webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

squid 3.5.24: latest patch (14143)

Browse Source 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Matthias Fischer
2017-02-26 21:21:30 +01:00
committed by Michael Tremer
parent 183b23b5ca
commit 39e7154976
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/patches/squid/squid-3.5-14143.patch Normal file
View File

@@ -0,0 +1,55 @@
------------------------------------------------------------
revno: 14143
revision-id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
parent: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2017-02-25 18:50:14 +1300
message:
Fix regression in CONNECT authentication after rev.14142
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d
# timestamp: 2017-02-25 05:51:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170208054033-\
# pxqn8rs4yu713ijq
#
# Begin patch
=== modified file 'src/client_side_request.cc'
--- src/client_side_request.cc 2017-02-08 05:40:33 +0000
+++ src/client_side_request.cc 2017-02-25 05:50:14 +0000
@@ -1442,6 +1442,14 @@
return false;
}
+ // Do not bump during authentication: clients would not proxy-authenticate
+ // if we delay a 407 response and respond with 200 OK to CONNECT.
+ if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
+ http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
+ debugs(85, 5, HERE << "no SslBump during proxy authentication");
+ return false;
+ }
+
if (error) {
debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
http->sslBumpNeed(Ssl::bumpBump);
@@ -1449,14 +1457,6 @@
return false;
}
- // Do not bump during authentication: clients would not proxy-authenticate
- // if we delay a 407 response and respond with 200 OK to CONNECT.
- if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
- http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
- debugs(85, 5, HERE << "no SslBump during proxy authentication");
- return false;
- }
-
debugs(85, 5, HERE << "SslBump possible, checking ACL");
ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http);