Hey Steve, On what OS are you running squid? is it self compiled one? Eliezer On 02/02/2015 14:09, Steve Hill wrote:
I'm pretty sure this is incorrect - I'm running Squid 3.4 without ssl_crtd, configured to bump server-first. The cert= parameter to the http_port line points at a CA certificate. When visiting an https site through the proxy, the certificate sent to the browser is a forged version of the server's certificate, signed by the cert= CA. This definitely seems to be server-first bumping - if the server's CA is unknown, Squid generates an appropriately broken certificate, etc. as you would expect. Am I missing something?
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
