In the squid.conf.documented, it looks like I can log the server certificate as well as the client certificate....
# %ssl::>sni SSL client SNI sent to Squid
# %ssl::<cert_subject SSL server certificate DN
# %ssl::<cert_issuer SSL server certificate issuer DN
#
# %>{Header} HTTP request header "Header"
# %ssl::>sni SSL client SNI sent to Squid
# %ssl::<cert_subject SSL server certificate DN
# %ssl::<cert_issuer SSL server certificate issuer DN
#
# %>{Header} HTTP request header "Header"
On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier <michael.pelletier@xxxxxxxxxxxxxxxxxxxx> wrote:
Note the "<" instead of the ">"I misspoke. I am getting %ssl::>sni but not %ssl::<cert_subject or %ssl::<cert_issuer but then clients may not be sending certs out....The doc says is supports server certs but using %ssl::>cert_subject and %ssl::>cert_issuer. gives me a parse error....On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov <rousskov@measurement-factory.com > wrote:On 09/29/2016 04:50 PM, Michael Pelletier wrote:
> I am trying to log some data during the ssl flow.
> logformat custom ... %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer
>
> Yet I get nothing from any of the %ssl:: entries....
Do your users send certificates to Squid? If not, %ssl::>cert_subject
%ssl::>cert_issuer should be "-". These %codes are _not_ about the
origin server certificate.
ssl::>sni is only available during certain SslBump steps. Do you use
SslBump? If yes, do you get the corresponding CONNECT entries in your
access log (there should be more than one CONNECT per SSL connection
IIRC)? What are your ssl_bump rules?
Alex.
Disclaimer: Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
