On 16/05/2017 03:04 μμ, Amos Jeffries wrote:
Building Squid-5 r15136 against the latest libssl 1.1.0e on Ubuntu.
src/ssl/support.cc: In function ‘bool
Ssl::verifySslCertificate(Security::ContextPointer&, const
Ssl::CertificateProperties&)’:
src/ssl/support.cc:995:34: error: invalid use of incom
On 05/17/2017 10:35 AM, Christos Tsantilas wrote:
> +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
> +X509 * cert = SSL_CTX_get0_certificate(ctx.get());
If it is possible to replace this version check with a ./configure-time
detection of SSL_CTX_get0_certificate() availability, please do that.
A
Hi all,
I am new to the Squid source and I am hoping for some advice about the
SslBump peek and splice code in PeerConnector.cc . I have about a
decade of commercial C++ experience although for the last 8 years or so
I've been using higher level languages. I have a reasonable amount of
experience
On 05/17/2017 12:09 PM, David Hogan wrote:
> ssl_bump peek step1
> ssl_bump peek step2 whitelist
> ssl_bump terminate step2 blacklist
> ssl_bump peek step2
> ssl_bump splice step3
The above configuration looks strange but this is squid-dev not
squid-users, so I trust you hav
Hi Alex,
Thank you for your response.
On 17 May 2017 at 21:01, Alex Rousskov wrote:
> On 05/17/2017 12:09 PM, David Hogan wrote:
>> ssl_bump peek step1
>> ssl_bump peek step2 whitelist
>> ssl_bump terminate step2 blacklist
>> ssl_bump peek step2
>> ssl_bump splice step3
>
On 05/17/2017 03:18 PM, David Hogan wrote:
> I found that applying a blacklist at step3 resulted in too many false
> positives
> caused by subjectAltName matches.
Factory is working on a patch to address that problem.
> I am hoping separately to figure
> out how to match missing SNI and termin
Hello,
While triaging a silent crash of a production Squid, I realized that
our death reporting code has a serious (and recently grown) hole. The
attached patch closes it. This reporting-only patch does not fix any
crashes. There are more technical details in the preamble.
Researching this pr
