[PATCH] detaching sslbump from accel mode

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 08 Dec 2011 00:19:53 +1300

So, in theory ssl-bump is a form of intercept not a form of
accelerator. Its use of prepareAcceleratorURL() to convert the partial
to absolute URL unconditionally sets the accel flag with a mix of side
effects. Some bad ones have been identified already.

This patch changes the flag setting, to allow ssl-bump to use the URL
preparation function without the side effects. I'm in half a mind to
make a ssl-bump specific URL preparation function, but only after this
is proven workable.

Christos: as the person who appears to have the best testing ability for
ssl-bump can you run your tests over the resulting Squid and check that
the expected behaviours have not changed for the worse? I am fully
expecting there to be several as yet unknown places needing to add a
test of the sslBumped flag alongside testing accel flag.

I'm expecting this to fix the need for ssl-bump to configure
"always_direct allow" and for this to be the proper long-term fix for
the bug 2519 status mixup in comment 52 (comment 53 has an adequate
workaround for the bug patch while this gets tested).

Amos

Received on Wed Dec 07 2011 - 11:20:11 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 07 2011 - 12:00:14 MST