On 9/03/2013 1:29 a.m., Tsantilas Christos wrote:
> As discussed in squid-users mailing list under the "Bypassing SSL Bump
> for dstdomain" thread the "ssl_bump none" does not work for ipv6.
>
> When squid decides that it is not needed bumping for a request creates
> fake CONENCT request and pass it to tunnel subsystem for more processing.
> The problem is that for ipv6 the ip address in URLs and in Host header
> should appeared inside brackets:
> http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/
> Or:
> https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/
>
> Currently squid does not uses brackets in the case of ipv6 so the
> request can not parsed correctly.
>
> I am attaching a patch which solves this bug.
>
> Regards,
> Christos
>
I submitted an almost identical patch to this 3 days ago. see "fix
ssl-bump bypass on intercepted traffic"
So +1 on one of these going in
NP: url is a bad name for the variable, the old name ip was better but
not strictly accurate either. Perhapse "host"?
Amos
Received on Sat Mar 09 2013 - 04:38:15 MST
This archive was generated by hypermail 2.2.0 : Sat Mar 09 2013 - 12:00:12 MST