git.ipfire.org Git - thirdparty/squid.git/commit

author	rousskov <>
	Tue, 12 Feb 2008 05:33:48 +0000 (05:33 +0000)
committer	rousskov <>
	Tue, 12 Feb 2008 05:33:48 +0000 (05:33 +0000)
commit	807ecef2cd4bb2e3253268ee29de786ec55fe9d2
tree	0efbfb95965cdb2660064515e5ef9e8fb87865e5	tree
parent	5a33a66ad98e7689840142e54dad7d303b146326	commit \| diff

Importing SslBump feature from Squid3 ssl-bump branch:

        When SslBump is activated, Squid responds to CONNECT request
        with HTTP 200 "Connection established" and switches to SSL
        encryption on the connection.

        Added ssl_bump ACL. The ACL controls which CONNECT requests to
        an http_port marked with an sslBump flag are actually "bumped".
        This was needed to bypass the bump and tunnel requests to sites
        that Squid cannot handle well (with or without the bump), with
        other use cases likely to surface.

        By default, no requests are bumped. Squid warns if http_port(s)
        have SslBump but no ssl_bump ACL was configured.

        The ACL applies to all http_ports, but I suspect that, if
        needed, specific ACL rules can distinguish ports using
        "myport".

        Added ERR_SECURE_CONNECT_FAIL that is returned when we cannot
        secure the established connection with the server. Formerly,
        ERR_CONNECT_FAIL was returned.