git.ipfire.org Git - thirdparty/squid.git/commit

Fix netdb exchange with a TLS cache_peer (#307)

Squid uses http-scheme URLs when sending netdb exchange (and possibly
other) requests to a cache_peer. If a DIRECT path is selected for that
cache_peer URL, then Squid sends a clear text HTTP request to that
cache_peer. If that cache_peer expects a TLS connection, it will reject
that request (with, e.g., error:transaction-end-before-headers),
resulting in an HTTP 503 or 504 netdb fetch error.

Workaround this by adding an internalRemoteUri() parameter to indicate
whether https or http URL scheme should be used. Netdb fetches from
CachePeer::secure peers now get an https scheme and, hence, a TLS
connection.

author	chi-mf <43963496+chi-mf@users.noreply.github.com>
	Tue, 30 Oct 2018 04:48:40 +0000 (04:48 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Tue, 30 Oct 2018 04:48:44 +0000 (04:48 +0000)
commit	c002f0e785ea18df2594c841a9ee408725c502fe
tree	f83b76fab19367e1a6a00bbcdf9bb465fabe11ba	tree \| snapshot
parent	9710965ea8441f1c7a179284ce2bf5965744900c	commit \| diff

src/icmp/net_db.cc		diff \| blob \| blame \| history
src/internal.cc		diff \| blob \| blame \| history
src/internal.h		diff \| blob \| blame \| history
src/peer_digest.cc		diff \| blob \| blame \| history