Search squid archive

SSLBump+DynamicSSL not working in Squid 3.2.0.7?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SSLBump+DynamicSSL was working for me in squid-3.2.0.5-20110329, I
built and tried 3.2.0.7 last night and it seems to present the spoofed
cert to the browser but the page never loads.  Can anybody else verify
this behavior?

 ./configure --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3
--mandir=/usr/share/man --with-cppunit-basedir=/usr --enable-inline
--enable-async-io=8 --enable-storeio="ufs,aufs,diskd"
--enable-removal-policies="lru,heap" --enable-delay-pools
--enable-cache-digests --enable-underscores --enable-icap-client
--enable-follow-x-forwarded-for --enable-arp-acl --enable-esi
--disable-translation --with-logdir=/var/log/squid3
--with-pidfile=/var/run/squid3.pid --with-filedescriptors=65536
--with-large-files --with-default-user=proxy --enable-ssl
--enable-ssl-crtd --enable-ecap && make && sudo make install


#relevant portion of the squid.conf that works with squid-3.2.0.5-20110329
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/ssl_cert/will.lan.pem
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/ssl_db -M 4MB
sslcrtd_children 5

always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux