git.ipfire.org Git - thirdparty/squid.git/commit

Fix netdb exchange with a TLS cache_peer (#307)

Squid uses http-scheme URLs when sending netdb exchange (and possibly
other) requests to a cache_peer. If a DIRECT path is selected for that
cache_peer URL, then Squid sends a clear text HTTP request to that
cache_peer. If that cache_peer expects a TLS connection, it will reject
that request (with, e.g., error:transaction-end-before-headers),
resulting in an HTTP 503 or 504 netdb fetch error.

Workaround this by adding an internalRemoteUri() parameter to indicate
whether https or http URL scheme should be used. Netdb fetches from
CachePeer::secure peers now get an https scheme and, hence, a TLS
connection.

author	chi-mf <43963496+chi-mf@users.noreply.github.com>
	Sat, 27 Oct 2018 20:04:03 +0000 (20:04 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Sun, 28 Oct 2018 04:52:54 +0000 (04:52 +0000)
commit	3be314004f6f68376eba3faed7bce34409f59d7f
tree	49297c5b9f1a6ba72457772b92336fbc1e4861f5	tree \| snapshot
parent	011c71560917f3544f52f4c146625e081880d450	commit \| diff

src/icmp/net_db.cc		diff \| blob \| blame \| history
src/internal.cc		diff \| blob \| blame \| history
src/internal.h		diff \| blob \| blame \| history
src/peer_digest.cc		diff \| blob \| blame \| history