[squid-users] Squid fails to bump where there are too many DNS names in SAN field

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 4 04:40:02 UTC 2018


On 4/09/18 10:39 AM, Alex Rousskov wrote:
> On 09/03/2018 01:34 AM, Ahmad, Sarfaraz wrote:
> 
>> interception/MITM appears to fail where remote certificates from
>> origin servers have way too many dnsnames in the SAN field.
>>
>> I have noticed this behavior with at least these 2 websites. In both the
>> cases, my setup would be bumping the connections.  
>>
>> https://www.pcmag.com/ 
>> https://www.extremetech.com/
> 
>> I will have to file a bug ?
> 

Does it look like a reoccurance of this bug?
 <https://bugs.squid-cache.org/show_bug.cgi?id=3665>

We did not have a concrete confirmation that the exact issue was
permanently gone, it may have just been shifted to larger more obscure
SAN field values.


Amos


More information about the squid-users mailing list