Testing ssl-bump-server-first with an upstream proxy

From: Steve Hill <steve_at_opendium.com>
Date: Thu, 22 Nov 2012 18:15:49 +0000

I'm currently testing the SSL bump-server-first functionality in Squid
3.3.0.1-20121122-r12391. I have an upstream proxy with "never-direct
allow all" set (the reasons for this are slightly convoluted :).

When making a bumped request, Squid bombs with:
2012/11/22 17:53:57 kid1| assertion failed: forward.cc:769: "peer->use_ssl"

The post at
http://www.squid-cache.org/mail-archive/squid-dev/201206/0089.html says:
"Allow bumping of CONNECT requests without allow-direct set on http_port.
Previously, that flag was required to allow bumped requests to go direct
because they were (and, sometimes, still are) considered "accelerated"."

So I assume this is supposed to work?

-- 
  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com
Direct contacts:
    Instant messager: xmpp:steve_at_opendium.com
    Email:            steve_at_opendium.com
    Phone:            sip:steve_at_opendium.com
Sales / enquiries contacts:
    Email:            sales_at_opendium.com
    Phone:            +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
    Email:            support_at_opendium.com
    Phone:            +44-844-4844916 / sip:support_at_opendium.com
Received on Thu Nov 22 2012 - 19:04:46 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 27 2012 - 12:00:08 MST