[squid-users] Ssl-Bump and revoked server certificates
Amos Jeffries
squid3 at treenet.co.nz
Mon Oct 26 18:11:54 UTC 2015
On 27/10/2015 5:43 a.m., Sebastian Kirschner wrote:
> Hi,
>
> in my squid setup the sslcrtvalidator_program doesn’t send the data´s that I expect to the helper :-) .
> The helper receive the data´s as described in the wiki , expect the "form" of the domain,
> here I would expect a FQDN or domain like google.de or ca.google.de but the helper receive a IP.
If this is intercepted traffic then IIRC that is expected behaviour at
present. SNI is new and has not been rolled into every corner yet.
You may need to use key_extras feature for now to send the SNI logformat
value explicitly in a new key=value field.
Or you could look at making a patch to send the SNI instead of HTTP
level "domain" from the CONNECT. Any help getting these annoyances out
of the way is very welcome.
Amos
More information about the squid-users
mailing list