[squid-dev] [PATCH] Fetch missing certificates
Alex Rousskov
rousskov at measurement-factory.com
Mon Jul 11 16:53:59 UTC 2016
On 07/11/2016 10:18 AM, Christos Tsantilas wrote:
> This patch includes a Downloader class which implemented as independent
> AsyncJob class (in the initial patch was a ConnStateData kid).
>
> Currently runs an other related discussion under the mail thread "Care
> and feeding of ConnStateData", but I believe that this discussion does
> not affect a decision about applying or not the Downloader class.
I agree. The "care and feeding" thread uses the latest stand-alone
Downloader design to illustrate class boundaries/relationships, and the
latest Downloader uses some ideas from that thread as well, but the
_disagreements_ on that thread do not affect the latest Downloader class
design. This long-awaited "fetch missing certificates" project is not
blocked on that thread.
> + // Do not check for redirect, tos,nfmark and sslBump
> + http->calloutContext->redirect_done = true;
> + http->calloutContext->tosToClientDone = true;
> + http->calloutContext->nfmarkToClientDone = true;
> + http->calloutContext->sslBumpCheckDone = true;
Why do we not want to do each of those things? I suspect the answer will
differ for each feature, so we probably should document those reasons
separately. For example:
// no support for URL rewriting (yet) because ...
http->calloutContext->redirect_done = true;
// no Squid-client markings because there is no client connection
// TODO: Make doCallouts() smarter about client connection presence?
http->calloutContext->tosToClientDone = true;
http->calloutContext->nfmarkToClientDone = true;
// no need to bump because Squid is the true client here
http->calloutContext->sslBumpCheckDone = true;
This feature is useful even without URL rewriting support so we do not
have to support URL rewrites, especially if adding such is not trivial,
but I think we need to disclose why we are disabling things.
Alex.
More information about the squid-dev
mailing list