[squid-dev] [PATCH] ssl::server_name ACL badly broken since inception (trunk r14008).

[Amos Jeffries]

On 21/10/2016 5:18 a.m., Christos Tsantilas wrote:
> 
> The original server_name code mishandled all SNI checks and some rare
> host checks:
> 
> * The SNI-derived value was pointing to an already freed memory storage.
> * Missing host-derived values were not detected (host() is never nil).
> * Mismatches were re-checked with an undocumented "none" value instead
> of being treated as mismatches.
> 
> Same for ssl::server_name_regex.
> 
> Also set SNI for more server-first and client-first transactions.
> 
> This is a Measurement Factory project.
> 

+1.

Amos