> Its possible and exactly what the bumping is designed to do. In your
> case there just seems to be a problem connecting to the server to get
> its cert details to base the forged cert around.
>
>
Pfew. I'm so glad this can be done!
>>
>> (as a general idea I don't care about the contents of https traffic,
>> intercepting or otherwise, but because of the dns spoof I have to
>> forward it to the real host)
>
> Um. Is Squid being given the DNS-spoofed address or the real server
> address to contact for fetching the real server cert ?
>
Squid should be using the *good* DNS server which resolves to the
proper hosts (8.8.8.8 in /etc/resolv.conf just to be sure).
-M.
Received on Sun Dec 15 2013 - 08:30:19 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 15 2013 - 12:00:05 MST