[squid-dev] [PATCH] Bump SSL client on [more] errors encountered before ssl_bump evaluation

Amos Jeffries squid3 at treenet.co.nz
Thu Feb 9 16:38:42 UTC 2017


On 7/02/2017 11:12 p.m., Christos Tsantilas wrote:
> On 07/02/2017 11:43 πμ, Amos Jeffries wrote:
>> On 7/02/2017 6:07 a.m., Christos Tsantilas wrote:
>>> Applied to trunk as r15036.
>>>
>>> I am attaching the patch for squid-3.5
>>>
>>>
>>> On 04/02/2017 04:07 μμ, Amos Jeffries wrote:
>>>> On 4/02/2017 8:27 a.m., Christos Tsantilas wrote:
>>>>> ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an
>>>>> http_access deny rule match.
>>>>>
>>>>> The old code allowed ssl_bump step1 rules to be evaluated in the
>>>>> presence of an error. An ssl_bump splicing decision would then trigger
>>>>> the useless "send the error to the client now" processing logic
>>>>> instead
>>>>> of going down the "to serve an error, bump the client first" path.
>>>>>
>>
>> Does this fix bug 4646?
> 
> Nope.
> The bug-4646 is a little different because of a splice, which decided
> before the squid-to-server-connection error.
> 
>

Thanks. Applied to v4 and to 3.5 as rev.14142.

Amos


More information about the squid-dev mailing list