I started testing this patch and observed one unwanted side effect of
When a client connects to mtalk.google.com,
Squid sends the following line to the URL rewriter:
(unknown)://22.214.171.124:443 <IP>/<IP> - NONE
Quoting Christos Tsantilas <chris...@chtsanti.net>:
Use case: Skype groups appear to use TLS-encrypted MSNP protocol
instead of HTTPS. This change allows Squid admins using SslBump to
tunnel Skype groups and similar non-HTTP traffic bytes via
"on_unsupported_protocol tunnel all". Previously, the combination
resulted in encrypted HTTP 400 (Bad Request) messages sent to the
client (that does not speak HTTP).
Also this patch:
* fixes bug 4529: !EBIT_TEST(entry->flags, ENTRY_FWD_HDR_WAIT)
assertion in FwdState.cc.
* when splicing transparent connections during SslBump step1, avoid
access-logging an extra record and log %ssl::bump_mode as the
expected "splice" not "none".
* handles an XXX comment inside clientTunnelOnError for possible
memory leak of client streams related objects
* fixes TunnelStateData logging in the case of splicing after peek.
This is a Measurement Factory project.
squid-dev mailing list