[squid-dev] [PATCH] ssl::server_name ACL badly broken since inception (trunk r14008).

Christos Tsantilas christos at chtsanti.net
Thu Oct 20 16:18:02 UTC 2016


The original server_name code mishandled all SNI checks and some rare 
host checks:

* The SNI-derived value was pointing to an already freed memory storage.
* Missing host-derived values were not detected (host() is never nil).
* Mismatches were re-checked with an undocumented "none" value instead 
of being treated as mismatches.

Same for ssl::server_name_regex.

Also set SNI for more server-first and client-first transactions.

This is a Measurement Factory project.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-243-server-name-broken-t4.patch
Type: text/x-patch
Size: 10697 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20161020/a6d97526/attachment.bin>


More information about the squid-dev mailing list