[squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

[Yuri Voinov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
No. Can't get PTR.

WU session initiated from IP 134.170.53.30,

which has not PTR record.

So,  Squid gives

1459017040.855    488 192.168.100.103 NONE_ABORTED/200 0 CONNECT
134.170.53.30:443 - ORIGINAL_DST/134.170.53.30 -

error whenever this ACL:

acl BrokenButTrustedServers dstdomain "/usr/local/squid/etc/dstdom.broken"
acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch
sslproxy_cert_error deny all

or

sslproxy_cert_error allow all

When I bypass all WU IP ranges on router with WCCP, WU works. But this
is not an option, WU must be cached.

So, I can't splice dst by IP with Squid 4.x, right?

26.03.16 23:25, Alex Rousskov пишет:
> On 03/26/2016 04:53 AM, Yuri Voinov wrote:
>> http://i.imgur.com/kxrOEVd.png
>>
>> How to suppress this? It stops WU right now.
>
>
> Does the ssl::certDomainMismatch ACL work to bypass the
> SQUID_X509_V_ERR_DOMAIN_MISMATCH error?
>
> If not, then just as a triage experiment (and not for production use!),
> does the following bypass the SQUID_X509_V_ERR_DOMAIN_MISMATCH error?
>
>   sslproxy_cert_error allow all
>
>
> Alex.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJW9tbTAAoJENNXIZxhPexGda4H+gKYABV8XUbtXVDDWuTz2xiC
t4gWgw+6p6Z3DP1HZIomRiBY2lRZ0i2+lfnN8cQ1v27wRELEkj036hBYsuk/TaWz
Ep9upN/L+0kTHLRe9a1iCEX6WlNKqfySQ4WVr/s2jmHmWzBD9QU0QZpshuCXLQe3
FBoydPuC/aKdRbofFDpciPrfWY3TH3ClyLkbuvrUdbzjur91XOoBwqBKaQa8E7AK
mv67FTeLQFvFR0+xjBx1u4g8r2z2Ocg1udzf6DhByCMp8PTvGmeVgt61YBgPh0sJ
GAJP19axg3yMuT7jvoBjWrKIpUMHPH3vnz3N9qjO71YfWicOchq+/3BHsO4Mi8M=
=hFL8
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160327/5b9c5fa5/attachment-0001.key>