Hello, I still want to modify squid in such a way that it can forward clients http traffic to a parent cache in plain form. I mean after bumping ssl (forntend-squid establish tls connection with a client) requests from client should goes to parent cache as a plain http ( GET etc.) That is, using parent cache as in good old days without https.
Connection between squids servers is already encrypted so I don't need any additional tls(security) layer. Also, for simplification, I assume never_direct directive for this traffic on a front-end. I understand that it will preclude any checks for origin server certificate but this is not a problem because policy for origin may be applied in a parent cache. I tried to modify FwdState::noteConnection to avoid establishTunnelThruProxy() and FwdState::secureConnectionToPeerIfNeeded to avoid secureConnectionToPeer() but has no lack. They use request.flags sslBumped and sslPeek that I do not fully understand. sslPeek described as "internal ssl-bump request to get server cert" but it always True when I'm in noteConnection. Also I noted async SslBumpEstablish which call switchToHttps. Because of asyncs I can't fully understand where I can preclude switching connections to parent cache to "CONNECT" mode rather than using it plain. Any help would be appreciated. -- Best regards, Anthony mailto:[email protected] _______________________________________________ squid-dev mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-dev
