[squid-dev] [PATCH] Bump SSL client on [more] errors encountered before ssl_bump evaluation

Christos Tsantilas christos at chtsanti.net
Tue Feb 21 16:55:04 UTC 2017


Hi all,

  The r14142 patch broke CONNECT authentication. The bug caused by a 
misplaced  block of code while porting the patch from squid-5 to squid-3.5.
My apologies.
I am attaching a patch which fixes the problem for squid-3.5. The other 
releases does not suffer from this problem.

On 09/02/2017 06:38 μμ, Amos Jeffries wrote:
> On 7/02/2017 11:12 p.m., Christos Tsantilas wrote:
>> On 07/02/2017 11:43 πμ, Amos Jeffries wrote:
>>> On 7/02/2017 6:07 a.m., Christos Tsantilas wrote:
>>>> Applied to trunk as r15036.
>>>>
>>>> I am attaching the patch for squid-3.5
>>>>
>>>>
>>>> On 04/02/2017 04:07 μμ, Amos Jeffries wrote:
>>>>> On 4/02/2017 8:27 a.m., Christos Tsantilas wrote:
>>>>>> ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an
>>>>>> http_access deny rule match.
>>>>>>
>>>>>> The old code allowed ssl_bump step1 rules to be evaluated in the
>>>>>> presence of an error. An ssl_bump splicing decision would then trigger
>>>>>> the useless "send the error to the client now" processing logic
>>>>>> instead
>>>>>> of going down the "to serve an error, bump the client first" path.
>>>>>>
>>>
>>> Does this fix bug 4646?
>>
>> Nope.
>> The bug-4646 is a little different because of a splice, which decided
>> before the squid-to-server-connection error.
>>
>>
>
> Thanks. Applied to v4 and to 3.5 as rev.14142.
>
> Amos
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-r14142-t1.patch
Type: text/x-patch
Size: 3104 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170221/0cd4b692/attachment.bin>


More information about the squid-dev mailing list