On Fri, 2016-11-04 at 17:43 +0500, Garri Djavadyan wrote: > I noticed that Squid doesn't use gathered domain name information for > %ru in access.log when splice action is performed at step 3 for > intercepted traffic. The format code ssl::>sni is available at both > steps. Below are examples used to verify the behavior using Squid > 3.5.22, but the results are same for Squid 4.0.16. > > The request used on client: > > $ curl https://www.openssl.org/ > /dev/null > > > The configuration for splice at step 2: > > # diff etc/squid.conf.default etc/squid.conf > 73a74,78 > > > > https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem > generate-host-certificates > > > > acl StepSplice at_step SslBump2 > > ssl_bump splice StepSplice > > ssl_bump peek all > > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru > > %[un > %Sh/%<a %mt %ssl::>sni > > > The result: > > 1478256091.609 1028 172.16.0.21 TAG_NONE/200 0 CONNECT > 104.124.119.14:443 - HIER_NONE/- - www.openssl.org > 1478256091.609 1026 172.16.0.21 TCP_TUNNEL/200 9807 CONNECT www.ope > ns > sl.org:443 - ORIGINAL_DST/104.124.119.14 - www.openssl.org > > > ----- > The configuration for splice at step 3: > > # diff etc/squid.conf.default etc/squid.conf > 73a74,78 > > > > https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem > generate-host-certificates > > > > acl StepSplice at_step SslBump3 > > ssl_bump splice StepSplice > > ssl_bump peek all > > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru > > %[un > %Sh/%<a %mt %ssl::>sni > > > The result: > 1478256303.420 574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT > 104.124.119.14:443 - ORIGINAL_DST/104.124.119.14 - www.openssl.org > > > Is it a bug or intended behavior? Thanks. > > Garri It prevents domain name identification when SNI is not provided by a client. For example: Request: $ echo -e "HEAD / HTTP/1.1\nHost: www.openssl.org\n\n" | openssl s_client -quiet -no_ign_eof -connect www.openssl.org:443 Config: # diff etc/squid.conf.default etc/squid.conf 73a74,78 > https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem generate-host-certificates > acl StepSplice at_step SslBump3 > ssl_bump splice StepSplice > ssl_bump peek all > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %ssl::>sni Result: 1478267428.070 347 172.16.0.21 TCP_TUNNEL/200 235 CONNECT 104.124.119.14:443 - ORIGINAL_DST/104.124.119.14 - - _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
