[squid-dev] [PATCH] Support tunneling of bumped non-HTTP traffic. Other SslBump fixes.
Christos Tsantilas
christos at chtsanti.net
Thu Oct 13 17:59:25 UTC 2016
Use case: Skype groups appear to use TLS-encrypted MSNP protocol instead
of HTTPS. This change allows Squid admins using SslBump to tunnel Skype
groups and similar non-HTTP traffic bytes via "on_unsupported_protocol
tunnel all". Previously, the combination resulted in encrypted HTTP 400
(Bad Request) messages sent to the client (that does not speak HTTP).
Also this patch:
* fixes bug 4529: !EBIT_TEST(entry->flags, ENTRY_FWD_HDR_WAIT)
assertion in FwdState.cc.
* when splicing transparent connections during SslBump step1, avoid
access-logging an extra record and log %ssl::bump_mode as the expected
"splice" not "none".
* handles an XXX comment inside clientTunnelOnError for possible
memory leak of client streams related objects
* fixes TunnelStateData logging in the case of splicing after peek.
This is a Measurement Factory project.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-211-Skype_groups_and_msnp_bypass-t8.patch
Type: text/x-patch
Size: 96595 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20161013/9beb6676/attachment-0001.bin>
More information about the squid-dev
mailing list