[squid-dev] [PATCH] SNI information is not set on transparent bumping mode
Amos Jeffries
squid3 at treenet.co.nz
Mon Feb 9 12:26:46 UTC 2015
On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
> SNI information is not set on transparent bumping mode
>
> Forward SNI (obtained from an intercepted client connection) to servers
> when SslBump peeks or stares at the server certificate.
>
> SslBump was not forwarding SNI to servers when Squid obtained SNI from
> an intercepted client while peeking (or staring) at client Hello.
>
> This patch also fixes squid to consider hostname included in SNI
> information more reliable than the hostname provided in CONNECT request
> for certificates CN verify
>
+1. ... and please apply ASAP.
Amos
More information about the squid-dev
mailing list