[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?
Yuri Voinov
yvoinov at gmail.com
Mon Jan 26 19:16:49 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No one ssl_bump combination did not work.
With your config I see only:
1422299531.482 18722 192.168.100.5 TCP_TUNNEL/200 99418 CONNECT
128.121.22.133:
443 - ORIGINAL_DST/128.121.22.133 -
and connection does'nt established.
No errors - no bump. Certs generated, but strange - without FQDN CN's.
27.01.2015 0:26, Daniel Greenwald пишет:
> Thank you Amos, I have updated to bump. Working well just the same..
> Even chrome doesn't complain for google properties. Very nice.
>
> -----------
> Daniel I Greenwald
>
>
>
> On Mon, Jan 26, 2015 at 12:35 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> It's mistype. :)
>
> Of course, I mean
>
> acl net_bump src 192.168.101.0/24 <http://192.168.101.0/24>
>
>
> Yep, sure - when I change "all" to another ACL - row bungled.
>
>
> 26.01.2015 23:33, Amos Jeffries пишет:
> > On 27/01/2015 5:37 a.m., Yuri Voinov wrote:
> >>
> >> I'm not about it.
> >>
> >> server-first keyword deprecated in 3.5.x.
> >>
> >> AFAIK, keywork "bump" now has yet another meaningful.
> >>
> >> And also: in your example can only use acl "all". Any other ACL's
> >> leading "Bungled config line" error.
> >>
> >> I.e, for example,
> >>
> >> acl net_bump acl net_bump src 192.168.101.0/24
<http://192.168.101.0/24>
>
> > You sure the bungled is not about the previous line?
>
> > "acl net_bump acl ..." no such ACL type as "acl".
>
>
> >> ssl_bump peek step1 net_bump
> >> ssl_bump server-first step2 net_bump
> >>
>
> > And yes you are right that is deprecated. It should be "bump" as the
> action.
>
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUxpKhAAoJENNXIZxhPexG830IAJxFbwTp/lo4BtL09GGU8RXI
zEElJ9R8qaSxqUFc2BL1u5n2VsCOwEAo9PQpsBZiMULLRXy2hmIGPO6tYwAehE2N
zq70oBoDkcXMavELA9ApDUo1sMu05wWJ6RlPzP3H2ctOSAakRyU7f7Eq2gPBcVSg
XO6emmIuFr83PldR9TEnYa+LSSey5ZYJK4zh/AghqgDLFQ/Uh+kJGvyN1X16QS4H
sjXQKAMRkDtzW7yTb7QQkdSQiwLYhyi6kebAz+jVu6XSI8XFeBLOOZlfHEa6R/sk
S12YGThC7Ew1GugWNlGbiaRyfUnkYtWPNSA0MQYQJVzVpTXNobgtDQs1XM5GHfM=
=DC+0
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150127/3f5e6f8c/attachment.html>
More information about the squid-users
mailing list