[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?
Yuri Voinov
yvoinov at gmail.com
Mon Jan 26 19:08:04 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel,
you really sure you configuration makes bumping?
/var/lib/ssl_db/certs/ remains empty, Squid cannot bump without
mimicked certs, which is not produces.
I've seen only tunneling CONNECT with your configuration (of course, you
browser glad to see original server cert ;)),
and with my las configutaion - I see the same. Only CONNECTs tunneling.
Urge Amos :))))))) judge us.
27.01.2015 0:26, Daniel Greenwald пишет:
> Thank you Amos, I have updated to bump. Working well just the same..
> Even chrome doesn't complain for google properties. Very nice.
>
> -----------
> Daniel I Greenwald
>
>
>
> On Mon, Jan 26, 2015 at 12:35 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> It's mistype. :)
>
> Of course, I mean
>
> acl net_bump src 192.168.101.0/24 <http://192.168.101.0/24>
>
>
> Yep, sure - when I change "all" to another ACL - row bungled.
>
>
> 26.01.2015 23:33, Amos Jeffries пишет:
> > On 27/01/2015 5:37 a.m., Yuri Voinov wrote:
> >>
> >> I'm not about it.
> >>
> >> server-first keyword deprecated in 3.5.x.
> >>
> >> AFAIK, keywork "bump" now has yet another meaningful.
> >>
> >> And also: in your example can only use acl "all". Any other ACL's
> >> leading "Bungled config line" error.
> >>
> >> I.e, for example,
> >>
> >> acl net_bump acl net_bump src 192.168.101.0/24
<http://192.168.101.0/24>
>
> > You sure the bungled is not about the previous line?
>
> > "acl net_bump acl ..." no such ACL type as "acl".
>
>
> >> ssl_bump peek step1 net_bump
> >> ssl_bump server-first step2 net_bump
> >>
>
> > And yes you are right that is deprecated. It should be "bump" as the
> action.
>
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUxpCTAAoJENNXIZxhPexG06UH/RVuzRRIoKz2/jUSNLE/1eSZ
tGP328qFdzRTHa0zvtQ1SRASNKVNusyykwJxJ/ZGmLUZEM9+ubUuIET4vlkZnsPd
vhsd/IqtaHWJvpVpxxr/wgu5Pv2dqtWoBHt+7Xop3oURtQq91mVEvXzPEDwxfVtX
rPp85/QPIrln5lFwaEG07TXOW2BcbXW3EfLJN7rAH3pGZh6AdROgzHCrN+pTJHj3
mI1FcCqSoy6ks73ncFbMUcMh8zaQBnr3dJQ67W32EmQIyTkNFZbLP2TTPuMJldF5
U35fKoiOc9I+dd+7/Fye4rZihA2kdfYnVWAW0/bRg/mHv/xdkZM1MXsQ+B//dbM=
=OVYL
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150127/204e5b93/attachment.html>
More information about the squid-users
mailing list