Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SslBump/MITM features for Squid 3.5.x (Bug #6527) #242

Merged
merged 5 commits into from
Jan 4, 2017
Merged

Fix SslBump/MITM features for Squid 3.5.x (Bug #6527) #242

merged 5 commits into from
Jan 4, 2017

Conversation

doktornotor
Copy link
Contributor

@doktornotor doktornotor commented Dec 28, 2016
edited
Loading

(Also improved the compatibility mode description while here.)

doktornotor added 2 commits December 28, 2016 10:56
@doktornotor
Simplify the whitelist workflow for SslBump
498e858 
Put all things into the same place and after peek.
@doktornotor
Bump port version
0a4d8bb
@rbgarga
Copy link
Member

rbgarga commented Dec 28, 2016

Please leave a message when it's ready for review

@doktornotor
Copy link
Contributor Author

@rbgarga - well I don't plan any changes there unless someone complains about something being more broken than it is already. Not using any of this evil MITM stuff myself so I thought someone who's making use of those would be able to spot issues more reliably/easily.

So far the forum test request has collected ~60 views and no response. Funny, considering the flood of questions and complaints about MITM on the forum.

I'd leave this open until new year and then just go ahead.

doktornotor added 2 commits December 28, 2016 16:22
@doktornotor
Merge branch 'devel' into patch-1
03a3783
@doktornotor
Improve compatibility mode description
7d2c839 
This was literally copied over from reverse proxy settings. Squid proxy is the client here, so the wording was confusing.
@doktornotor
Copy link
Contributor Author

@rbgarga - Go ahead, please, 120 views and zero response on the forum, people apparently don't care.

(Also improved the compatibility mode description while here.)

@rbgarga rbgarga requested a review from jim-p January 2, 2017 10:29
@rbgarga
Copy link
Member

rbgarga commented Jan 4, 2017

It looks OK to me, lets just wait for @jim-p review, just to have an extra pair of eyes

@doktornotor
Copy link
Contributor Author

Yeah, no hurry, been broken for quite some time (plus, the entire idea is sort of broken by design :D)

jim-p
jim-p approved these changes Jan 4, 2017
View reviewed changes
Copy link
Contributor

@jim-p jim-p left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK to me, though I don't have any setup with SSL bump to test. A potential fix is better than a known broken state.

@rbgarga
Copy link
Member

rbgarga commented Jan 4, 2017

Merging it to devel and RELENG_2_3 to give users a change to test and after that we can cherry-pick it to RELENG_2_3_2

@netgate-git-updates netgate-git-updates merged commit 7d2c839 into pfsense:devel Jan 4, 2017
netgate-git-updates pushed a commit that referenced this pull request Jan 4, 2017
@rbgarga
Merge pull request #242 from doktornotor/patch-1
d0a2a50
@doktornotor doktornotor deleted the patch-1 branch January 4, 2017 19:29
@rbgarga
Copy link
Member

rbgarga commented Jan 6, 2017

@doktornotor I was thinking about merge it to 2.3.2, did you hear back from users?

@doktornotor
Copy link
Contributor Author

doktornotor commented Jan 6, 2017
edited
Loading

@rbgarga Unfortunately not... It's be nice to get all the stuff merged including the latest GUI updates after it gets a couple of days of testing to prevent confusion with very different versions across branches.

Also, I'm afraid getting this to a release version is the only way to get some reasonable amount of people testing things. Apparently, the 2.3.3/2,4 snapshots is not something that can be used for wide testing. :(

Also, did (hopefully) last round of fixes in #250 (plus, see #249 - things got out of sync somehow between devel and RELENG_2_3)

With these in place, things should be pretty much fixed as far as known issues and Redmine tickets are concerned. (Remaining things I cannot reproduce/figure out how to fix - https://redmine.pfsense.org/issues/6490 and https://redmine.pfsense.org/issues/1620)

@tadaog
Copy link

tadaog commented Jan 22, 2017

doktornotor:

Thks for the patch.
The current stage of squid.inc applies splice to whitelist, and I can confirm that any entry here doesn't interfere with Squidguard blocking by deny categories.

@doktornotor
Copy link
Contributor Author

@tadaog - Thanks for feedback and testing.

netgate-git-updates pushed a commit that referenced this pull request May 31, 2021
graphics/kimageannotator: update to 0.5.1, latest upstream
61d7370 
Release notes at
	https://github.com/ksnip/kImageAnnotator/releases/tag/v0.5.1
with important "Fix crash on destruct #242".

Bump two consumers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbgarga rbgarga rbgarga approved these changes

@jim-p jim-p jim-p approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@doktornotor @rbgarga @tadaog @jim-p @netgate-git-updates