Testing ssl-bump-server-first with an upstream proxy

Steve Hill Thu, 22 Nov 2012 11:04:48 -0800

I'm currently testing the SSL bump-server-first functionality in Squid3.3.0.1-20121122-r12391. I have an upstream proxy with "never-directallow all" set (the reasons for this are slightly convoluted :).


When making a bumped request, Squid bombs with:
2012/11/22 17:53:57 kid1| assertion failed: forward.cc:769: "peer->use_ssl"

The post athttp://www.squid-cache.org/mail-archive/squid-dev/201206/0089.html says:

"Allow bumping of CONNECT requests without allow-direct set on http_port.
Previously, that flag was required to allow bumped requests to go direct
because they were (and, sometimes, still are) considered "accelerated"."

So I assume this is supposed to work?


--

 - Steve Hill
   Technical Director
   Opendium Limited     http://www.opendium.com

Direct contacts:
   Instant messager: xmpp:st...@opendium.com
   Email:            st...@opendium.com
   Phone:            sip:st...@opendium.com

Sales / enquiries contacts:
   Email:            sa...@opendium.com
   Phone:            +44-844-9791439 / sip:sa...@opendium.com

Support contacts:
   Email:            supp...@opendium.com
   Phone:            +44-844-4844916 / sip:supp...@opendium.com

Testing ssl-bump-server-first with an upstream proxy

Reply via email to