<p dir="ltr">According to the logs bump was being performed before the change, so I don't follow. </p>
<p dir="ltr">If the lack of an acl step1 SslBump1 was the problem he would have no bumps or bumps with incorrect host names in the certificates. Right now it seems he either is bumping some connect request whatsapp doesn't want to be MITM or he is outright denying something, maybe something else entirely, without logs we cannot be sure. <br>
Chico Venancio </p>
<div class="gmail_extra"><br><div class="gmail_quote">Em 12/09/2016 12:46, "Yuri Voinov" <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>> escreveu:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Both of you are caught in the access control list, completely lost
sight of that op basically wrote the wrong general rules for bump,
skipped step1 - SslBump1.<br>
<br>
Which can be splice by server name without peek performing? Yes?<br>
<br>
That is why he did not work. All the rest is not fundamental
cosmetics and can be written and debugged later.<br>
<br>
12.09.2016 21:40, Marcus Kool пишет:<br>
<span style="white-space:pre-wrap">><br>
><br>
> On 09/12/2016 12:15 PM, Chico Venancio wrote:<br>
>> I'd think a regex consumes a lot more resources than
server name, but don't know if it is significant.<br>
>> Anyway, without more details we can't be sure the server
name not matching is the problem.<br>
>><br>
>> We need access logs and client(browser) details.<br>
>><br>
>> By the way, acl excludeSSL ssl::server_name
<a href="http://web.whatsapp.com" target="_blank">web.whatsapp.com</a> <a href="http://web.whatsapp.com" target="_blank"><http://web.whatsapp.com></a><br>
>> Would not work, whatsapp uses some subdomains that also
should not be bumped.<br>
><br>
> squid.conf.documented seems to imply that you can add a dot
to match the subdomains also, just like with dstdomain :<br>
> acl excludeSSL ssl::server_name .<a href="http://web.whatsapp.com" target="_blank">web.whatsapp.com</a><br>
><br>
> Be careful with the regex, it matches also
web.whatsapp.com-24.site: it needs a $<br>
><br>
> Marcus<br>
><br>
>> Chico Venancio<br>
>><br>
>><br>
>> Em 12/09/2016 11:42, "Yuri Voinov" <<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>
<a href="mailto:yvoinov@gmail.com" target="_blank"><mailto:yvoinov@gmail.com></a>> escreveu:<br>
>><br>
>><br>
> Because ssl :: server_name_regex works reliably. As shown by
my personal<br>
> practice. But in general it is by op's choice.<br>
><br>
><br>
> 12.09.2016 20:38, Marcus Kool пишет:<br>
><br>
><br>
> > On 09/12/2016 11:14 AM, Yuri Voinov wrote:<br>
><br>
> >> -----BEGIN PGP SIGNED MESSAGE-----<br>
> >> Hash: SHA256<br>
><br>
> >> Oooops,<br>
><br>
> >> acl must be:<br>
><br>
> >> acl excludeSSL ssl::server_name_regex
web\.whatsapp\.com<br>
><br>
> > why a regex?<br>
> > why not the following ?<br>
> > acl excludeSSL ssl::server_name <a href="http://web.whatsapp.com" target="_blank">web.whatsapp.com</a>
<a href="http://web.whatsapp.com" target="_blank"><http://web.whatsapp.com></a><br>
><br>
> > Marcus<br>
> > ______________________________<wbr>_________________<br>
> > squid-users mailing list<br>
> > <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank"><mailto:squid-users@lists.<wbr>squid-cache.org></a><br>
> > <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank"><http://lists.squid-cache.org/<wbr>listinfo/squid-users></a><br>
><br>
>><br>
>><br>
>> ______________________________<wbr>_________________<br>
>> squid-users mailing list<br>
>> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank"><mailto:squid-users@lists.<wbr>squid-cache.org></a><br>
>> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank"><http://lists.squid-cache.org/<wbr>listinfo/squid-users></a><br>
>><br>
>><br>
>><br>
>> ______________________________<wbr>_________________<br>
>> squid-users mailing list<br>
>> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a><br>
>> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
>><br>
> ______________________________<wbr>_________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJX1s2fAAoJENNXIZ<wbr>xhPexGRXoH/2TnA1g+<wbr>DuwwXsg5qugSngC/
<br>
3mcMtqtSZ8szaESp0ofCuGvB7f3pYU<wbr>3pOpm6OAumyDDIO9bVmHX7QLDK4hkN<wbr>WaUo
<br>
f8BICxg/<wbr>zqDbIxLOJyMRo9kCyT3CT1hUd7F/<wbr>EtvAAcAUk68blAKupksYZ5gDSeN6
<br>
gY13RLeWoNgsaIZL+<wbr>LgztRf8bKGepIK9vGFyIPvKXxYP0de<wbr>y4/zndyjQbRf1ggtV
<br>
E8K/<wbr>0xU6zaflcggKFPjBHWpekATRoza09/<wbr>+BT8T/THndf1CBybmAo7wOGi1oG6nu
<br>
1qw3H2X32DyDjIOQ+<wbr>YV6NVjSDb0jPaj/taanT3W5F1/<wbr>VNhFshyw/IjIPLeoYw9k=
<br>
=TMa5
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</div>
<br>______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
<br></blockquote></div></div>