<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:14px"><div dir="ltr">hay mate,</div><div dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1461078699262_16364" dir="ltr">as far as my testings took me, you need to have the certificate installed on your client; to avoid any possible errors.</div><div id="yui_3_16_0_ym19_1_1461078699262_16398" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1461078699262_16399" dir="ltr">also, bump server first.</div><div id="yui_3_16_0_ym19_1_1461078699262_16363" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1461078699262_16362" dir="ltr">B.R.</div><div id="yui_3_16_0_ym19_1_1461078699262_16361" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1461078699262_16400" dir="ltr">Mohammad</div><div id="yui_3_16_0_ym19_1_1461078699262_16408" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1461078699262_16360"><span></span></div><div id="yui_3_16_0_ym19_1_1461078699262_16359" class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_ym19_1_1461078699262_16252" class="yahoo_quoted">  <div id="yui_3_16_0_ym19_1_1461078699262_16251" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 14px;"> <div id="yui_3_16_0_ym19_1_1461078699262_16250" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_ym19_1_1461078699262_16339" dir="ltr"> <font id="yui_3_16_0_ym19_1_1461078699262_16338" face="Arial" size="2"> <hr size="1"> <b id="yui_3_16_0_ym19_1_1461078699262_16402"><span id="yui_3_16_0_ym19_1_1461078699262_16401" style="font-weight:bold;">From:</span></b> "Markey, Bruce" <bmarkey@steinmancommunications.com><br> <b><span style="font-weight: bold;">To:</span></b> 'Amos Jeffries' <squid3@treenet.co.nz>; "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, April 19, 2016 6:43 PM<br> <b id="yui_3_16_0_ym19_1_1461078699262_16404"><span id="yui_3_16_0_ym19_1_1461078699262_16403" style="font-weight: bold;">Subject:</span></b> Re: [squid-users] Two questions regarding ssl_bump and peek/splice.<br> </font> </div> <div id="yui_3_16_0_ym19_1_1461078699262_16249" class="y_msg_container"><br>Gotcha.  <br clear="none"><br clear="none">I should have been clear about the cert authority error, I'm getting that in client browsers for some https sites.  It seems random as to which ones.   <br clear="none"><br clear="none"><br clear="none"><br clear="none">Bruce Markey | Network Security Analyst<br clear="none">STEINMAN COMMUNICATIONS<br clear="none">717.291.8758 (o) | <a href="" class="removed-link" shape="rect" ymailto="mailto:bmarkey@steinmancommunications.com">bmarkey@steinmancommunications.com</a><br clear="none">8 West King St | PO Box 1328, Lancaster, PA 17608-1328<br clear="none"><br clear="none">-----Original Message-----<br clear="none">From: squid-users [mailto:<a href="" class="removed-link" shape="rect" ymailto="mailto:squid-users-bounces@lists.squid-cache.org">squid-users-bounces@lists.squid-cache.org</a>] On Behalf Of Amos Jeffries<br clear="none">Sent: Tuesday, April 19, 2016 10:41 AM<br clear="none">To: <a href="" class="removed-link" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">Subject: Re: [squid-users] Two questions regarding ssl_bump and peek/splice.<br clear="none"><br clear="none">On 20/04/2016 1:16 a.m., Markey, Bruce wrote:<br clear="none">> Can anyone point me to a deep dive or something like that about how<br clear="none">> ssl_bump and peek/splice etc work? The more technical the better.   I<br clear="none">> don't want to ask a ton of questions about some of the errors I'm <br clear="none">> getting without fully understanding what is going on.<br clear="none"><br clear="none">The most technical you can get is to read the code itself. Second best would be <<a href="" class="removed-link" shape="rect" target="_blank">http://wiki.squid-cache.org/Features/SslPeekAndSplice</a>>.<br clear="none"><br clear="none">> <br clear="none">> I currently have squid working almost the way I want it, with just a <br clear="none">> few remaining issues.  One of them being is that with ssl sites I seem <br clear="none">> to get a lot of "not private, cert authority" messages then I<br clear="none">> have to add that site to an acl to not be bumped.    Regarding my<br clear="none">> first question, I want to understand why.<br clear="none"><br clear="none">Odd. Neither OpenSSL nor Squid produce a message saying that.<br clear="none"><br clear="none">> <br clear="none">> My second question I think is a quickie.  Can you run 2 log files?<br clear="none">> Reason being is that I use squidanalyzer and it only reads the <br clear="none">> standard log format.  But there are better log formats for what I'm <br clear="none">> doing. I'd like to keep dual logs while I work on my own analyzer<br clear="none">> that reads that log file.   You can see the logformat line commented<br clear="none">> out along with some other log  lines.<br clear="none">> <br clear="none"><br clear="none">Yes. Just put multiple access_log lines in. One for each file/output you want.<br clear="none"><br clear="none">Amos<br clear="none"><br clear="none">_______________________________________________<br clear="none">squid-users mailing list<br clear="none"><a href="" class="removed-link" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none"><a href="" class="removed-link" shape="rect" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><div class="yqt6252115609" id="yqtfd12493"><br clear="none">_______________________________________________<br clear="none">squid-users mailing list<br clear="none"><a href="" class="removed-link" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none"><a href="" class="removed-link" shape="rect" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none"></div><br><br></div> </div> </div>  </div></div></body></html>