On 27/11/2015 12:51 a.m., Christos Tsantilas wrote: > > This change is specific to FwdState code path. It does not affect > tunneled traffic. Thus, it does not affect CONNECT tunnels unless they > are being inspected with SslBump code. > > The old code always used PeekingPeerConnector when connecting to a > TLS-related cache_peer. That approach worked because > PeekingPeerConnector does not always inspect the SSL/TLS connection it > establishes. We were kind of lucky that PeekingPeerConnector exceptions > matched FwdState needs. > > The primary PeekingPeerConnector goal is to inspect. As its code > evolves, it may enable inspection when FwdState does not want it. > Non-peeking cases inside PeekingPeerConnector should all deal with > exceptional situations that are difficult to predict a priori, before > the connector object is created. > > This change restricts inspection to cases where an inspected SSL client > connection is being forwarded, reducing the probability that a peer > connection is wrongly inspected. This change does not fix any known bugs. > > This is a Measurement Factory project. >
+1. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
