On 7/11/2015 7:17 a.m., Christos Tsantilas wrote: > Project description: > - Squid receives SSL Hello from the client (TCP connection A). > > - Squid successfully negotiates an SSL connection with the origin > server (TCP connection B). > > - Squid successfully negotiates an SSL connection with the client > (TCP connection A). > > - Squid marks connection B as "idle" and waits an HTTP request from > connection A. > > - The origin server continues talking to Squid (TCP connection B). > Squid detects a network read on an idle connection and closes TCP > connection B (and then the associated TCP connection A as well). > > This patch: > - When squid detects a network read on server idle connection do an > SSL_read to: > a) see if application data received from server and abort in this case > b) detect possible SSL error, or SSL shutdown message from server > c) or ignore if only SSL protocol related packets received. > > This is a Measurement Factory project >
in src/client_side.cc: * Please use "TLS" in debugs messages instead of "SSL". * Please use "Tls" instead of "Ssl" in new symbol names such as the handleIdleClientPinned***Read() method being added. * Missing whitespace; "if(!ssl)" should be "if (!ssl)" * Please use nullptr instead of NULL on new and altered lines. * Please debug output the full pinning.serverConnection instead of just the FD on debugs with levels higher than 1 / IMPORTANT. in src/client_side.h: * Please use "\returns" instead if "Returns" in the doxygen comment. Since those are all cosmetic I dont think it needs another audit. +1. Please apply once the polishing edits are done. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
