git.ipfire.org Git - thirdparty/squid.git/commit

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Tue, 10 Sep 2013 07:22:44 +0000 (01:22 -0600)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 10 Sep 2013 07:22:44 +0000 (01:22 -0600)
commit	c943f8b62678779abf589618706174a8aff01f30
tree	d6d1f598bee747392bdef001020db92acdf2fb4e	tree
parent	ea94175e683bb13330e66965d49e3147486155af	commit \| diff

Handle infinite certificate validation loops caused by OpenSSL bug #3090.

If OpenSSL is stuck in a validation loop, Squid breaks the loop and
triggers a
new custom SQUID_X509_V_ERR_INFINITE_VALIDATION SSL validation error.
That
error cannot be bypassed using sslproxy_cert_error because to break the
loop
Squid has to tell OpenSSL that the certificate is invalid, which
terminates
the SSL connection.

Validation loops exceeding SQUID_CERT_VALIDATION_ITERATION_MAX
iterations
are deemed infinite. That macro is defined to be 16384, but that default
can
be overwritten using CPPFLAGS.

This is a Measurement Factory project

errors/templates/error-details.txt		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/globals.h		diff \| blob \| blame \| history
src/ssl/ErrorDetail.cc		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history
src/ssl/support.h		diff \| blob \| blame \| history