Re: https_port without SSL context?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 08 Nov 2007 00:14:43 +0100

On tis, 2007-11-06 at 13:28 -0700, Alex Rousskov wrote:

> As you can see, a warning is printed but there are no consequences. That
> is, Squid will still listen on the specified port although it probably
> would not be able to do anything useful there without a valid SSL
> context.

it's meant to skip the setup of the https_port if the context could not
be created.

Looks like a slightly bad/partial forward-port .. In Squid-2 it reads

        if (!s->sslContext)
            continue;

> Should Squid abort if https_port configuration results in a nil SSL
> context? Should that abort happen when we try to create the context?

Good question. Have been in both modes.

Switched to soft warning mode to avoid aborting only because one is
adding a new https_port and have trouble getting the certificates right.
There is too many opportunities for error when setting up the
certificates, and having the proxy abort completely on "-k reconfigure"
due to a silly certificate error was not very nice..

Regards
Henrik

Received on Wed Nov 07 2007 - 16:14:50 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:05 MST