-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 No. Can't get PTR. WU session initiated from IP 134.170.53.30, which has not PTR record. So, Squid gives 1459017040.855 488 192.168.100.103 NONE_ABORTED/200 0 CONNECT 134.170.53.30:443 - ORIGINAL_DST/134.170.53.30 - error whenever this ACL: acl BrokenButTrustedServers dstdomain "/usr/local/squid/etc/dstdom.broken" acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch sslproxy_cert_error deny all or sslproxy_cert_error allow all When I bypass all WU IP ranges on router with WCCP, WU works. But this is not an option, WU must be cached. So, I can't splice dst by IP with Squid 4.x, right? 26.03.16 23:25, Alex Rousskov пишет: > On 03/26/2016 04:53 AM, Yuri Voinov wrote: >> http://i.imgur.com/kxrOEVd.png >> >> How to suppress this? It stops WU right now. > > > Does the ssl::certDomainMismatch ACL work to bypass the > SQUID_X509_V_ERR_DOMAIN_MISMATCH error? > > If not, then just as a triage experiment (and not for production use!), > does the following bypass the SQUID_X509_V_ERR_DOMAIN_MISMATCH error? > > sslproxy_cert_error allow all > > > Alex. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW9tbTAAoJENNXIZxhPexGda4H+gKYABV8XUbtXVDDWuTz2xiC t4gWgw+6p6Z3DP1HZIomRiBY2lRZ0i2+lfnN8cQ1v27wRELEkj036hBYsuk/TaWz Ep9upN/L+0kTHLRe9a1iCEX6WlNKqfySQ4WVr/s2jmHmWzBD9QU0QZpshuCXLQe3 FBoydPuC/aKdRbofFDpciPrfWY3TH3ClyLkbuvrUdbzjur91XOoBwqBKaQa8E7AK mv67FTeLQFvFR0+xjBx1u4g8r2z2Ocg1udzf6DhByCMp8PTvGmeVgt61YBgPh0sJ GAJP19axg3yMuT7jvoBjWrKIpUMHPH3vnz3N9qjO71YfWicOchq+/3BHsO4Mi8M= =hFL8 -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
