[squid-users] IPv6 and syntax?
Walter H.
Walter.H at mathemainzel.info
Mon May 18 15:20:20 UTC 2015
On 18.05.2015 13:25, Amos Jeffries wrote:
>> I would have done it this way:
>>
>> acl block_whole_network dst_as 4837
>> deny_info errorpage block_whole_network
>> http_access deny block_whole_network
>>
>> but this crashes squid ...
>>
> Ouch. Is that the<http://bugs.squid-cache.org/show_bug.cgi?id=3579> crash?
>
yes, this crash;
> I would like to fix that, but need the backtrace.
how would a generate the backtrace?
>>
>>>> does it seem to be problematic, when having an TLS-server with an IPv6
>>>> address only without DNS, because of the comm name?
>>> That is a different issue entirely.
>> yes and hoping no browser ever will accept a common name of just '*'
>>> Going by that description it seems Firefox and Chrome are a bit broken.
>> IE, too;
> IE is doing the right thing in your description. That cert-with-IP
> warning is the correct / working behaviour.
not really, with IPv4 it doesn't bring this warning - the CA cert using
in squid is installed in both the FF certstore
and the windows system certstore (IE and Chrome use this)
> The Firefox hang and Chrome
> "insecure" warning are the broken bits.
Walter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5971 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150518/2a117271/attachment.bin>
More information about the squid-users
mailing list