Search squid archive

Squid 3.5.2 and Avast free anti-virus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Squid 3.5.2 intercept mode and Avast free antivirus 2015 on windows 7
aren't playing well together. Chrome returns a ca invalid error, details reveal its the avast web/mail shield cert that its not being trusted. Everything works if I turn the webshield off, or on a very strange note, works fine on a Windows XP
(I know, old/bad, upgrade blah blah) machine also running avast 2015.  The
windows XP version does have a difference cert than the windows 7 version
however.  Avast seems to be doing a sslbump on its own between the client
and the squid proxy. Does anyone else have a similar setup working, and if so
whats the magic incantation to make it play nice?

 squid -v
Squid Cache: Version 3.5.2
Service Name: squid
configure options: '--disable-strict-error-checking' '--disable-arch-native' '--enable-shared' '--datadir=/usr/local/share/squid' '--libexecdir=/usr/local/libexec/squid' '--disable-loadable-modules' '--enable-arp-acl' '--enable-auth' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-forw-via-db' '--enable-http-violations' '--enable-icap-client' '--enable-ipv6' '--enable-referer-log' '--enable-removal-policies=lru heap' '--enable-ssl' '--with-openssl=/usr/local/ssl' '--enable-storeio=aufs ufs diskd' '--with-default-user=_squid' '--with-filedescriptors=8192' '--with-krb5-config=no' '--with-pidfile=/var/run/squid.pid' '--with-pthreads' '--with-swapdir=/var/squid/cache' '--disable-pf-transparent' '--enable-ipfw-transparent' '--enable-external-acl-helpers=LDAP_group SQL_session file_userip time_quota session unix_group wbinfo_group LDAP_group eDirectory_userip' '--prefix=/usr/local' '--sysconfdir=/etc/squid' '--mandir=/usr/local/man' '--infodir=/usr/local/info' '--localstatedir=/var/squid' '--disable-silent-rules' 'CC=cc' 'CFLAGS=-O2 -pipe' 'LDFLAGS=-L/usr/local/lib' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe' '--enable-ssl-crtd' '--enable-ltdl-convenience'

 uname -a
OpenBSD jarosz-fw 5.6 GENERIC.MP#299 i386

squid.conf
...
https_port [::1]:3127 intercept ssl-bump \

        generate-host-certificates=on \
        dynamic_cert_mem_cache_size=16MB \
        cert=/etc/squid/ssl_cert/Test2.pem
#
#       SSL intercept configuration
#
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /data/squid/ssl_db -M 16MB
sslcrtd_children 10
always_direct allow all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslproxy_cafile /etc/ssl/ca-bundle.crt

https_port[127.0.0.1]:3127 same config lines as the IPv6 port.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux