fre 2009-07-03 klockan 23:48 +0900 skrev Mikio Kishi: > >I guess it could be extended to respond with an SSL level error > >notification in these cases, but not sure it's worth the effort. > > Right. I think that just comm_close() is simple...
Closing is a lot simpler indeed, and needs to be done in either case. > To be honest, "https_port 8443 tproxy sslConnect" is better. > ^^^^^^^^^^^^ Not really. The most appropriate would be to add a new "tcp_port" directive I guess. As far as Squid is concerned these connections are neither http or https, at least not until sslBump is added to the mix making Squid unwrap the https ssl channel to parse the HTTP requests within.. Note: With sslBump https_port and http_port is approaching mostly the same functionality. > But it's easier to hack http_port handling than https_port. The difference between http_port and https_port is that https_port acts as an ssl-server, wrapping the HTTP connection in an SSL layer, but you don¨t want that here so http_port is better than https_port.. > What do you think of my patch ? See alex comments earlier. Quite fine, but needs a little bit of comments explaining what the new function does and why. Regards Henrik