git.ipfire.org Git - thirdparty/squid.git/commit

Honor ssl-bump option for https_port.

Initial ssl-bump handling logic mimics that of http_port: If the option is
set, check the slow ssl_bump ACL, and if there is a match, plug into
switchToHttps() code path, generating a dynamic certificate and establishing a
secure connection with the client. If there is no match, Squid becomes a TCP
tunnel for the intercepted connection.

For now, we use the destination IP address of the intercepted connection as
the host name for the certificate (which will trigger browser warnings, of
course).

author	Alex Rousskov <rousskov@measurement-factory.com>
	Sat, 3 Dec 2011 22:45:38 +0000 (15:45 -0700)
committer	Alex Rousskov <rousskov@measurement-factory.com>
	Sat, 3 Dec 2011 22:45:38 +0000 (15:45 -0700)
commit	379e8c1c4f4b91de5e03b49d2cb7d49699d2b50b
tree	dbbc2d6872d9cb278aa3dc9f0cd47ccd0570b8ea	tree
parent	1ce2822dc939e6c2888637e0c045ddbc8ed74392	commit \| diff

src/cache_cf.cc		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side_request.cc		diff \| blob \| blame \| history
src/tunnel.cc		diff \| blob \| blame \| history