Commit 45643e3
committed
fix(proxy): enforce deferred ask on direct-connect path for non-TLS protocols
SSH, plain TCP, and other non-MITM connections that go through the
direct dial path now check the deferred per-request policy before
connecting upstream. Without this, connections to ask destinations
on non-TLS ports (e.g. SSH port 22) bypassed approval entirely.1 parent 74155a3 commit 45643e3
1 file changed
Lines changed: 16 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
944 | 944 | | |
945 | 945 | | |
946 | 946 | | |
| 947 | + | |
| 948 | + | |
| 949 | + | |
| 950 | + | |
| 951 | + | |
| 952 | + | |
| 953 | + | |
| 954 | + | |
| 955 | + | |
| 956 | + | |
| 957 | + | |
| 958 | + | |
| 959 | + | |
| 960 | + | |
| 961 | + | |
| 962 | + | |
947 | 963 | | |
948 | 964 | | |
949 | 965 | | |
| |||
0 commit comments