[squid-dev] [PATCH] Bump SSL client on [more] errors encountered before ssl_bump evaluation
christos at chtsanti.net
Mon Feb 6 17:07:39 UTC 2017
Applied to trunk as r15036.
I am attaching the patch for squid-3.5
On 04/02/2017 04:07 μμ, Amos Jeffries wrote:
> On 4/02/2017 8:27 a.m., Christos Tsantilas wrote:
>> ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an
>> http_access deny rule match.
>> The old code allowed ssl_bump step1 rules to be evaluated in the
>> presence of an error. An ssl_bump splicing decision would then trigger
>> the useless "send the error to the client now" processing logic instead
>> of going down the "to serve an error, bump the client first" path.
>> Furthermore, the ssl_bump evaluation result itself could be surprising
>> to the admin because ssl_bump (and most other) rules are not meant to be
>> evaluated for a transaction in an error state. This complicated triage.
>> Also polished an important comment to clarify that we want to bump on
>> error if (and only if) the SslBump feature is applicable to the failed
>> transaction (i.e., if the ssl_bump rules would have been evaluated if
>> there were no prior errors). The old comment could have been
>> misinterpreted that ssl_bump rules must be evaluated to allow an
>> "ssl_bump splice" match to hide the error.
>> This is a Measurement Factory project.
> +1. Please apply.
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5412 bytes
Desc: not available
More information about the squid-dev