On 9/03/2013 1:29 a.m., Tsantilas Christos wrote:
As discussed in squid-users mailing list under the "Bypassing SSL Bump
for dstdomain" thread the "ssl_bump none" does not work for ipv6.
When squid decides that it is not needed bumping for a request creates
fake CONENCT request and pass it to tunnel subsystem for more processing.
The problem is that for ipv6 the ip address in URLs and in Host header
should appeared inside brackets:
http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/
Or:
https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/
Currently squid does not uses brackets in the case of ipv6 so the
request can not parsed correctly.
I am attaching a patch which solves this bug.
Regards,
Christos
I submitted an almost identical patch to this 3 days ago. see "fix
ssl-bump bypass on intercepted traffic"
So +1 on one of these going in
NP: url is a bad name for the variable, the old name ip was better but
not strictly accurate either. Perhapse "host"?
Amos
