[squid-users] Wrong req_header result in cache_peer_access when using ssl_bump

Amos Jeffries squid3 at treenet.co.nz
Thu Jul 21 11:13:36 UTC 2016


On 21/07/2016 9:31 p.m., Mihai Ene wrote:
> Please excuse my persistence, but when that condition was introduced, in
> [2011](
> https://github.com/squid-cache/squid/commit/9d7a49fb719dcd9ec22a8d3116e888c6e93c5dbb),
> it was meant to prevent forwarding unencrypted requests. You can see that
> there is no check whether `cache_peer` is using ssl, in which case requests
> would be encrypted, after all.
> 
> I think that condition shouldn't include `cache_peer`s with ssl.
> 

Sure, and you are free to update the code to test that. Please let us
know how that goes. If the results are good I'd be happy to merge the
change.

Amos



More information about the squid-users mailing list