[squid-dev] [PATCH] squid SSL subsystem did not initialized correctly
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 6 11:55:45 UTC 2015
On 6/08/2015 9:54 p.m., Tsantilas Christos wrote:
> Hi all,
>
> Currently SSL subsystem did not initialized correctly in squid trunk.
> This is because of the Security::ProxyOutgoingConfig.encryptTransport
> which is always false so the client SSL CTX object never builds. As a
> result squid may not start if SSL is configured. I am attaching a small
> patch I am using in my squid trees to work with SSL.
This always-enabled code is not compatible with the possible admin
configuration:
tls_outgoing_options disable
Can you please try this instead:
Security::PeerOptions::parse(const char *token)
{
if (strncmp(token, "disable", 7) == 0) {
clear();
+ return;
} else if (strncmp(token, "cert=", 5) == 0) {
...
} else {
debugs(3, DBG_CRITICAL, "ERROR: Unknown TLS option '" << ...
+ return;
}
+
+ encryptTransport = true;
}
If that works you can go through and also remove uses of
"secure.encryptTransport = true" from adaptation/ServiceConfig.cc and
cache_cf.cc where it is set next to a call to secure.parse()
... but not the other one where it is set to always-on for https_port.
If the final result still works, please commit.
Amos
More information about the squid-dev
mailing list