On 19/11/2013 12:42 a.m., Shinoj Gangadharan wrote: > Hi, > > I am able to intercept normal SSL connections using ssl_bump. How can I > pass on the client certificate to the server? I tried using cache_peer but > could not get it to work. Here is the conf : > > acl myacl dstdomain myssldomain.com > > cache_peer ssl.myssldomain.com parent 443 0 no-query proxy-only > originserver ssl sslcert=/home/certificates/cl2.crt > sslflags=DONT_VERIFY_PEER name=myssl > cache_peer_access myssl allow myacl > never_direct allow myacl > > > I have disabled always_direct : > > #always_direct allow all > Re-enable always_direct for server-first bumping to work as designed. Otherwise you are just sending the client your peers SSL certificates. Thats all the help I can give for now sorry. FWIW I dont think we have a client-mimicing feature in Squid at this point. So client certs may be passed onward, but likely not to be as Squid wants to be able to decrypt the server data which will be encrypted against the client cert key. Amos
