[squid-users] https_port Listen on different IP

[houheming]

Hi squid-users,

         I have to use squid in a very uncommon way, here it is:

1.       Configure squid to be a https tproxy proxy;

2.       For some https server IPs , configure squid to send the client
browser certificates which signed by some specific root CAs;

3.       For other https server IPs, configure squid to send client browser
certificates which signed by default root CA;

 

Here is part of my squid.conf:

 

#default root CA for default https servers

https_port 443 tproxy ssl-bump cert=/usr/local/squid/server.crt
key=/usr/local/squid/server.key version=1 generate-host-certificates=on

#for special server baidu.com

https_port 180.97.33.107:443 tproxy ssl-bump
cert=/usr/local/squid/server_baidu.crt key=/usr/local/squid/server_baidu.key
version=1 generate-host-certificates=on

https_port 180.97.33.108:443 tproxy ssl-bump
cert=/usr/local/squid//server_baidu.crt
key=/usr/local/squid/server_baidu.key version=1
generate-host-certificates=on

 

 

The problem is if I configure squid like this, the line2 and line3 will
never work; If I switch line1 with line2 and line3(put line2 and line3 at
the above of line 1 in squid.conf), then only line2 and line3 will get its
chance to work, line1 will not work. 



 

>From the screenshot , you can see that when I use "squid -k parse" to check
squid.conf, it shows that it will initialize three SSL context, but if you
check the port, only the first SSL context is initialized.

 

Any help will be appreciated!

 

Horise Hou

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181019/252bbcf7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 14789 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181019/252bbcf7/attachment-0001.png>