Re: [PATCH] Do not send unretriable requests on reused pinned connections

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Sat, 01 Dec 2012 19:20:16 +0100

fre 2012-11-30 klockan 23:07 -0700 skrev Alex Rousskov:
> I am not sure what you are asking about, but I can try to rephrase: This
> bug is difficult to fix because some pinned connections should be reused
> and some should not be. Pinned connections that can be re-pinned but
> have not had any HTTP requests sent on them should be reused, even for
> unretriable requests. SslBump creates such connections in forward.cc
> when Squid connects to the origin server to peak at the server
> certificate. Since no HTTP requests were sent on such connections at the
> decision time, this is not really a reuse even though it looks like one
> in all other aspects.

It is. You must take care to not reuse a slightly old (>1s or so)
connection under those conditions.

> > Which it quite likely the wrong thing to do. See above.
>
> Does the !flags.canRePin exception address your concern?

Yes, if used where needed (TPROXY, NTLM).

Regards
Henrk
Received on Sat Dec 01 2012 - 18:20:23 MST

This archive was generated by hypermail 2.2.0 : Sun Dec 02 2012 - 12:00:08 MST