<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hello Yuri,<br>
<br>
I have the same problem with transparent proxy (can't bypass bad
web sites) and as I know squid guys did not fix SNI issue yet.
Forward proxy works smoothly.<br>
Tell me something if I was wrong)<br>
<br>
My configuration is following:<br>
<i><br>
acl step1 at_step SslBump1</i><i><br>
</i><i>ssl_bump stare step1 all</i><i><br>
</i><i>acl sslBumpDeniedDstDomain dstdomain .google.com</i><i><br>
</i><i>ssl_bump splice sslBumpDeniedDstDomain</i><i><br>
</i><i>ssl_bump bump all</i><i><br>
</i><br>
And sqiud version is<br>
<i>Squid Cache: Version 3.5.3</i><i><br>
</i><i>Service Name: squid</i><i><br>
</i><i>configure options: '--with-openssl'
'--enable-linux-netfilter' '--disable-ipv6'
'--enable-icap-client' '--enable-ssl-crtd' '--prefix=/opt/squid'
'--enable-external-acl-helpers=none'
'--enable-auth-negotiate=none' '--enable-follow-x-forwarded-for'
'--disable-auth-ntlm' '--disable-arch-native' '--enable-wccpv2'
'--enable-snmp'
'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience</i><br>
<br>
Regards<br>
<br>
On 4/1/2015 12:34 PM, Yuri Voinov wrote:<br>
</div>
<blockquote cite="mid:551BBBB5.6010603@gmail.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
What version of Squid you are using?<br>
<br>
01.04.15 13:06, Yu-Hsuan Liao пишет:<br>
<span style="white-space: pre;">> Hello Everyone,<br>
><br>
> I got 'ssl_error_bad_cert_domain' message from browser
when I was trying<br>
> to bump tw.bid.yahoo.com in transparent mode<br>
><br>
> I found that the certificate is signed to
tw.otplogin.reg.yahoo.com, which<br>
> should be signed to tw.bid.yahoo.com<br>
><br>
> but for now I can't bypass using the following configure:<br>
><br>
> acl yahoo_url tw.otplogin.reg.yahoo.com tw.bid.yahoo.com<br>
> ssl_bump none yahoo_url<br>
><br>
> yet everything is OK when I use forward proxy, the
certificate is correct<br>
> signed to tw.bid.yahoo.com<br>
><br>
> any ideas?<br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVG7u1AAoJENNXIZxhPexGiZwH/19TdE+jGhb29JPXqvf1cVqv
<br>
HAjmuq7nj9dQt/SmW2CM+rPeS6pgHuJIH2/rVsxU/ydbDhuomNBmOuZyhguaUBM0
<br>
xke1UBjHFbPsTHczfmlaW3/q+V1wg1BJ0Le8lNnJ4dZMxH5rK/O6L0zb6HwS7SMJ
<br>
Nn15VpqGWY6cESWMvV3ZYrdQ2dgiQRO9CEQkpXSAy5xV4C+5B4L10FfsN1JeMPZF
<br>
NZ/trRZFpZha2cQk65zYE4oBuiT137I4EKv+ldLu3uWhkGS8oqKSiPxjSmckzjhw
<br>
jFUONqSKGOxbT4HSBQSjZgmEvPLg/HKlVR99eH+Vyc/kOfGh7rt63bQ6AUYM3Jc=
<br>
=+MVl
<br>
-----END PGP SIGNATURE-----
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>