sslBump: unrecognized: 'ssl_bump', unrecognized: 'https_port'

[Stephan Huiser <stephan@xxxxxxxxx>]

Hi,

I want to enable SSL bumping with Squid.
This function is disabled in Debian version of Squid (Lenny,
Lenny-backports and Squeeze), so I decided to compile Squid from source.

Squid version: 3.1.8

./configure --prefix=/usr/local/squid \
    --enable-inline \
    --enable-async-io=8 \
    --enable-storeio="ufs,aufs,diskd" \
    --enable-removal-policies="lru,heap" \
    --enable-delay-pools \
    --enable-cache-digests \
    --enable-icap-client \
    --enable-follow-x-forwarded-for \
    --enable-auth="basic,digest,ntlm,negotiate" \
   
--enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM"
\
    --enable-ntlm-auth-helpers="smb_lm," \
    --enable-digest-auth-helpers="ldap,password" \
    --enable-negotiate-auth-helpers="squid_kerb_auth" \
   
--enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group"
\
    --enable-arp-acl \
    --enable-esi \
    --disable-translation \
    --with-filedescriptors=65536 \
    --with-large-files \
    --with-ssl \
    --with-openssl=/usr \
    --with-default-user=proxy \
    --disable-ipv6

make all
make install


./squid -v
Squid Cache: Version 3.1.8
configure options:  '--prefix=/usr/local/squid'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=smb_lm,'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl' '--enable-esi' '--enable-ipv6'
'--disable-translation' '--with-filedescriptors=65536'
'--with-large-files' '--with-ssl' '--with-openssl=/usr'
'--with-default-user=proxy' '--disable-ipv6'
--with-squid=/usr/local/src/squid-3.1.8 --enable-ltdl-convenience


squid.conf (cat squid.conf | grep -v "^#" | grep -v "^$" ):

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm DOMAIN
auth_param basic credentialsttl 2 hours
cache_peer 127.0.0.1 parent 8081 0 no-query login=*:nopassword
acl apache rep_header Server ^Apache
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
acl AuthorizedUsers proxy_auth REQUIRED
external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl
acl power_download_gebruikers external ad_group InternetUnlimitedDownload
acl internet_kantoor_gebruikers external ad_group ServApplicatiegroep52
acl internet_desktop_gebruikers external ad_group Applicatiegroep55
acl internet_blacklist_gebruikers external ad_group ServApplicatiegroep53
acl ie_browser browser ^Mozilla/4\.0 .compatible; MSIE # die!!
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl terminalservers src 10.2.0.202/32
acl terminalservers src 10.2.0.203/32
acl terminalservers src 10.2.0.204/32
acl terminalservers src 10.2.0.205/32
acl terminalservers src 10.2.0.206/32
acl terminalservers src 10.2.0.207/32
acl desktops src 10.2.150.4/32
acl desktops src 10.1.107.1/32
acl desktops src 10.2.100.88/32
acl vrij_internet_werkplekken src 10.2.100.1/32
acl vrij_internet_werkplekken src 10.2.100.2/32
acl vrij_internet_werkplekken src 10.2.100.3/32
acl vrij_internet_werkplekken src 10.2.100.4/32
acl vrij_internet_werkplekken src 10.2.100.5/32
acl vrij_internet_werkplekken src 10.2.100.6/32
acl vrij_internet_werkplekken src 10.2.100.7/32
acl vrij_internet_werkplekken src 10.2.100.12/32
acl vrij_internet_werkplekken src 10.2.100.88/32
acl vrij_internet_werkplekken src 10.2.176.3/32
acl allow_download_unlimited_from dstdomain
"/etc/squid/download_unlimited_sites"
acl whitelist_kantoor dstdomain "/etc/squid/whitelist_kantoor"
acl whitelist_desktop dstdomain "/etc/squid/whitelist_desktop"
acl whitelist_desktop_IE dstdomain "/etc/squid/whitelist_desktop_IE"
acl whitelist_kantoor_IE dstdomain "/etc/squid/whitelist_kantoor_IE"
redirector_access deny whitelist_kantoor
redirector_access deny whitelist_desktop
redirector_access deny whitelist_desktop_IE
redirector_access deny whitelist_kantoor_IE
acl SSL_ports port 443        # https
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow all localhost
http_access allow ie_browser internet_desktop_gebruikers desktops
whitelist_desktop_IE
http_access allow ie_browser internet_kantoor_gebruikers terminalservers
whitelist_kantoor_IE
http_access deny ie_browser
http_access allow all internet_blacklist_gebruikers
vrij_internet_werkplekken
http_access allow internet_desktop_gebruikers desktops whitelist_desktop
http_access allow internet_kantoor_gebruikers terminalservers
whitelist_kantoor
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow localnet
icp_access deny all
reply_body_max_size 15 MB all
http_port 8080
https_port 8443 sslBump cert=/etc/ssl/certs/certificate.pem
ssl_bump allow all
http_port 127.0.0.1:3128 intercept
ssl_bump allow all
hierarchy_stoplist cgi-bin
cache_dir ufs /var/spool/squid3 10000 16 256
access_log /var/log/squid3/access.log squid
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
error_default_language    nl
redirect_program /usr/bin/squidGuard
redirect_children 20
hosts_file /etc/hosts
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER


/usr/local/squid/sbin/squid output:
2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
squid.conf:1155 unrecognized: 'https_port'
2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
squid.conf:1156 unrecognized: 'ssl_bump'
2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
squid.conf:1537 unrecognized: 'ssl_bump'
2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
squid.conf:5625 unrecognized: 'sslproxy_cert_error'
2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
squid.conf:5626 unrecognized: 'sslproxy_flags'

What am I doing wrong?


Regards,

Stephan