Hey all,
I've compiled squid-3.HEAD-20080728.tar.gz, and all seems to be working
fine in a general respect.
However, I can't seem to get sslBump working. I have squid setup as a
transparent proxy, and that part is working fine. However, when I add
the following lines, and use iptables to redirect port 443 traffic to
squid, generally squid just sits, stalled, forever.
I turned up the debug log, but didn't even see any cogent information
indicating that sslbump, or any ssl traffic was being attempted.
Any ideas? Note, while I show 'http_port 3129' below, I also tried using
port 3128, as per the example on the wiki.
Thanks
# configure the HTTP port to bump CONNECT requests
http_port 3129 sslBump cert=/usr/local/squid/etc/server.crt
key=/usr/local/squid/etc/server.key
# avoid bumping requests to sites that Squid cannot proxy well
acl broken_sites dstdomain .webax.com
ssl_bump deny broken_sites
ssl_bump allow all
# ignore certain certificate errors or
# ignore errors with certain cites (very dangerous!)
acl TrustedName url_regex ^https://weserve.badcerts.com/
acl BogusError ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow TrustedName
sslproxy_cert_error allow BogusError
sslproxy_cert_error deny all
Received on Mon Jul 28 2008 - 19:40:36 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 29 2008 - 12:00:04 MDT