[squid-users] Ssl-Bump and revoked server certificates
squid3 at treenet.co.nz
Mon Oct 26 18:11:54 UTC 2015
On 27/10/2015 5:43 a.m., Sebastian Kirschner wrote:
> in my squid setup the sslcrtvalidator_program doesn’t send the data´s that I expect to the helper :-) .
> The helper receive the data´s as described in the wiki , expect the "form" of the domain,
> here I would expect a FQDN or domain like google.de or ca.google.de but the helper receive a IP.
If this is intercepted traffic then IIRC that is expected behaviour at
present. SNI is new and has not been rolled into every corner yet.
You may need to use key_extras feature for now to send the SNI logformat
value explicitly in a new key=value field.
Or you could look at making a patch to send the SNI instead of HTTP
level "domain" from the CONNECT. Any help getting these annoyances out
of the way is very welcome.
More information about the squid-users