I started testing this patch and observed one unwanted side effect of this patch:
When a client connects to mtalk.google.com,
Squid sends the following line to the URL rewriter:
(unknown):// <IP>/<IP> - NONE


Quoting Christos Tsantilas <chris...@chtsanti.net>:

Use case: Skype groups appear to use TLS-encrypted MSNP protocol instead of HTTPS. This change allows Squid admins using SslBump to tunnel Skype groups and similar non-HTTP traffic bytes via "on_unsupported_protocol tunnel all". Previously, the combination resulted in encrypted HTTP 400 (Bad Request) messages sent to the client (that does not speak HTTP).

Also this patch:
* fixes bug 4529: !EBIT_TEST(entry->flags, ENTRY_FWD_HDR_WAIT) assertion in FwdState.cc.

* when splicing transparent connections during SslBump step1, avoid access-logging an extra record and log %ssl::bump_mode as the expected "splice" not "none".

* handles an XXX comment inside clientTunnelOnError for possible memory leak of client streams related objects

 * fixes TunnelStateData logging in the case of splicing after peek.

This is a Measurement Factory project.

squid-dev mailing list

Reply via email to