Re: [squid-dev] [PATCH] SNI information is not set on transparent bumping mode

Tsantilas Christos Mon, 09 Feb 2015 08:15:16 -0800

On 02/09/2015 02:26 PM, Amos Jeffries wrote:

On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:

SNI information is not set on transparent bumping mode


Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.

SslBump was not forwarding SNI to servers when Squid obtained SNI from
an intercepted client while peeking (or staring) at client Hello.

This patch also fixes squid to consider hostname included in SNI
information more reliable than the hostname provided in CONNECT request
for certificates CN verify


+1. ... and please apply ASAP.


Applied to trunk as rev:13919


Amos

_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev


_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] SNI information is not set on transparent bumping mode

Reply via email to