I will try to somehow schedule this test in some of my spare time after
I will finish with couple other things.
Thanks,
Eliezer
On 16/05/2016 22:03, Alex Rousskov wrote:
On 05/16/2016 01:51 AM, Eliezer Croitoru wrote:
I have a question about this specific file and SNI peek and splice in general.
Your question is not specific to this patch/thread: AFAIK, the patch
does not change whether/how Squid validates SNI.
For the scenario which the SNI declares www.google.com and the
destination IP address is not the domain, IE default apache or any
other domain. What happens? And specifically about the request
splicing? And in more detail my concern is that if some software will
fake the SNI knowing that the destination will never be the requested
one but some default of another domain, will the request be spliced
anyway?
Sorry, I do not know the exact answers to your questions. Please note
that the answers may depend on whether Squid intercepts or forwards
connections and on the SslBump step during which Squid splices the
connection. Researching this (and documenting any non-trivial answers on
Squid wiki) would be useful.
Cheers,
Alex.
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
