On 5/09/2015 8:37 a.m., Stanford Prescott wrote: >> acl s1_tls_connect at_step SslBump1 >> acl s2_tls_client_hello at_step SslBump2 >> acl s3_tls_server_hello at_step SslBump3 >> >> acl tls_server_name_is_ip ssl::server_name_regex \ >> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n > > You have a letter 'n' on the end there is that intentional? > > It would seem so. I copied that from someone else's "peek-splice" > directives that they said worked well for them. The actual regex in the > perl script that writes squid.conf is *"print FILE "acl > tls_server_name_is_ip ssl::server_name_regex > ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$\n\n";*." Thats not right. The script is broken. The '$' in that position is an anchor on the pattern. Not a variable perl is interpreting it as. Not that a $ anchor would work, since the input contains a ":port" section. A better raw-IP pattern is: ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443 I think the main problem though is that the SNI support is not yet fully polished. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
