
More information about the squid-dev
mailing list