Search squid archive

Re: question about ssl_bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/09/2016 08:38 PM, Alex Samad wrote:
>>> I am not sure how haveServerName is constructed


>> It is up to the Squid admin.


> I'm the squid admin. I am presuming maybe wrongly that this is test to
> see if squid has worked out a serverName.


Yeah. Ideally, haveServerName should match when and only when
serverIsBank will never match even if Squid keeps peeking further. And
what _that_ means, exactly, depends on serverIsBank (which is determined
by the admin to be whatever the admin needs it to be).

In a simple case, serverIsBank could be a ssl::server_name test for a
specific domain name and haveServerName could be a test for "any other
domain name". The real serverIsBank/haveServerName ACLs tend to be very
complex (containing many simple ACLs, external ACL tests, etc.).

I do not claim that it is easy or even possible to construct an ideal
haveServerName using the existing ACL building blocks, but folks usually
find ways to at least approximate it.

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux