[squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 29 23:55:48 UTC 2016
On 09/29/2016 05:44 PM, Michael Pelletier wrote:
> In the squid.conf.documented, it looks like I can log the server
> certificate as well as the client certificate....
>
> # %ssl::<cert_subject SSL server certificate DN
> # %ssl::<cert_issuer SSL server certificate issuer DN
Wrong directive? The above %codes were for the external_acl_type
context, not logformat IIRC.
I do not know whether they are still supported in v4 but no longer
documented (which would be a [documentation] bug) or not supported at
all (which would be a [regression] bug).
Alex.
> On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier wrote:
>
> I misspoke. I am getting %ssl::>sni but not %ssl::<cert_subject or
> %ssl::<cert_issuer but then clients may not be sending certs out....
>
> The doc says is supports server certs but using %ssl::>cert_subject
> and %ssl::>cert_issuer. gives me a parse error....
>
> Note the "<" instead of the ">"
>
> On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov
> <rousskov at measurement-factory.com
> <mailto:rousskov at measurement-factory.com>> wrote:
>
> On 09/29/2016 04:50 PM, Michael Pelletier wrote:
>
> > I am trying to log some data during the ssl flow.
>
> > logformat custom ... %ssl::>sni %ssl::>cert_subject
> %ssl::>cert_issuer
> >
> > Yet I get nothing from any of the %ssl:: entries....
>
> Do your users send certificates to Squid? If not,
> %ssl::>cert_subject
> %ssl::>cert_issuer should be "-". These %codes are _not_ about the
> origin server certificate.
>
> ssl::>sni is only available during certain SslBump steps. Do you use
> SslBump? If yes, do you get the corresponding CONNECT entries in
> your
> access log (there should be more than one CONNECT per SSL connection
> IIRC)? What are your ssl_bump rules?
>
> Alex.
>
>
>
>
> *Disclaimer: *Under Florida law, e-mail addresses are public records. If
> you do not want your e-mail address released in response to a public
> records request, do not send electronic mail to this entity. Instead,
> contact this office by phone or in writing.
>
More information about the squid-users
mailing list