[squid-users] after changed from 3.4.13 to 3.5.8 sslbump doesn't work for the site https://banking.postbank.de/

Jason Haar Jason_Haar at trimble.com
Fri Oct 2 09:33:25 UTC 2015


On 02/10/15 21:38, Amos Jeffries wrote:
> I'm not sure but a custom certificate validator helper can probably do
> all this better. An example helper in Perl can be found at
> helpers/ssl/cert_valid.pl
That website worked for me because my external validator had an
exception rule for valid certs containing "bank" (which makes it "ERR" -
causing squid to splice it instead of bump it). To see this problem for
myself I removed that check and indeed bump-ing then failed to work
(squid-3.5.10)

I then pointed sslabs.com at that site and it got a "B" rating and
there's no obvious signs of a cert error - so I can't figure out what is
going wrong. I've manually downloaded the server cert using "openssl
s_client" and the cert chain validates just fine - so what is squid
doing to it? Weird...

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the squid-users mailing list