Search squid archive

Re: SSL_bump ACL for destdomain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 04 Feb 2014 19:17:51 +0600, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

On 4/02/2014 11:34 p.m., Yury Paykov wrote:
Hello, squid users, I'm currently having an issue trying to configure

That would be because the IP address is all Squid has to work with from
the TCP packet and the best domain that can be known is the PTR record.

Or CN form the server certificate, which lead me to my following thread...

FYI: 1e100.net is a google domain just as much as "google.com" etc.
Add " .1e100.net " to your dstdomain ACL and it will work better.
It may as well be, but the information as to which domains to bump
comes from user, who is unlikely to guess that for search requests to google.com not to be bumped he/she also need to mention .1e100.net...



MY QUESTION IS  - Is there a way to use CN information from server
certificate which is retrieved with /server-first/ method? Can I construct
an ACL rule based on it?

Not until after the bumping happens.
Sad :(


Amos



Anyway, I'm grateful for your attention !

--
Sincerely Yours,
  ====Yury Paykov, aka Crystal




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux