[squid-dev] Fix external_acl problems
Christos Tsantilas
christos at chtsanti.net
Thu Jan 28 19:10:11 UTC 2016
Hi all,
After the patch r14351 created the following problems:
- external_acl requires AccessLogEntry but ALE is not available
in many cases such as ssl_bump ACLs.
- The %<cert_subject stopped working because it was supported by
external_acl code and not by logformat code.
This patch:
- Passes AccessLogEntry in most cases.
For example, PeerConnector-related classes are now covered.
- Implements the %<cert_subject formating code for logformat.
Still there are cases which are not handled correctly:
- In the case of transparent SSL bumping, the patch uses a local
AccessLogEntry to allow external_acl work with the ssl_bump access list.
- The slow acls inside Ssl::PeerConnector can not support external_acl
in the case of PeerPoolMgr
- Most of the fast acls does not support ALE based acls. I know that
currently the only ALE based acl is the external_acl, which is slow acl,
but my opinion is that it is not bad idea to support cases the
external_acl result is stored in cache.
- Also we need to check and review if the informations passed with
the ALE is the same passed using the FilledChecklist object. This is not
obvious.
This is a Measurement Factory project.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cert_subject_gone-t3.patch
Type: text/x-patch
Size: 42567 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160128/6fb21bc3/attachment-0001.bin>
More information about the squid-dev
mailing list