lp:~measurement-factory/squid/peek-and-splice
- Get this branch:
- bzr branch lp:~measurement-factory/squid/peek-and-splice
Branch merges
Branch information
Recent revisions
- 12660. By Christos Tsantilas
-
Fixes and polishing in response to Amos' squid-dev review dated 2014/08/19
- Polishing changes
- Move src/acl/AtBumpStep* .[cc,h] files to src/acl/ AtStep* .[cc,h]
- Convert Ssl::Bio::sslFeatures: :serverName,
Ssl::Bio::sslFeature s::HelloMesssag e and Ssl::ServerBio: :helloMsg members
to SBuf - 12659. By Christos Tsantilas
-
Polish Peek and Splice
- Fix debugs ( Remove HERE macro, other minor changes)
- Formating changes - 12657. By Christos Tsantilas
-
polish peek-and-splice
- Remove any references to "bumpErr" bumping mode. It is not implemented
- Changes to allow make without openssl, "make dist" and "make distcheck"
- Fix peek-and-splice documentation: The bumping modes are SslBump1, SslBump2 a
nd SslBump3
- Other minor changes - 12656. By Christos Tsantilas
-
Fix bugs and polish peek-and-splice
This patch:
- Add test in configure script to check if OpenSSL hacks can be supported.
These tests enable the SQUID_USE_OPENSSL_ HELLO_OVERWRITE _HACK in autoconf.h
- Fixes peek-and splice related documentation , the step1, step2, step3 names
now used instead of the SslBump[1,2,3] as bumping steps
- Many fixes in bio subsystem:
* investigate the Ssl::Bio::sslFeatures: :applyToSSL method to configure
and SSL object the features included in sslFeatures object
* rename Ssl::ClientBio::headerState to Ssl::ClientBio: :helloState
* rename Ssl::ClientBio::headerSize to Ssl::ClientBio: :helloSize
* investigate the Ssl::ClientBio::HelloReadState enum to describe
the ssl hello message read state
* Ssl::ServerBio::write should return the size of the data the openSSL
ask from us to write to server, else it abort SSL connection with error
* Do not overwrite openSSL SSL object with client hello on Peek mode if
we can not support web client SSL features. This is causes problems
and openSSL may abort the connection with error.
The adjustSSL function does not need the "force" parameter any more.
* If SQUID_USE_OPENSSL_ HELLO_OVERWRITE _HACK is not defined adjustSSL
return always false.
* document bio related classes
- TunnelStateData::logTag_ ptr:
* try to set TunnelStateData::logTag_ ptr when peek and splice mode is used
* the TunnelStateData::logTag_ ptr is not initialized in constructure
* Do not use TunnelStateData::logTag_ ptr if it is not defined for a reason
- Try to set delay pools settings inside switchToTunnel when peek-and-splice
mode is used
- Remove unsused code inside switchToTunnel method (tunnel.cc file)
- Other minor changes - 12654. By Christos Tsantilas
-
Peek and Splice: %ssl::<cert_subject and %ssl::<cert_issuer formating codes to e
xternal_aclThis patch investigates the %ssl::<cert_subject and %ssl::<cert_issuer
formating codes to external_acl helpers.
* The %ssl::<cert_subject formating code prints the server certificate DN
* The %ssl::<cert_issuer formating code prints the server certificate issuer DNBoth formating codes are available after the ssl bumped connection is
established.
When Peek and Splice mode is selected these formating codes are available on
peek or stare mode, after the step2 is comleted and server certificate is
received. - 12653. By Christos Tsantilas
-
peek-and-splice: Fix stare mode
- For peek mode we need to always forward client hello message
- For stare mode we must forward client hello message only if we can mimic
all of the client SSL features, else we should sent a new SSL hello message.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:~squid/squid/trunk