git.ipfire.org Git - thirdparty/squid.git/commit

First fast-sni implementation

Squid parses incomming client SSL hello mesage, before create any openSSL
related structures and objects. After acl check at bumping step2.
Actually creating openSSL objects for client side still can be delayed
untill the server side is finishes. The only reason to create openSSL
structures imediatelly after step2 is to use openSSL to check for unsupported
comunications features and settings and fallback to spliceOnError.

Regression:
  Squid does not parses client Hello message in the case of bump-server-first
  and bump-client-first.
  The supported and requested SSL versions (i %ssl::>received_supported_version
  and %ssl::>received_hello_version formating codes ) can not be logged for
  these modes.

The code still needs cleanup.

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Thu, 31 Mar 2016 18:37:15 +0000 (21:37 +0300)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Thu, 31 Mar 2016 18:37:15 +0000 (21:37 +0300)
commit	3cae14a65aa6b5b0cba01d381224254c3c1a48d1
tree	8a0dad9130de2e6bb1f67235cef932ff1518875a	tree \| snapshot
parent	21530947cd4a8eb4361e4dd0c4dbfc5ca487da3d	commit \| diff

src/client_side.cc		diff \| blob \| blame \| history
src/client_side.h		diff \| blob \| blame \| history
src/security/Handshake.cc		diff \| blob \| blame \| history
src/security/NegotiationHistory.cc		diff \| blob \| blame \| history
src/security/NegotiationHistory.h		diff \| blob \| blame \| history
src/ssl/PeekingPeerConnector.cc		diff \| blob \| blame \| history
src/ssl/bio.cc		diff \| blob \| blame \| history
src/ssl/bio.h		diff \| blob \| blame \| history