[squid-users] Two questions regarding ssl_bump and peek/splice.

Alex Rousskov rousskov at measurement-factory.com
Tue Apr 19 14:43:28 UTC 2016

On 04/19/2016 07:16 AM, Markey, Bruce wrote:
> Can anyone point me to a deep dive or something like that about how
> ssl_bump and peek/splice etc work? The more technical the better.

That's easy! https://code.launchpad.net/squid

http://wiki.squid-cache.org/Features/SslPeekAndSplice is less technical
but documents most of the modern mechanics. Unfortunately, it is
difficult to grok quickly or without good understanding of how SSL and
HTTP work in general. There are also a few bug reports on Bugzilla
covering various corner cases.

> I
> don’t want to ask a ton of questions about some of the errors I’m
> getting without fully understanding what is going on.  

Do not worry about full understanding. There are probably less than 10
people in the world that got close to that coveted level of "full
understanding". Unfortunately, they got there through years of pain and
suffering, not reading documentation. And they are too busy to document
everything they know.

> I currently have squid working almost the way I want it, with just a few
> remaining issues.  One of them being is that with ssl sites I seem to
> get a lot of “not private, cert authority” messages then I have to add
> that site to an acl to not be bumped.    Regarding my first question, I
> want to understand why.

Please make sure you specify the exact error message and which agent is
generating it when asking about this problem in the future. Also,
examine and report which certificate (origin server or one of the
Squid-generated ones; which one?) is being received by that agent if

> My second question I think is a quickie.  Can you run 2 log files? 
> Reason being is that I use squidanalyzer and it only reads the standard
> log format.  But there are better log formats for what I’m doing. I’d
> like to keep dual logs while I work on my own analyzer that reads that
> log file.   You can see the logformat line commented out along with some
> other log  lines.

Yes, you can have many access_log directives.



More information about the squid-users mailing list