[squid-dev] [PATCH] ssl::server_name ACL badly broken since inception (trunk r14008).

Christos Tsantilas christos at chtsanti.net
Fri Oct 28 08:39:45 UTC 2016


Patch applied to trunk as r14898.

I am attaching the squid-3.5 version of the patch.



On 10/27/2016 12:46 AM, Amos Jeffries wrote:
> On 21/10/2016 5:18 a.m., Christos Tsantilas wrote:
>>
>> The original server_name code mishandled all SNI checks and some rare
>> host checks:
>>
>> * The SNI-derived value was pointing to an already freed memory storage.
>> * Missing host-derived values were not detected (host() is never nil).
>> * Mismatches were re-checked with an undocumented "none" value instead
>> of being treated as mismatches.
>>
>> Same for ssl::server_name_regex.
>>
>> Also set SNI for more server-first and client-first transactions.
>>
>> This is a Measurement Factory project.
>>
>
> +1.
>
> Amos
>
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-243-server-name-broken-squid3.5-t4.patch
Type: text/x-patch
Size: 4982 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20161028/dd629e87/attachment.bin>


More information about the squid-dev mailing list