[squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 29 23:01:27 UTC 2016
On 09/29/2016 04:50 PM, Michael Pelletier wrote:
> I am trying to log some data during the ssl flow.
> logformat custom ... %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer
>
> Yet I get nothing from any of the %ssl:: entries....
Do your users send certificates to Squid? If not, %ssl::>cert_subject
%ssl::>cert_issuer should be "-". These %codes are _not_ about the
origin server certificate.
ssl::>sni is only available during certain SslBump steps. Do you use
SslBump? If yes, do you get the corresponding CONNECT entries in your
access log (there should be more than one CONNECT per SSL connection
IIRC)? What are your ssl_bump rules?
Alex.
More information about the squid-users
mailing list