Not sure if it helps but here is an access.log entry for a non-working sslbump+dynamicssl connection. 1303442234.277 0 192.168.1.107 NONE/000 0 CONNECT gmail.google.com:443 - HIER_NONE/- - Regards, Will On Wed, Apr 20, 2011 at 9:51 PM, Will Metcalf <william.metcalf@xxxxxxxxx> wrote: > SSLBump+DynamicSSL was working for me in squid-3.2.0.5-20110329, I > built and tried 3.2.0.7 last night and it seems to present the spoofed > cert to the browser but the page never loads. Can anybody else verify > this behavior? > > ./configure --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3 > --mandir=/usr/share/man --with-cppunit-basedir=/usr --enable-inline > --enable-async-io=8 --enable-storeio="ufs,aufs,diskd" > --enable-removal-policies="lru,heap" --enable-delay-pools > --enable-cache-digests --enable-underscores --enable-icap-client > --enable-follow-x-forwarded-for --enable-arp-acl --enable-esi > --disable-translation --with-logdir=/var/log/squid3 > --with-pidfile=/var/run/squid3.pid --with-filedescriptors=65536 > --with-large-files --with-default-user=proxy --enable-ssl > --enable-ssl-crtd --enable-ecap && make && sudo make install > > > #relevant portion of the squid.conf that works with squid-3.2.0.5-20110329 > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/usr/local/squid/ssl_cert/will.lan.pem > sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s > /usr/local/squid/var/ssl_db -M 4MB > sslcrtd_children 5 > > always_direct allow all > ssl_bump allow all > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER >
