On 18.05.2015 13:25, Amos Jeffries wrote:
I would have done it this way: acl block_whole_network dst_as 4837 deny_info errorpage block_whole_network http_access deny block_whole_network but this crashes squid ...Ouch. Is that the<http://bugs.squid-cache.org/show_bug.cgi?id=3579> crash?
yes, this crash;
I would like to fix that, but need the backtrace.
how would a generate the backtrace?
not really, with IPv4 it doesn't bring this warning - the CA cert using in squid is installed in both the FF certstoredoes it seem to be problematic, when having an TLS-server with an IPv6 address only without DNS, because of the comm name?That is a different issue entirely.yes and hoping no browser ever will accept a common name of just '*'Going by that description it seems Firefox and Chrome are a bit broken.IE, too;IE is doing the right thing in your description. That cert-with-IP warning is the correct / working behaviour.
and the windows system certstore (IE and Chrome use this)
The Firefox hang and Chrome "insecure" warning are the broken bits.
Walter
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
