Squid 3.5.2 intercept mode and Avast free antivirus 2015 on windows 7
aren't playing well together. Chrome returns a ca invalid error,
details reveal
its the avast web/mail shield cert that its not being trusted.
Everything works if
I turn the webshield off, or on a very strange note, works fine on a
Windows XP
(I know, old/bad, upgrade blah blah) machine also running avast 2015. The
windows XP version does have a difference cert than the windows 7 version
however. Avast seems to be doing a sslbump on its own between the client
and the squid proxy. Does anyone else have a similar setup working, and
if so
whats the magic incantation to make it play nice?
squid -v
Squid Cache: Version 3.5.2
Service Name: squid
configure options: '--disable-strict-error-checking'
'--disable-arch-native' '--enable-shared'
'--datadir=/usr/local/share/squid'
'--libexecdir=/usr/local/libexec/squid' '--disable-loadable-modules'
'--enable-arp-acl' '--enable-auth' '--enable-delay-pools'
'--enable-follow-x-forwarded-for' '--enable-forw-via-db'
'--enable-http-violations' '--enable-icap-client' '--enable-ipv6'
'--enable-referer-log' '--enable-removal-policies=lru heap'
'--enable-ssl' '--with-openssl=/usr/local/ssl' '--enable-storeio=aufs
ufs diskd' '--with-default-user=_squid' '--with-filedescriptors=8192'
'--with-krb5-config=no' '--with-pidfile=/var/run/squid.pid'
'--with-pthreads' '--with-swapdir=/var/squid/cache'
'--disable-pf-transparent' '--enable-ipfw-transparent'
'--enable-external-acl-helpers=LDAP_group SQL_session file_userip
time_quota session unix_group wbinfo_group LDAP_group
eDirectory_userip' '--prefix=/usr/local' '--sysconfdir=/etc/squid'
'--mandir=/usr/local/man' '--infodir=/usr/local/info'
'--localstatedir=/var/squid' '--disable-silent-rules' 'CC=cc'
'CFLAGS=-O2 -pipe' 'LDFLAGS=-L/usr/local/lib'
'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe'
'--enable-ssl-crtd' '--enable-ltdl-convenience'
uname -a
OpenBSD jarosz-fw 5.6 GENERIC.MP#299 i386
squid.conf
...
https_port [::1]:3127 intercept ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=16MB \
cert=/etc/squid/ssl_cert/Test2.pem
#
# SSL intercept configuration
#
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /data/squid/ssl_db
-M 16MB
sslcrtd_children 10
always_direct allow all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslproxy_cafile /etc/ssl/ca-bundle.crt
https_port[127.0.0.1]:3127 same config lines as the IPv6 port.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users