[squid-users] sslBump and intercept
Eugene M. Zheganin
emz at norma.perm.ru
Thu Nov 12 09:04:15 UTC 2015
This question is unrelated directly to my yesterday's one.
I decided to intercept the HTTPS traffic on my production squids from
proxy-unware clients to be able to tell them there's a proxy and they
should configure one.
So I'm doing it like (the process of forwarding using FreeBSD pf is not
acl unauthorized proxy_auth stringthatwillnevermatch
acl step1 at_step sslBump1
https_port 127.0.0.1:3131 intercept ssl-bump
https_port [::1]:3131 intercept ssl-bump
ssl_bump peek step1
ssl_bump bump unauthorized
ssl_bump splice all
Almost everything works, except that squid for some reason is generating
certificates in this case for IP addresses, not names, so the browser
shows a warning abount certificate being valid only for IP, and not name.
Am I doing something wrong ?
More information about the squid-users