Search squid archive

Re: Strange behaviour with Chrome (client OS = WinXP x64) ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01.02.2015 19:50, Yuri Voinov wrote:
02.02.2015 0:46, Amos Jeffries пишет:
On 2/02/2015 7:16 a.m., Yuri Voinov wrote:
01.02.2015 23:48, Walter H. пишет:
Hello,
<snip>
acl ssl_bump_domains_bankingsites dstdomain banking.raiffeisen.at
banking.ing-diba.at ebanking.easybank.at services.kepler.at
www.kepler.at www.rcb.at
acl ssl_bump_domains_msftupdates dstdomain .update.microsoft.com
ssl_bump none ssl_bump_domains_bankingsites
ssl_bump none ssl_bump_domains_msftupdates
ssl_bump server-first all
You do it wrong. You don't know site names BEFORE bump.
No. His http_port settings are those which match a proxy being
configured explicitly in the brower, which means CONNECT messages with
domain name expected to be present.
Oh, of course. I compare it with my interception configuration. :)
But ip-based dst acl for bankings will works in any case. Just
pass-through banking IP without bump - and, viola! - they works.
Yes?

I have a few more lines before ssl-bump server-first all in my squid.conf

acl ssl_bump_domains_none_list dstdomain "/etc/squid/sslbumpnonedomains-list-acl.squid" acl ssl_bump_domains_none_regex dstdom_regex -i "/etc/squid/sslbumpnonedomains-regex-acl.squid" acl ssl_bump_domains_clntfrst_list dstdomain "/etc/squid/sslbumpclntfrstdomains-list-acl.squid" acl ssl_bump_domains_clntfrst_regex dstdom_regex -i "/etc/squid/sslbumpclntfrstdomains-regex-acl.squid"
ssl_bump none ssl_bump_domains_none_list
ssl_bump none ssl_bump_domains_none_regex
ssl_bump client-first ssl_bump_domains_clntfrst_list
ssl_bump client-first ssl_bump_domains_clntfrst_regex

and any host in one of these files is either not bumped or bumped with client-first - google's domains are the FF problem, this is the workaround


It might not be, which could be the problem. But that can only known by
looking at the CONNECT request message itself.

Amos
attached is the certificate chain the is shown in Google Chrome of this banking site, that makes problems ...
by the way, without squid it is the same ..., why?
what goes wrong?

the reason why not bumping banking sites is the following:
I have a VM that is used only for electronic banking, and there I didn't install my CAs root and the SSL-bump CA certificate; so any SSL site that has nothing to do with banking will not work, and that should it be;

Greetings,
Walter
-----BEGIN CERTIFICATE-----
MIIGkDCCBXigAwIBAgIQYkb1C4g8q44Kkus/tiL3fjANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTIyMDAwMDAwWhcNMTYwMTI2
MjM1OTU5WjCCARcxEzARBgsrBgEEAYI3PAIBAxMCREUxIjAgBgsrBgEEAYI3PAIB
AQwRRnJhbmtmdXJ0IGFtIE1haW4xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0
aW9uMREwDwYDVQQFEwhIUkIgNzcyNzELMAkGA1UEBhMCREUxDjAMBgNVBBEMBTYw
NDg2MQ8wDQYDVQQIDAZIZXNzZW4xGjAYBgNVBAcMEUZyYW5rZnVydCBhbSBNYWlu
MR4wHAYDVQQJDBVUaGVvZG9yLUhldXNzLUFsbGVlIDIxFDASBgNVBAoMC0lORy1E
aUJhIEFHMQwwCgYDVQQLDANJVEkxHDAaBgNVBAMME2JhbmtpbmcuaW5nLWRpYmEu
YXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0I92WSwNCHidlOXcT
PW2hnOw3nj3zQd1pcSzFfuLn0CUVg9l8m55r9xv//rj+1DXxEB4R6blpabw3UDJn
7/6TjpeNUzPBN1f72kYEOCvg1AQtrDYGa9FjgEd6XZMMhhMt7+hyZace62uVwS1E
GfT+eh4uQc2M8HNvzCuvtK087nDk0M2eNZ+K0DnUfr/1wmkZBDUJeYaFPSW/G+3G
la17OxAOccpK3uPQBbHvV/kCoVxYFQDlWh3sNkW4kpj0eM/4uotXEe5cGEcxuR+E
4sx/vzMcNntnxZ9pD2KdyiBfSKyJYfty0SLr2nxlHHk1SShqHDKwPTfGb6v2wS/n
nIMxAgMBAAGjggJ0MIICcDAeBgNVHREEFzAVghNiYW5raW5nLmluZy1kaWJhLmF0
MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBz
Oi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fV
kedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3Js
MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNv
bTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggEDBgor
BgEEAdZ5AgQCBIH0BIHxAO8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80O
yA3cEAAAAUsR9tHWAAAEAwBGMEQCIDkjKUNWLfk1f5f90CNgM/910+D2BGOoErHo
9CKJlAbNAiAE8DSFnN3SGco0yqO5GLtkjH9ygWmizpKLnP2E4vauvQB2AFYUBpov
18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABSxH205YAAAQDAEcwRQIgFA/3
EtWgoVnRZrTjAtgbcjKKtNQLbZI525wsvRu4k3QCIQCiEqbGpzCY0IHI5Gq7W+be
4acuWPou7nmH9iS4/SdfQzANBgkqhkiG9w0BAQsFAAOCAQEAB6jooQYCh5za9pJN
PUtys2mI/cAkMeoy+QE3YtF3oLP+9k6ausZ8bvKT5WOU+dPH7m8PHObj1n7upd2w
6M+opWrggjuM9FQigaQsfi8fP0wZwF19X+zfK4DqnoRVDTf7VcJY5kHG67a6e8rt
JXQ0G6UUT7F7oSktZ/dOWRC/8lQJ/baBSG76e3SfUKaGMd02WQZCbiYxZh0gOFJL
aozQNksMJMYK5AT2muMXiBJDLVU53RohifVvtZqkJ7qIuaQhJ3jQhXgAn3zrXGzp
+E6DtcUkcMp9lVrLRRp2eY6OZbbrl5GgSg+rEQkuo9lqmeBwZDKnuO/+7KZzfBg9
InYzeA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs
YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9
FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM
BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL
pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu
IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c
zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj
MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov
L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z
eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi
LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk
Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F
nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE
qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P
eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw
LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j
2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----

<<attachment: smime.p7s>>

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux