Please excuse my persistence, but when that condition was introduced, in [2011]( https://github.com/squid-cache/squid/commit/9d7a49fb719dcd9ec22a8d3116e888c6e93c5dbb), it was meant to prevent forwarding unencrypted requests. You can see that there is no check whether `cache_peer` is using ssl, in which case requests would be encrypted, after all.
I think that condition shouldn't include `cache_peer`s with ssl. *Mihai Ene* Software Developer *UB | Your universal basket* http://ub.io m...@ub.io @shop_ub +44 (0)7473 804972 <+447473804972> On Thu, Jul 21, 2016 at 6:51 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 21/07/2016 3:36 a.m., Mihai Ene wrote: > >> Squid SHOULD be able to send SSL-bump decrypted traffic to a cache_peer > > with 'ssl' flag set. > > > > But squid's source code says otherwise: > > > https://github.com/squid-cache/squid/blob/23f981d410009ba5aee455144d18b4178d042b34/src/FwdState.cc#L816 > > > > Besides, I'm seeing that `debugs` output on line 819 in my logs when > > testing with an ssl enabled cache_peer. > > > > Ah, darn. Sorry. You are right. I was mistaking the originserver peer case. > > Amos > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
