[squid-users] Squid modification to only read client SNI without bumping.
His Shadow
shadowpilot34 at gmail.com
Tue Jun 8 10:51:20 UTC 2021
Greetings. I've been trying to make a patch for squid, so that it
could read client hello on connect requests and set the SNI without
using ssl_bump, as that requires generating certificates and is too
complicated for my needs. Here's the patch I've come up with. It seems
to be working, but I'm getting a bunch of connections in CLOSE_WAIT
state after using it under load. I can't seem to reproduce it locally,
but I bet I don't know something, or did something wrong. Can anyone
code check this patch, please? Also, not sure if it's the correct
place to post this. The patch is applicable to the latest release in
4.x series - 4.15.
--
HisShadow
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sni.patch
Type: text/x-patch
Size: 14123 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210608/7fb3851d/attachment-0001.bin>
More information about the squid-users
mailing list