[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 27 08:45:51 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27/01/2015 8:16 a.m., Yuri Voinov wrote:
> 
> No one ssl_bump combination did not work.
> 
> With your config I see only:
> 
> 1422299531.482  18722 192.168.100.5 TCP_TUNNEL/200 99418 CONNECT 
> 128.121.22.133: 443 - ORIGINAL_DST/128.121.22.133 -
> 
> and connection does'nt established.

That is a non-bumped TUNNEL.

If connection is not established for TUNNEL the bug is either in TCP
connecting to the server, or in the TLS/SSL directly between server
and client - Squid is not taking part.

The fact that it is a TUNNEL instead of bumped (MISS) is a separate
issue that others seem not to be having.


> 
> No errors - no bump. Certs generated, but strange - without FQDN
> CN's.
> 
> 27.01.2015 0:26, Daniel Greenwald пишет:
>> Thank you Amos, I have updated to bump. Working well just the
>> same.. Even chrome doesn't complain for google properties. Very
>> nice.
> 
>> ----------- Daniel I Greenwald
> 

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUx1A/AAoJELJo5wb/XPRj5zAH/i2R1ltgmqigDdrrIdAqbvo0
/uwoasnqcwcNBDu7j5rONLy5J+CUDXPelB5rU9lRg5YrjnjbK2mRtN+z+zKzmSjb
jcEc+VWJMWQGFpLcMImJPyUR52h0qum/JF+iCYi9bl8XjX1UTmtm804/oB7sh03C
hKa37CmxYMR1s+4EBjRbIgwGO5dVPiHvmAqPH/CI7O4rO5pddCcyul2yLlvtZPyA
KOlOkcLI89LAGU58HlcGBtiAvvAKt8TrrtlofMUcjKDD5EcHdV8F61p+DSuY1nX2
WJf03dGsSIpZ6esmYwaUA2jiIafpPkr0RcK67nnN9GvB6LzZlRJL4ZyKYIESy1E=
=aMQ1
-----END PGP SIGNATURE-----


More information about the squid-users mailing list