From: rousskov <>
Date: Tue, 12 Feb 2008 05:33:48 +0000 (+0000)
Subject: Importing SslBump feature from Squid3 ssl-bump branch:
X-Git-Tag: BASIC_TPROXY4~120
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=807ecef2cd4bb2e3253268ee29de786ec55fe9d2;p=thirdparty%2Fsquid.git

Importing SslBump feature from Squid3 ssl-bump branch:

        When SslBump is activated, Squid responds to CONNECT request
        with HTTP 200 "Connection established" and switches to SSL
        encryption on the connection.

        Added ssl_bump ACL. The ACL controls which CONNECT requests to
        an http_port marked with an sslBump flag are actually "bumped".
        This was needed to bypass the bump and tunnel requests to sites
        that Squid cannot handle well (with or without the bump), with
        other use cases likely to surface.

        By default, no requests are bumped. Squid warns if http_port(s)
        have SslBump but no ssl_bump ACL was configured.

        The ACL applies to all http_ports, but I suspect that, if
        needed, specific ACL rules can distinguish ports using
        "myport".

        Added ERR_SECURE_CONNECT_FAIL that is returned when we cannot
        secure the established connection with the server. Formerly,
        ERR_CONNECT_FAIL was returned.
---

diff --git a/src/client_side_request.h b/src/client_side_request.h
index 17eb4bf68b..d0ceaceda9 100644
--- a/src/client_side_request.h
+++ b/src/client_side_request.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_request.h,v 1.35 2008/02/08 18:27:59 rousskov Exp $
+ * $Id: client_side_request.h,v 1.36 2008/02/11 22:33:48 rousskov Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -154,6 +154,13 @@ private:
     StoreEntry *loggingEntry_;
     ConnStateData::Pointer conn_;
 
+#if USE_SSL
+public:
+    bool sslBumpNeeded() const;
+    void sslBumpStart();
+    void sslBumpEstablish(comm_err_t errflag);
+#endif
+
 #if ICAP_CLIENT
 
 public: