git.ipfire.org Git - thirdparty/squid.git/commit

Improved Security::PeerConnector::serverConn management

Similar to the previous branch commit

When sending a negative answer, we would set answer().conn to an open
connection, async-send the answer, and then hurry to close the
connection using our pointer to the shared Connection object. If
everything went according to the plan, the recipient would get a non-nil
but closed Connection object. Now, a negative answer simply means no
connection at all. Same for a tunneled answer.

Probably fixed a bug in the official code where
PeerConnector::negotiate() assumed that a sslFinalized() does not return
true after callBack(). It may (e.g., when CertValidationHelper::Submit()
throws). Same for PeekingPeerConnector::checkForPeekAndSpliceMatched().

Also reduced Security::PeerConnector exposure to a closed Connection
object when serverConn is closed externally.

author	Alex Rousskov <rousskov@measurement-factory.com>
	Mon, 9 Aug 2021 21:47:07 +0000 (17:47 -0400)
committer	Alex Rousskov <rousskov@measurement-factory.com>
	Mon, 9 Aug 2021 21:47:38 +0000 (17:47 -0400)
commit	4e5ae02a71e157e64acb7c40be23b444f16c01ef
tree	9ad20bb5aaa9303f18c50462b93caf2b769ee7d5	tree \| snapshot
parent	95569da0814a19fe7478335c0d9b20fcb0f123a2	commit \| diff

src/FwdState.cc		diff \| blob \| blame \| history
src/PeerPoolMgr.cc		diff \| blob \| blame \| history
src/adaptation/icap/Xaction.cc		diff \| blob \| blame \| history
src/security/PeerConnector.cc		diff \| blob \| blame \| history
src/security/PeerConnector.h		diff \| blob \| blame \| history
src/ssl/PeekingPeerConnector.cc		diff \| blob \| blame \| history
src/tests/stub_libsecurity.cc		diff \| blob \| blame \| history
src/tunnel.cc		diff \| blob \| blame \| history