[squid-dev] request for change handling hostStrictVerify
kk at sudo-i.net
kk at sudo-i.net
Tue Nov 2 08:25:43 UTC 2021
On Monday, November 01, 2021 14:58 GMT, Alex Rousskov <rousskov at measurement-factory.com> wrote:
On 11/1/21 3:59 AM, kk at sudo-i.net wrote:
> On Saturday, October 30, 2021 01:14 GMT, Alex Rousskov wrote:
>> >> AFAICT, in the majority of deployments, the mismatch between the
>> >> intended IP address and the SNI/Host header can be correctly handled
>> >> automatically and without creating serious problems for the user. Squid
>> >> already does the right thing in some cases. Somebody should carefully
>> >> expand that coverage to intercepted traffic. Frankly, I am somewhat
>> >> surprised nobody has done that yet given the number of complaints!
> Not sure what do you mean with "Somebody should carefully expand that
> coverage to intercepted traffic"?
I meant that somebody should create a high-quality pull request that
modifies Squid source code to properly address the problem you, AFAICT,
are suffering from. There is already code that handles similar
situations correctly.
Alex.
Ok Alex, I will try to implement it.
https://github.com/chifu1234/squid
--
Kevin Klopfenstein
Bellevuestrasse 103
3095 Spiegel, CH
sudo-i.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20211102/8adae16e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5102 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20211102/8adae16e/attachment.bin>
More information about the squid-dev
mailing list