[squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

Amos Jeffries squid3 at treenet.co.nz
Fri Sep 30 03:12:03 UTC 2016


On 30/09/2016 12:55 p.m., Alex Rousskov wrote:
> On 09/29/2016 05:44 PM, Michael Pelletier wrote:
>> In the squid.conf.documented, it looks like I can log the server
>> certificate as well as the client certificate....
>>
>> #         %ssl::<cert_subject SSL server certificate DN
>> #         %ssl::<cert_issuer SSL server certificate issuer DN                                                                              
> 
> Wrong directive? The above %codes were for the external_acl_type
> context, not logformat IIRC.
> 
> I do not know whether they are still supported in v4 but no longer
> documented (which would be a [documentation] bug) or not supported at
> all (which would be a [regression] bug).
> 

With Squid-4 the ACl and log format codes should be the same now.
Perhapse more info at logging time than helper API, but thats all.

* Things available to the ACL but not at logging is a bug, probably a
regression.
* Things that used to log but no longer do are regressions.
* Otherwise things that should be available but are not at the helper
ACL time are missing feature bugs.

Amos



More information about the squid-users mailing list