Hello, squid users, I'm currently having an issue trying to configure Squid (use 3.3) to bypass a handful of sites. I mean, i want squid to NOT bump the connection. I employ the following in the config : acl https_proxy dstdomain www.google.com acl https_proxy dstdomain google.ru ssl_bump none https_proxy ssl_bump server-first all This should work like "If google, do not bump, else ssl-bump the connection" However, it doesn't work as expected and instead bumps google as well When I used debugging, I saw that squid actually checks IP address and then - the PTR entry, where neither is *google* anything 2014/02/04 14:36:30.428| Acl.cc(336) matches: ACLList::matches: checking https_proxy 2014/02/04 14:36:30.428| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'https_proxy' 2014/02/04 14:36:30.428| DomainData.cc(131) match: aclMatchDomainList: checking '173.194.71.94' 2014/02/04 14:36:30.428| DomainData.cc(135) match: aclMatchDomainList: '173.194.71.94' NOT found 2014/02/04 14:36:30.428| DomainData.cc(131) match: aclMatchDomainList: checking 'lb-in-f94.1e100.net' 2014/02/04 14:36:30.428| DomainData.cc(135) match: aclMatchDomainList: 'lb-in-f94.1e100.net' NOT found MY QUESTION IS - Is there a way to use CN information from server certificate which is retrieved with /server-first/ method? Can I construct an ACL rule based on it? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSL-bump-ACL-for-destdomain-tp4664589.html Sent from the Squid - Users mailing list archive at Nabble.com.
