Hi, I'm trying to put sslbump to work but I can't capture and forward the client certificate when asked by the remote server. I've followed the instruciont on Features/BumpSslServerFirst Features/DynamicSslCert and I've also configured stunnel as Amos Jeffries has suggested here in the past. Do you have any other tip? If it helps, this is the related lines of my squid.conf: # As I'm using port 3128 to listen the stunnel forwarded traffic http_port 3129 ssl-bump cert=/etc/ssl/squid/squid.pem dynamic_cert_mem_cache_size=4MB generate-host-certificates=on always_direct allow all ssl_bump server-first all # the following two options are unsafe and not always necessary: sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/libexec/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 5 I'm currently running squid-3.4.5 on a gentoo server. But I've also tried with version 3.3.12. I need to pass client certificate (IE8) to at least two websites. One returns to me a 403 error and the other a 502. Mr. Rousskov, answering your question: yes, client certificate authentication does work through squid when no ssl_bump is active. Thanks for your attention. P.S.: Mr. Rousskov, thanks for your kind reply and sorry for the inconvenience :) -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSLBump-and-client-certificate-forward-tp4666290.html Sent from the Squid - Users mailing list archive at Nabble.com.
