-
Notifications
You must be signed in to change notification settings - Fork 581
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SslBump/MITM features for Squid 3.5.x (Bug #6527) #242
Conversation
Put all things into the same place and after peek.
Please leave a message when it's ready for review |
@rbgarga - well I don't plan any changes there unless someone complains about something being more broken than it is already. Not using any of this evil MITM stuff myself so I thought someone who's making use of those would be able to spot issues more reliably/easily. So far the forum test request has collected ~60 views and no response. Funny, considering the flood of questions and complaints about MITM on the forum. I'd leave this open until new year and then just go ahead. |
This was literally copied over from reverse proxy settings. Squid proxy is the client here, so the wording was confusing.
@rbgarga - Go ahead, please, 120 views and zero response on the forum, people apparently don't care. (Also improved the compatibility mode description while here.) |
It looks OK to me, lets just wait for @jim-p review, just to have an extra pair of eyes |
Yeah, no hurry, been broken for quite some time (plus, the entire idea is sort of broken by design :D) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks OK to me, though I don't have any setup with SSL bump to test. A potential fix is better than a known broken state.
Merging it to devel and RELENG_2_3 to give users a change to test and after that we can cherry-pick it to RELENG_2_3_2 |
@doktornotor I was thinking about merge it to 2.3.2, did you hear back from users? |
@rbgarga Unfortunately not... It's be nice to get all the stuff merged including the latest GUI updates after it gets a couple of days of testing to prevent confusion with very different versions across branches. Also, I'm afraid getting this to a release version is the only way to get some reasonable amount of people testing things. Apparently, the 2.3.3/2,4 snapshots is not something that can be used for wide testing. :( Also, did (hopefully) last round of fixes in #250 (plus, see #249 - things got out of sync somehow between devel and RELENG_2_3) With these in place, things should be pretty much fixed as far as known issues and Redmine tickets are concerned. (Remaining things I cannot reproduce/figure out how to fix - https://redmine.pfsense.org/issues/6490 and https://redmine.pfsense.org/issues/1620) |
doktornotor: Thks for the patch. |
@tadaog - Thanks for feedback and testing. |
Release notes at https://github.com/ksnip/kImageAnnotator/releases/tag/v0.5.1 with important "Fix crash on destruct #242". Bump two consumers.
(Also improved the compatibility mode description while here.)