|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 01.04.15 20:10, Vadim Rogoziansky пишет: > Hello Yuri, > > I have the same problem with transparent proxy (can't bypass bad web sites) and as I know squid guys did not fix SNI issue yet. Forward proxy works smoothly. This is the reason that I still use 3.4.12. Bug 4188 still not fixed. > Tell me something if I was wrong) > > My configuration is following: > / > acl step1 at_step SslBump1// > //ssl_bump stare step1 all// > //acl sslBumpDeniedDstDomain dstdomain .google.com// > //ssl_bump splice sslBumpDeniedDstDomain// > //ssl_bump bump all// > / > And sqiud version is > /Squid Cache: Version 3.5.3// > //Service Name: squid// > //configure options: '--with-openssl' '--enable-linux-netfilter' '--disable-ipv6' '--enable-icap-client' '--enable-ssl-crtd' '--prefix=/opt/squid' '--enable-external-acl-helpers=none' '--enable-auth-negotiate=none' '--enable-follow-x-forwarded-for' '--disable-auth-ntlm' '--disable-arch-native' '--enable-wccpv2' '--enable-snmp' 'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience/ Looks like all ok. > > Regards > > On 4/1/2015 12:34 PM, Yuri Voinov wrote: >> > What version of Squid you are using? > > 01.04.15 13:06, Yu-Hsuan Liao пишет: > > Hello Everyone, > > > I got 'ssl_error_bad_cert_domain' message from browser when I was trying > > to bump tw.bid.yahoo.com in transparent mode > > > I found that the certificate is signed to tw.otplogin.reg.yahoo.com, which > > should be signed to tw.bid.yahoo.com > > > but for now I can't bypass using the following configure: > > > acl yahoo_url tw.otplogin.reg.yahoo.com tw.bid.yahoo.com > > ssl_bump none yahoo_url > > > yet everything is OK when I use forward proxy, the certificate is correct > > signed to tw.bid.yahoo.com > > > any ideas? > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > http://lists.squid-cache.org/listinfo/squid-users > >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVHArzAAoJENNXIZxhPexGuBsH/RYdXW7iKAbLz55Hfi/O7pJJ ouPIZ5Gf+ApP/Aopt7/W433Uf6vudDI+xRsLfbmlPa8rdp18+wczCCbTRr7PP3uv ULErMqaDdm5TEUTFXvR1i9XJt4I0zAcp9npRGGa4Xi9dVTQB5n7xCnL+freKT+KB mE7VVOSBq+yq8E2+7khNRS68B5bgvuhMWdh/2pbWNvT83zwSt692R/VPq7H8rkZY MDP8j19LaBeuvI9HIB8saPtQA0/0ptgvrwHNzTGHTPhYJJhaZsWWW35J+yj7U7Jh hy84Pm+/xzEdEaP0j2qReBU8D38XWYuYc8BOmRTOHI1gdf8Yep0sS28W8+7xiAQ= =S3+z -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
