[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

Yuri Voinov yvoinov at gmail.com
Mon Jan 26 19:16:49 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
No one ssl_bump combination did not work.

With your config I see only:

1422299531.482  18722 192.168.100.5 TCP_TUNNEL/200 99418 CONNECT
128.121.22.133:
443 - ORIGINAL_DST/128.121.22.133 -

and connection does'nt established.

No errors - no bump. Certs generated, but strange - without FQDN CN's.

27.01.2015 0:26, Daniel Greenwald пишет:
> Thank you Amos, I have updated to bump. Working well just the same..
> Even chrome doesn't complain for google properties. Very nice.
>
> -----------
> Daniel I Greenwald
>
>
>
> On Mon, Jan 26, 2015 at 12:35 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> It's mistype. :)
>
> Of course, I mean
>
> acl net_bump src 192.168.101.0/24 <http://192.168.101.0/24>
>
>
> Yep, sure - when I change "all" to another ACL - row bungled.
>
>
> 26.01.2015 23:33, Amos Jeffries пишет:
> > On 27/01/2015 5:37 a.m., Yuri Voinov wrote:
> >>
> >> I'm not about it.
> >>
> >> server-first keyword deprecated in 3.5.x.
> >>
> >> AFAIK, keywork "bump" now has yet another meaningful.
> >>
> >> And also: in your example can only use acl "all". Any other ACL's
> >> leading "Bungled config line" error.
> >>
> >> I.e, for example,
> >>
> >> acl net_bump acl net_bump src 192.168.101.0/24
<http://192.168.101.0/24>
>
> > You sure the bungled is not about the previous line?
>
> > "acl net_bump acl ..." no such ACL type as "acl".
>
>
> >> ssl_bump peek step1 net_bump
> >> ssl_bump server-first step2 net_bump
> >>
>
> > And yes you are right that is deprecated. It should be "bump" as the
> action.
>
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUxpKhAAoJENNXIZxhPexG830IAJxFbwTp/lo4BtL09GGU8RXI
zEElJ9R8qaSxqUFc2BL1u5n2VsCOwEAo9PQpsBZiMULLRXy2hmIGPO6tYwAehE2N
zq70oBoDkcXMavELA9ApDUo1sMu05wWJ6RlPzP3H2ctOSAakRyU7f7Eq2gPBcVSg
XO6emmIuFr83PldR9TEnYa+LSSey5ZYJK4zh/AghqgDLFQ/Uh+kJGvyN1X16QS4H
sjXQKAMRkDtzW7yTb7QQkdSQiwLYhyi6kebAz+jVu6XSI8XFeBLOOZlfHEa6R/sk
S12YGThC7Ew1GugWNlGbiaRyfUnkYtWPNSA0MQYQJVzVpTXNobgtDQs1XM5GHfM=
=DC+0
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150127/3f5e6f8c/attachment.html>


More information about the squid-users mailing list