fre 2012-11-30 klockan 23:07 -0700 skrev Alex Rousskov:
> I am not sure what you are asking about, but I can try to rephrase: This
> bug is difficult to fix because some pinned connections should be reused
> and some should not be. Pinned connections that can be re-pinned but
> have not had any HTTP requests sent on them should be reused, even for
> unretriable requests. SslBump creates such connections in forward.cc
> when Squid connects to the origin server to peak at the server
> certificate. Since no HTTP requests were sent on such connections at the
> decision time, this is not really a reuse even though it looks like one
> in all other aspects.
It is. You must take care to not reuse a slightly old (>1s or so)
connection under those conditions.
> > Which it quite likely the wrong thing to do. See above.
>
> Does the !flags.canRePin exception address your concern?
Yes, if used where needed (TPROXY, NTLM).
Regards
Henrk
Received on Sat Dec 01 2012 - 18:20:23 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 02 2012 - 12:00:08 MST