[squid-users] Squid 4.x acl server_cert_fingerprint for bump no matches

David Touzeau david at articatech.com
Tue May 12 11:42:13 UTC 2020


Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing 
websites.

First, get the fingerprint :

openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl 
x509 -fingerprint -noout


# Build the acl

acl TestFinger server_cert_fingerprint 
77:F6:8D:C1:0A:DF:94:8B:43:1F:8E:0E:91:5E:0C:32:42:8B:99:C9


#     I want squid to not bump this fingerprint.

acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all

But browsing on the website still receive squid certificate and not the 
original one.
Seems TestFinger Acls did not matches in any case

Did i'm wrong somewhere ?


Regards.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200512/058f2744/attachment.html>


More information about the squid-users mailing list