[squid-users] Squid 4.x acl server_cert_fingerprint for bump no matches
David Touzeau
david at articatech.com
Tue May 12 11:42:13 UTC 2020
Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing
websites.
First, get the fingerprint :
openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl
x509 -fingerprint -noout
# Build the acl
acl TestFinger server_cert_fingerprint
77:F6:8D:C1:0A:DF:94:8B:43:1F:8E:0E:91:5E:0C:32:42:8B:99:C9
# I want squid to not bump this fingerprint.
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
But browsing on the website still receive squid certificate and not the
original one.
Seems TestFinger Acls did not matches in any case
Did i'm wrong somewhere ?
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200512/058f2744/attachment.html>
More information about the squid-users
mailing list