On 13/11/2015 8:12 a.m., Alex Rousskov wrote: > On 11/12/2015 11:31 AM, Tom Mowbray wrote: >> Here is the significant portion of our squid.conf: >> >> acl sslallow ssl::server_name "/path/to/file" >> ssl_bump peek all >> ssl_bump splice sslallow >> ssl_bump terminate all >> >> Most of the sites in acl sslallow work as expected...but some sites come >> back with a certificate error as described above, suggesting that they >> were "bumped" using our mimicked certificate. This behavior also isn't >> 100% reproducible...sometimes it works as expected, though it usually >> does not. I am wondering if this is all a misunderstanding of what happens when a peek is being done at step2 / server cert details ? I think this ordering better matches the policy: ssl_bump splice sslallow ssl_bump peek all ssl_bump terminate all Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
