[squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

Amos Jeffries squid3 at treenet.co.nz
Thu Feb 2 06:51:43 UTC 2017

On 2/02/2017 2:28 p.m., Alex Rousskov wrote:
> On 01/19/2017 12:11 PM, Alex Rousskov wrote:
>> On 01/19/2017 12:16 AM, Amos Jeffries wrote:
>>> Well, there is no such thing as a "SSL connection" - it is security
>>> added onto some *other* Transport Protocol's layer.
>> There is. The "security added onto some other Transport Protocol's
>> layer" is called SSL connection. It is not a TCP connection, of course.
>> It is an SSL connection. See RFC 5246 for numerous examples of this
>> usage. Calling that connection a "session" in Squid sources is abomination.
> I probably should have been more explicit here. Please rename the new
> Security::CreateClientSession() and friends to
> Security::CreateClientConnection() and such. If the patch adds other
> sessions that are actually SSL connections, please fix them as well.

Just as we were getting so close to agreeing on the names.

Can we agree on this being a fundamental design in Squid:

 * all connections have an associated socket ID.

 * all _open_ connections are stored in fd_table. Indexed by the
connections socket ID. If not that is a bug.

Do you agree on that?

Now a Question, and please answer carefully:

 Does the PeerConnector or the new() operator 'connect' the "SSL
connection" ?


More information about the squid-dev mailing list