git.ipfire.org Git - thirdparty/squid.git/commit

author	Christos Tsantilas <christos@chtsanti.net>
	Sat, 23 Oct 2021 06:53:57 +0000 (06:53 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Sun, 24 Oct 2021 04:41:23 +0000 (04:41 +0000)
commit	4647c8bda42dd52a1a7fd8d70dae4a06e75ba8de
tree	ee405d22f182af0afacd0738277b5d0ab96d7b1e	tree \| snapshot
parent	b05c195415169b684b6037f306feead45ee9de4e	commit \| diff

BUG: Unexpected state while connecting to ... server, part 2 (#917)

These BUG messages (discussed and removed in a recent commit 2b6b1bc)
exposed several bugs. This change fixes a case where a BUG message was
triggered by the following Must() violation:

    check failed: !csd->serverBump() ||
        csd->serverBump()->at(...tlsBump1, XactionStep::tlsBump2)
    exception location: PeekingPeerConnector.cc(173) initialize

The above Must() assumed that PeekingPeerConnector always changes the
SslBump step to step3. However, that assumption was wrong because
PeekingPeerConnector may run multiple times (and the step is recorded
outside the connector object). When FwdState reforwarded a failed
attempt, PeekingPeerConnector would find itself at step3.

Instead of fixing the Must(), we fixed a bigger bug: SslBump step3 must
start when we decide to communicate with the server, not in the middle
of that communication. This fix may affect some esoteric configurations
that use at_step ACLs outside ssl_bump _and_ rely on the wrong step
change timing, but, technically, such configurations are not officially
supported.

More step boundary fixes are needed. There is a (much bigger) ongoing
project dedicated to those changes.

This is a Measurement Factory project.

src/client_side.cc		diff \| blob \| blame \| history
src/ssl/PeekingPeerConnector.cc		diff \| blob \| blame \| history
src/ssl/PeekingPeerConnector.h		diff \| blob \| blame \| history