<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
<br>
<br>
01.04.15 20:10, Vadim Rogoziansky пишет:<br>
<span style="white-space: pre;">> Hello Yuri,<br>
><br>
> I have the same problem with transparent proxy (can't bypass
bad web sites) and as I know squid guys did not fix SNI issue yet.
Forward proxy works smoothly.</span><br>
<br>
This is the reason that I still use 3.4.12. Bug 4188 still not
fixed.<br>
<br>
<span style="white-space: pre;">> Tell me something if I was
wrong)<br>
><br>
> My configuration is following:<br>
> /<br>
> acl step1 at_step SslBump1//<br>
> //ssl_bump stare step1 all//<br>
> //acl sslBumpDeniedDstDomain dstdomain .google.com//<br>
> //ssl_bump splice sslBumpDeniedDstDomain//<br>
> //ssl_bump bump all//<br>
> /<br>
> And sqiud version is<br>
> /Squid Cache: Version 3.5.3//<br>
> //Service Name: squid//<br>
> //configure options: '--with-openssl'
'--enable-linux-netfilter' '--disable-ipv6' '--enable-icap-client'
'--enable-ssl-crtd' '--prefix=/opt/squid'
'--enable-external-acl-helpers=none'
'--enable-auth-negotiate=none' '--enable-follow-x-forwarded-for'
'--disable-auth-ntlm' '--disable-arch-native' '--enable-wccpv2'
'--enable-snmp'
'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience/</span><br>
<br>
Looks like all ok.<br>
<br>
<span style="white-space: pre;">><br>
> Regards<br>
><br>
> On 4/1/2015 12:34 PM, Yuri Voinov wrote:<br>
>><br>
> What version of Squid you are using?<br>
><br>
> 01.04.15 13:06, Yu-Hsuan Liao пишет:<br>
> > Hello Everyone,<br>
><br>
> > I got 'ssl_error_bad_cert_domain' message from browser
when I was trying<br>
> > to bump tw.bid.yahoo.com in transparent mode<br>
><br>
> > I found that the certificate is signed to
tw.otplogin.reg.yahoo.com, which<br>
> > should be signed to tw.bid.yahoo.com<br>
><br>
> > but for now I can't bypass using the following
configure:<br>
><br>
> > acl yahoo_url tw.otplogin.reg.yahoo.com tw.bid.yahoo.com<br>
> > ssl_bump none yahoo_url<br>
><br>
> > yet everything is OK when I use forward proxy, the
certificate is correct<br>
> > signed to tw.bid.yahoo.com<br>
><br>
> > any ideas?<br>
><br>
><br>
><br>
> > _______________________________________________<br>
> > squid-users mailing list<br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVHArzAAoJENNXIZxhPexGuBsH/RYdXW7iKAbLz55Hfi/O7pJJ
<br>
ouPIZ5Gf+ApP/Aopt7/W433Uf6vudDI+xRsLfbmlPa8rdp18+wczCCbTRr7PP3uv
<br>
ULErMqaDdm5TEUTFXvR1i9XJt4I0zAcp9npRGGa4Xi9dVTQB5n7xCnL+freKT+KB
<br>
mE7VVOSBq+yq8E2+7khNRS68B5bgvuhMWdh/2pbWNvT83zwSt692R/VPq7H8rkZY
<br>
MDP8j19LaBeuvI9HIB8saPtQA0/0ptgvrwHNzTGHTPhYJJhaZsWWW35J+yj7U7Jh
<br>
hy84Pm+/xzEdEaP0j2qReBU8D38XWYuYc8BOmRTOHI1gdf8Yep0sS28W8+7xiAQ=
<br>
=S3+z
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>