fre 2009-07-03 klockan 23:48 +0900 skrev Mikio Kishi:
> >I guess it could be extended to respond with an SSL level error
> >notification in these cases, but not sure it's worth the effort.
>
> Right. I think that just comm_close() is simple...
Closing is a lot simpler indeed, and needs to be done in either case.
> To be honest, "https_port 8443 tproxy sslConnect" is better.
> ^^^^^^^^^^^^
Not really. The most appropriate would be to add a new "tcp_port"
directive I guess. As far as Squid is concerned these connections are
neither http or https, at least not until sslBump is added to the mix
making Squid unwrap the https ssl channel to parse the HTTP requests
within..
Note: With sslBump https_port and http_port is approaching mostly the
same functionality.
> But it's easier to hack http_port handling than https_port.
The difference between http_port and https_port is that https_port acts
as an ssl-server, wrapping the HTTP connection in an SSL layer, but you
don¨t want that here so http_port is better than https_port..
> What do you think of my patch ?
See alex comments earlier. Quite fine, but needs a little bit of
comments explaining what the new function does and why.
Regards
Henrik
Received on Fri Jul 03 2009 - 16:04:13 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 03 2009 - 12:00:03 MDT