Patch applied to trunk as r14390. On 11/06/2015 08:39 PM, Amos Jeffries wrote:
On 7/11/2015 7:17 a.m., Christos Tsantilas wrote:Project description: - Squid receives SSL Hello from the client (TCP connection A).- Squid successfully negotiates an SSL connection with the origin server (TCP connection B). - Squid successfully negotiates an SSL connection with the client (TCP connection A). - Squid marks connection B as "idle" and waits an HTTP request from connection A. - The origin server continues talking to Squid (TCP connection B). Squid detects a network read on an idle connection and closes TCP connection B (and then the associated TCP connection A as well). This patch: - When squid detects a network read on server idle connection do an SSL_read to: a) see if application data received from server and abort in this case b) detect possible SSL error, or SSL shutdown message from server c) or ignore if only SSL protocol related packets received. This is a Measurement Factory projectin src/client_side.cc: * Please use "TLS" in debugs messages instead of "SSL". * Please use "Tls" instead of "Ssl" in new symbol names such as the handleIdleClientPinned***Read() method being added. * Missing whitespace; "if(!ssl)" should be "if (!ssl)" * Please use nullptr instead of NULL on new and altered lines. * Please debug output the full pinning.serverConnection instead of just the FD on debugs with levels higher than 1 / IMPORTANT. in src/client_side.h: * Please use "\returns" instead if "Returns" in the doxygen comment. Since those are all cosmetic I dont think it needs another audit. +1. Please apply once the polishing edits are done. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
_______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
