git.ipfire.org Git - thirdparty/squid.git/commit

Handle infinite certificate validation loops caused by OpenSSL bug #3090.

If OpenSSL is stuck in a validation loop, Squid breaks the loop and triggers a
new custom SQUID_X509_V_ERR_INFINITE_VALIDATION SSL validation error. That
error cannot be bypassed using sslproxy_cert_error because to break the loop
Squid has to tell OpenSSL that the certificate is invalid, which terminates
the SSL connection.

Validation loops exceeding SQUID_CERT_VALIDATION_ITERATION_MAX iterations
are deemed infinite. That macro is defined to be 16384, but that default can
be overwritten using CPPFLAGS.

This is a Measurement Factory project

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Sat, 27 Jul 2013 13:37:29 +0000 (16:37 +0300)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Sat, 27 Jul 2013 13:37:29 +0000 (16:37 +0300)
commit	0ad3ff513e423e6d05f4a50995166d6440975cc6
tree	e8fda2d4155d8cdfb93e000cc3c12501dba533b6	tree \| snapshot
parent	6507233bda102f649cfac818496d0038faaae6be	commit \| diff

errors/templates/error-details.txt		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/globals.h		diff \| blob \| blame \| history
src/ssl/ErrorDetail.cc		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history
src/ssl/support.h		diff \| blob \| blame \| history