fre 2012-11-30 klockan 23:07 -0700 skrev Alex Rousskov: > I am not sure what you are asking about, but I can try to rephrase: This > bug is difficult to fix because some pinned connections should be reused > and some should not be. Pinned connections that can be re-pinned but > have not had any HTTP requests sent on them should be reused, even for > unretriable requests. SslBump creates such connections in forward.cc > when Squid connects to the origin server to peak at the server > certificate. Since no HTTP requests were sent on such connections at the > decision time, this is not really a reuse even though it looks like one > in all other aspects.
It is. You must take care to not reuse a slightly old (>1s or so) connection under those conditions. > > Which it quite likely the wrong thing to do. See above. > > Does the !flags.canRePin exception address your concern? Yes, if used where needed (TPROXY, NTLM). Regards Henrk