[squid-dev] Fake CONNECT requests during SSL Bump

Amos Jeffries squid3 at treenet.co.nz
Wed Sep 23 01:52:31 UTC 2015


On 23/09/2015 9:34 a.m., Alex Rousskov wrote:
> On 09/22/2015 11:16 AM, Amos Jeffries wrote:
>> On 23/09/2015 4:32 a.m., Steve Hill wrote:
>>>
>>> Currently, Squid generates a fake CONNECT request for transparently
>>> proxied HTTPS, and possibly a second fake CONNECT if that connection is
>>> spliced.  For non-transparently proxied connections, there's a real
>>> CONNECT, so the first fake CONNECT isn't needed, but the second fake
>>> CONNECT is also suppressed.
>>>
>>> I'm trying to extend Squid to generate an ICAP REQMOD request for each
>>> ssl bump step,
> 
>> You do understand that those "bump steps" are an abstract concept we
>> created out of thin air right?
> 
> 
> At the risk of getting into another pointless debate about the meaning
> of dictionary words, I have to note that bumping steps are as real as
> anything else in Squid. No, they are not described in some RFC, but they
> could have been, and they are backed by various necessary processing
> steps to implement bumping. We could group those processing steps
> differently and could add more steps, of course, but that does not make
> the existing steps any less "real" or more "abstract" than, say,
> http_access or cache_peer processing steps.

Exactly. They are processing steps. Not messages to be adapted.

Amos


More information about the squid-dev mailing list