On 05/16/2016 01:51 AM, Eliezer Croitoru wrote: > I have a question about this specific file and SNI peek and splice in general.
Your question is not specific to this patch/thread: AFAIK, the patch does not change whether/how Squid validates SNI. > For the scenario which the SNI declares www.google.com and the > destination IP address is not the domain, IE default apache or any > other domain. What happens? And specifically about the request > splicing? And in more detail my concern is that if some software will > fake the SNI knowing that the destination will never be the requested > one but some default of another domain, will the request be spliced > anyway? Sorry, I do not know the exact answers to your questions. Please note that the answers may depend on whether Squid intercepts or forwards connections and on the SslBump step during which Squid splices the connection. Researching this (and documenting any non-trivial answers on Squid wiki) would be useful. Cheers, Alex. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev