git.ipfire.org Git - thirdparty/squid.git/commit

author	Christos Tsantilas <christos@chtsanti.net>
	Mon, 25 Mar 2019 09:37:42 +0000 (09:37 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Sun, 31 Mar 2019 07:37:55 +0000 (07:37 +0000)
commit	f5e179474d15c0b43e3454f4763f36fba611c99c
tree	ffc80266647e6b7e3fd5d7d114820c0dafd17c68	tree \| snapshot
parent	98f951b75c6867831828b18909240cdc5fab20cf	commit \| diff

Peering support for SslBump (#380)

Support forwarding of bumped, reencrypted HTTPS requests through a
cache_peer using a standard HTTP CONNECT tunnel.

The new Http::Tunneler class establishes HTTP CONNECT tunnels through
forward proxies. It is used by TunnelStateData and FwdState classes.

Just like before these changes, when a cache_peer replies to CONNECT
with an error response, only the HTTP response headers are forwarded to
the client, and then the connection is closed.

No support for triggering client authentication when a cache_peer
configuration instructs the bumping Squid to relay authentication info
contained in client CONNECT request. The bumping Squid still responds
with HTTP 200 (Connection Established) to the client CONNECT request (to
see TLS client handshake) _before_ selecting the cache_peer.

HTTPS cache_peers are not yet supported primarily because Squid cannot
do TLS-in-TLS with a single fde::ssl state; SslBump and the HTTPS proxy
client/tunneling code would need a dedicated TLS connection each.

Also fixed delay pools for tunneled traffic.

This is a Measurement Factory project.

src/Debug.h		diff \| blob \| blame \| history
src/FwdState.cc		diff \| blob \| blame \| history
src/FwdState.h		diff \| blob \| blame \| history
src/HttpRequest.cc		diff \| blob \| blame \| history
src/HttpRequest.h		diff \| blob \| blame \| history
src/RequestFlags.h		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side.h		diff \| blob \| blame \| history
src/client_side_request.cc		diff \| blob \| blame \| history
src/clients/HttpTunneler.cc	[new file with mode: 0644]	blob
src/clients/HttpTunneler.h	[new file with mode: 0644]	blob
src/clients/HttpTunnelerAnswer.cc	[new file with mode: 0644]	blob
src/clients/HttpTunnelerAnswer.h	[new file with mode: 0644]	blob
src/clients/Makefile.am		diff \| blob \| blame \| history
src/clients/forward.h		diff \| blob \| blame \| history
src/comm/ConnOpener.cc		diff \| blob \| blame \| history
src/comm/ConnOpener.h		diff \| blob \| blame \| history
src/comm/Read.cc		diff \| blob \| blame \| history
src/comm/Read.h		diff \| blob \| blame \| history
src/debug.cc		diff \| blob \| blame \| history
src/err_type.h		diff \| blob \| blame \| history
src/errorpage.cc		diff \| blob \| blame \| history
src/errorpage.h		diff \| blob \| blame \| history
src/http.cc		diff \| blob \| blame \| history
src/http/StateFlags.h		diff \| blob \| blame \| history
src/security/BlindPeerConnector.cc		diff \| blob \| blame \| history
src/security/PeerConnector.cc		diff \| blob \| blame \| history
src/security/PeerConnector.h		diff \| blob \| blame \| history
src/ssl/ServerBump.cc		diff \| blob \| blame \| history
src/ssl/ServerBump.h		diff \| blob \| blame \| history
src/tests/stub_client_side.cc		diff \| blob \| blame \| history
src/tests/stub_libcomm.cc		diff \| blob \| blame \| history
src/tests/stub_libsecurity.cc		diff \| blob \| blame \| history
src/tunnel.cc		diff \| blob \| blame \| history