[squid-users] Ignore SSL error and splice by ssl::server_name at the same time

Ahmad, Sarfaraz Sarfaraz.Ahmad at deshaw.com
Thu Jun 21 09:11:44 UTC 2018


I was wrong. There is no way to read the remote certificate and then decide whether to bump/splice the connection. 

-----Original Message-----
From: Ahmad, Sarfaraz 
Sent: Wednesday, June 20, 2018 7:35 PM
To: 'Amos Jeffries' <squid3 at treenet.co.nz>; squid-users at lists.squid-cache.org
Subject: RE: [squid-users] Ignore SSL error and splice by ssl::server_name at the same time

Yes.  As always appreciate the quick support this community provides. :)
Thank you guys !

Regards,
Sarfaraz

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Wednesday, June 20, 2018 6:53 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Ignore SSL error and splice by ssl::server_name at the same time

On 21/06/18 00:25, Ahmad, Sarfaraz wrote:
> I found the answer to my problem. The SNI and Subject CN were 
> different in my case and I was not peeking at step2 (meaning not 
> looking at the server certificate) that is why my ACLs were ineffective.
> 

Ah, excellent. Does that mean your problem is now resolved?

Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list