Search squid archive

Re: sslbump working with 3.4.9 but not in intercept mode?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2014 11:26 p.m., Jason Haar wrote:
> On 10/11/14 23:02, Amos Jeffries wrote:
>>> acl SSL_nonHTTPS_sites dstdom_regex 
>>> "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites 
>>> dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump
>>> none SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites
>>> ssl_bump server-first all
>> 
>> The TCP forwarding behaviour occurs when your "ssl_bump none"
>> rules match the IP address of the intercepted tcp/443 traffic.
>> 
>> So it comes down to what your regex files contain and what TCP
>> dst-IPs your Squid is processing. Both of the details you have
>> elided from your description.
>> 
> 
> Ha! You're dead right. I had "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" in 
> SSL_nonHTTPS_sites.txt so that Skype could work (skype will
> auto-detect proxies if needed and uses CONNECT statements to peer
> IP addresses instead of hostnames). So that whitelisted the bumps!
> 
> I've commented out  the SSL_nonHTTPS_sites rule and now it's
> broken HTTPS all together. Now "telnet 1.2.3.4 443" connects and
> immediately drops. cache.log shows squid crashing and restarting.
> If I comment out "https_port", the crashing stops, so it looks like
> my config is OK for "normal" proxy-bumping, but something is wrong
> for intercept. (this is a Centos-6 box self-compiled 3.4.9)
> 
> 2014/11/10 23:20:43 kid1| Closing HTTP port 0.0.0.0:3126 2014/11/10
> 23:20:43 kid1| Closing HTTP port 0.0.0.0:3129 2014/11/10 23:20:43
> kid1| Closing HTTPS port 0.0.0.0:3127 FATAL: xstrdup: tried to dup
> a NULL pointer!


Grr, strdup bites again. Backtrace please if you can.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUYJwrAAoJELJo5wb/XPRjTZgIAMW+5hICK87MXODECe1+qLud
sbQLjxhpE5OGyl6urmad9cfk0B+pQAdK8sYYq/rQaIYaGvjLtAxGX94x53dIP+Z/
BEd4u0IFVZ/LZpv6bhu+yN5zmXSns5s2vhupQHreeCTgcgbqylnuwVjFoB8aqdez
5TRS25LETGBBAL7L+8n5wQ//VXkz5Q8/vX8lQS5YTAJ5AhFc15/W2R2k0PtAKeXx
nCarsQjmMTO/lDTu2E5dgcpEWD1QuyMJO9YVl2oXL7YlO/t1vHzxg2xdpaKAO5Ri
q4xjodYEgOo6oFZRbkiaJwPZpowUNgbOzGGqJ/nHIwc8WpJTv5XPiJvN69HjMb8=
=4agm
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux