[squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log
Michael Pelletier
michael.pelletier at palmbeachschools.org
Thu Sep 29 23:44:21 UTC 2016
In the squid.conf.documented, it looks like I can log the server
certificate as well as the client certificate....
# %ssl::>sni SSL client SNI sent to
Squid
# %ssl::<cert_subject SSL server certificate
DN
# %ssl::<cert_issuer SSL server certificate issuer
DN
#
# %>{Header} HTTP request header "Header"
On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier <
michael.pelletier at palmbeachschools.org> wrote:
> I misspoke. I am getting %ssl::>sni but not %ssl::<cert_subject or
> %ssl::<cert_issuer but then clients may not be sending certs out....
>
> The doc says is supports server certs but using %ssl::>cert_subject and
> %ssl::>cert_issuer. gives me a parse error....
>
> Note the "<" instead of the ">"
>
> On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov <
> rousskov at measurement-factory.com> wrote:
>
>> On 09/29/2016 04:50 PM, Michael Pelletier wrote:
>>
>> > I am trying to log some data during the ssl flow.
>>
>> > logformat custom ... %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer
>> >
>> > Yet I get nothing from any of the %ssl:: entries....
>>
>> Do your users send certificates to Squid? If not, %ssl::>cert_subject
>> %ssl::>cert_issuer should be "-". These %codes are _not_ about the
>> origin server certificate.
>>
>> ssl::>sni is only available during certain SslBump steps. Do you use
>> SslBump? If yes, do you get the corresponding CONNECT entries in your
>> access log (there should be more than one CONNECT per SSL connection
>> IIRC)? What are your ssl_bump rules?
>>
>> Alex.
>>
>>
>
--
*Disclaimer: *Under Florida law, e-mail addresses are public records. If
you do not want your e-mail address released in response to a public
records request, do not send electronic mail to this entity. Instead,
contact this office by phone or in writing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160929/29394936/attachment.html>
More information about the squid-users
mailing list