<div dir="ltr">In the squid.conf.documented, it looks like I can log the server certificate as well as the client certificate....<br><div><div><br># %ssl::>sni SSL client SNI sent to Squid <br># %ssl::<cert_subject SSL server certificate DN <br># %ssl::<cert_issuer SSL server certificate issuer DN <br># <br># %>{Header} HTTP request header "Header" <br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier <span dir="ltr"><<a href="mailto:michael.pelletier@palmbeachschools.org" target="_blank">michael.pelletier@palmbeachschools.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>I misspoke. I am getting %ssl::>sni but not %ssl::<cert_subject or %ssl::<cert_issuer but then clients may not be sending certs out....<br><br></div>The doc says is supports server certs but using %ssl::>cert_subject and %ssl::>cert_issuer. gives me a parse error....<br><br></div>Note the "<" instead of the ">"<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov <span dir="ltr"><<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.<wbr>com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 09/29/2016 04:50 PM, Michael Pelletier wrote:<br>
<br>
> I am trying to log some data during the ssl flow.<br>
<br>
</span>> logformat custom ... %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer<br>
<span>><br>
> Yet I get nothing from any of the %ssl:: entries....<br>
<br>
</span>Do your users send certificates to Squid? If not, %ssl::>cert_subject<br>
%ssl::>cert_issuer should be "-". These %codes are _not_ about the<br>
origin server certificate.<br>
<br>
ssl::>sni is only available during certain SslBump steps. Do you use<br>
SslBump? If yes, do you get the corresponding CONNECT entries in your<br>
access log (there should be more than one CONNECT per SSL connection<br>
IIRC)? What are your ssl_bump rules?<br>
<span><font color="#888888"><br>
Alex.<br>
<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>
<p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p><p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p><p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p><div><div style="font-size:1.3em"><b style="color:rgb(34,34,34);font-size:1.3em"><font size="2"><span style="line-height:14.7200002670288px;font-family:Arial">Disclaimer:</span> </font></b><span style="color:rgb(34,34,34);font-size:x-small;line-height:11.5px;font-family:Arial">Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.</span></div></div><p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p><p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p><p style="font-size:1.3em;font-family:Arial,Helvetica,sans-serif"></p>