Hello, I have squid 3.2 set up with SSL bumping and ICAP configured for reqmod and respmod. From my ICAP client I am able to see the the request line (or status line for REQMOD) and the HTTP headers. However, for HTTPS, I am unable to see the payload in plain text. Basically when I try to read the payload from ICAP, it looks like garbage. It is as if squid is serving me the HTTP payload undecrypted. Is this supposed to happen? Is there perhaps a bug in my setup? Here is what my squid.conf looks like: http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid3/ssl/private.pem cert=/etc/squid3/ssl/public.pem always_direct allow all ssl_bump allow all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 5 icap_enable on icap_preview_enable off icap_service service_req reqmod_precache 1 icap://127.0.0.1:13440/archangel adaptation_access service_req allow all icap_service service_res respmod_precache 1 icap://127.0.0.1:13440/archangel adaptation_access service_res allow all I have generated my own certificates with openssl. Mind you, if I print out the body for a normal, unencrypted HTTP request, it prints just fine in plain text. It is for HTTPS that I get the garbage characters. I know that the payload is not simply binary data because if I print the headers it says "content-type: text/html" and this is happening for /all/ HTTPS websites like https://www.google.com/ and others. I need to be able to read the unencrypted payload in order for my ICAP service to work correctly. Thanks, -Justin -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-SSL-bump-not-able-to-read-payload-in-ICAP-tp4666859.html Sent from the Squid - Users mailing list archive at Nabble.com.
