[squid-dev] Alternate origin server selection

Steve Hill steve at opendium.com
Fri Oct 29 13:57:23 UTC 2021 

On 28/10/2021 18:16, Alex Rousskov wrote:

> Squid does not "need" any of this, of course. Configuration and/or bugs
> force Squid to do what it does. If your decision-making process does not
> involve the certificate, then you should be able to rewrite the fake
> CONNECT request during SslBump step2, without (or before) telling Squid
> to stare at the certificate (and pin the resulting connection).

Ok, I've gone back and looked over my old debug logs.  It appears what 
was actually happening was:

- Client sends "CONNECT www.google.com:443".
- Connection with TLS made to forcesafesearch.google.com.
- Client sends "GET / HTTP/1.1\r\nHost: www.google.com"
- Squid runs the peer selector to find peers for www.google.com (i.e. 
the host contained in the GET request).
- It finds the appropriate pinned connection:
client_side.cc(3872) borrowPinnedConnection: conn28 
local=81.187.83.66:52488 remote=216.239.38.120:443 HIER_DIRECT FD 18 flags=1
- Squid then logs:
   FwdState.cc(472) fail: ERR_ZERO_SIZE_OBJECT "Bad Gateway"
           https://www.google.com/
   FwdState.cc(484) fail: pconn race happened
   FwdState.cc(494) fail: zero reply on pinned connection

Unfortunately, I cannot reproduce this problem now.

I can remove the unpinning code and submit a new pull request, which now 
works ok for me.  But I'm very wary that I did originally have problems 
with that which I can no longer reproduce.


-- 
- Steve Hill
    Technical Director | Cyfarwyddwr Technegol
    Opendium    Online Safety & Web Filtering     http://www.opendium.com
                Diogelwch Ar-Lein a Hidlo Gwefan

    Enquiries | Ymholiadau:   sales at opendium.com     +44-1792-824568
    Support   | Cefnogi:      support at opendium.com   +44-1792-825748

------------------------------------------------------------------------
Opendium Limited is a company registered in England and Wales.
Mae Opendium Limited yn gwmni sydd wedi'i gofrestru yn Lloegr a Chymru.

Company No. | Rhif Cwmni:   5465437
Highfield House, 1 Brue Close, Bruton, Somerset, BA10 0HY, England.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: steve.vcf
Type: text/x-vcard
Size: 259 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20211029/b6f3ccac/attachment.vcf>

More information about the squid-dev mailing list