[squid-dev] [PATCH] ssl::server_name ACL badly broken since inception (trunk r14008).

Amos Jeffries squid3 at treenet.co.nz
Wed Oct 26 21:46:45 UTC 2016


On 21/10/2016 5:18 a.m., Christos Tsantilas wrote:
> 
> The original server_name code mishandled all SNI checks and some rare
> host checks:
> 
> * The SNI-derived value was pointing to an already freed memory storage.
> * Missing host-derived values were not detected (host() is never nil).
> * Mismatches were re-checked with an undocumented "none" value instead
> of being treated as mismatches.
> 
> Same for ssl::server_name_regex.
> 
> Also set SNI for more server-first and client-first transactions.
> 
> This is a Measurement Factory project.
> 

+1.

Amos




More information about the squid-dev mailing list