[squid-users] sahibinden.com fails with https bump
Yuri Voinov
yvoinov at gmail.com
Tue May 10 11:22:44 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Direct connect with bypass squid gives following error:
ssl_error_unrecognized_name_alert
I.e. server certificate has no CN for this FQDN, or has different CN.
In this and in another case, the problem of the site and the webmaster.
Please contact the website owners and inform them of this problem.
10.05.16 16:34, turgut kalfaoğlu пишет:
> Hello everyone..
>
> My setup -- this is for speeding up the home ADSL..
>
> https_port 3129 intercept ssl-bump \
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
> cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem
> sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
> sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 20 startup=3 idle=1
> ssl_bump server-first all
>
> This works well for facebook, gmail, google, and probably others..
> But https://sahibinden.com , whatever they are doing fails - the page
> appears broken.
> I tried broken_sites acl trick, did not help.
>
> acl broken_sites ssl::server_name .sahibinden.com
> acl broken_sites ssl::server_name image5.sahibinden.com
> acl broken_sites ssl::server_name .shbdn.com
> ssl_bump none broken_sites
>
> Does anyone have any ideas what else I can try?
> Many thanks, -tk
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXMcSEAAoJENNXIZxhPexGOcoH+wSehhPUL0Gmw/G/03aYINIb
Z2jPrpxcLuQwAKJDVSQ1fDYwCVTmIDYpgUNamIu8qxP9mIOTQOlL7ciLLfD7+vLP
fgx1DneVNZogyQJAk4CutXvnS+D429RnXvU8DAcXelEzIdz7Vuv3l3G3hvrbIikl
wCxVme4oORssHT7IhfF6Y+do2GGVI1erAnRd+81nxYwFUCUYxh6a8moVxNyUEg7e
yF/QiGPBjXHJ/aODcpbhAMe+XMLha4OKJg1q3CXCX1VHIG+hsDwsM9T5UUViGvab
ArzdnVKx81Iu2fPTVxEZ9ThaVORkQYD/XimUgt6aqH8ADSkNf9QZrV4of7sW1yY=
=W+ch
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160510/defbf23c/attachment.key>
More information about the squid-users
mailing list