git.ipfire.org Git - thirdparty/squid.git/commit

Add server_name ACL matching server name(s) obtained from various sources such as CONNECT request URI, client SNI, and SSL server certificate CN.

During each SslBump step, Squid improves its understanding of a "true server
name", with a bias towards server-provided (and Squid-validated) information.

The server-provided server names are retrieved from the server certificate CN
and Subject Alternate Names. The new server_name ACL matches any of alternate
names and CN. If the CN or an alternate name is a wildcard, then the new ACL
matches any domain that matches the domain with the wildcard.

Other than supporting many sources of server name information (including
sources that may supply Squid with multiple server name variants and
wildcards), the new ACL is similar to dstdomain.

Also added a server_name_regex ACL.

This is a Measurement Factory project.

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Fri, 10 Apr 2015 08:54:13 +0000 (11:54 +0300)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Fri, 10 Apr 2015 08:54:13 +0000 (11:54 +0300)
commit	69f690801009f074741b1c5d8be6339d908b95d8
tree	ba2fb2740914fe82b3728a3c38b08a1eca851b41	tree
parent	da958e50da47960be475a8ee3c1f3818f248b31a	commit \| diff

src/AclRegs.cc		diff \| blob \| blame \| history
src/URL.h		diff \| blob \| blame \| history
src/acl/DomainData.h		diff \| blob \| blame \| history
src/acl/Makefile.am		diff \| blob \| blame \| history
src/acl/ServerName.cc	[new file with mode: 0644]	blob
src/acl/ServerName.h	[new file with mode: 0644]	blob
src/cf.data.pre		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side.h		diff \| blob \| blame \| history
src/ssl/PeerConnector.cc		diff \| blob \| blame \| history
src/ssl/PeerConnector.h		diff \| blob \| blame \| history
src/url.cc		diff \| blob \| blame \| history