hay mate,
as far as my testings took me, you need to have the certificate installed on your client; to avoid any possible errors.
also, bump server first.
B.R.
Mohammad
From: "Markey, Bruce" <bmarkey@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: 'Amos Jeffries' <squid3@xxxxxxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, April 19, 2016 6:43 PM
Subject: Re: Two questions regarding ssl_bump and peek/splice.
Gotcha.
I should have been clear about the cert authority error, I'm getting that in client browsers for some https sites. It seems random as to which ones.
Bruce Markey | Network Security Analyst
STEINMAN COMMUNICATIONS
717.291.8758 (o) | bmarkey@xxxxxxxxxxxxxxxxxxxxxxxxxx
8 West King St | PO Box 1328, Lancaster, PA 17608-1328
-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries
Sent: Tuesday, April 19, 2016 10:41 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Two questions regarding ssl_bump and peek/splice.
On 20/04/2016 1:16 a.m., Markey, Bruce wrote:
> Can anyone point me to a deep dive or something like that about how
> ssl_bump and peek/splice etc work? The more technical the better. I
> don't want to ask a ton of questions about some of the errors I'm
> getting without fully understanding what is going on.
The most technical you can get is to read the code itself. Second best would be <http://wiki.squid-cache.org/Features/SslPeekAndSplice>.
>
> I currently have squid working almost the way I want it, with just a
> few remaining issues. One of them being is that with ssl sites I seem
> to get a lot of "not private, cert authority" messages then I
> have to add that site to an acl to not be bumped. Regarding my
> first question, I want to understand why.
Odd. Neither OpenSSL nor Squid produce a message saying that.
>
> My second question I think is a quickie. Can you run 2 log files?
> Reason being is that I use squidanalyzer and it only reads the
> standard log format. But there are better log formats for what I'm
> doing. I'd like to keep dual logs while I work on my own analyzer
> that reads that log file. You can see the logformat line commented
> out along with some other log lines.
>
Yes. Just put multiple access_log lines in. One for each file/output you want.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
