[squid-dev] [PATCH] initial GnuTLS support for encrypted server connections
Amos Jeffries
squid3 at treenet.co.nz
Thu Feb 2 06:51:43 UTC 2017
On 2/02/2017 2:28 p.m., Alex Rousskov wrote:
> On 01/19/2017 12:11 PM, Alex Rousskov wrote:
>> On 01/19/2017 12:16 AM, Amos Jeffries wrote:
>>> Well, there is no such thing as a "SSL connection" - it is security
>>> added onto some *other* Transport Protocol's layer.
>
>> There is. The "security added onto some other Transport Protocol's
>> layer" is called SSL connection. It is not a TCP connection, of course.
>> It is an SSL connection. See RFC 5246 for numerous examples of this
>> usage. Calling that connection a "session" in Squid sources is abomination.
>
> I probably should have been more explicit here. Please rename the new
> Security::CreateClientSession() and friends to
> Security::CreateClientConnection() and such. If the patch adds other
> sessions that are actually SSL connections, please fix them as well.
Just as we were getting so close to agreeing on the names.
Can we agree on this being a fundamental design in Squid:
* all connections have an associated socket ID.
* all _open_ connections are stored in fd_table. Indexed by the
connections socket ID. If not that is a bug.
Do you agree on that?
Now a Question, and please answer carefully:
Does the PeerConnector or the new() operator 'connect' the "SSL
connection" ?
Amos
More information about the squid-dev
mailing list