Hi squid-users, I have to use squid in a very uncommon way, here it is: 1. Configure squid to be a https tproxy proxy; 2. For some https server IPs , configure squid to send the client browser certificates which signed by some specific root CAs; 3. For other https server IPs, configure squid to send client browser certificates which signed by default root CA; Here is part of my squid.conf: #default root CA for default https servers https_port 443 tproxy ssl-bump cert=/usr/local/squid/server.crt key=/usr/local/squid/server.key version=1 generate-host-certificates=on #for special server baidu.com https_port 180.97.33.107:443 tproxy ssl-bump cert=/usr/local/squid/server_baidu.crt key=/usr/local/squid/server_baidu.key version=1 generate-host-certificates=on https_port 180.97.33.108:443 tproxy ssl-bump cert=/usr/local/squid//server_baidu.crt key=/usr/local/squid/server_baidu.key version=1 generate-host-certificates=on The problem is if I configure squid like this, the line2 and line3 will never work; If I switch line1 with line2 and line3(put line2 and line3 at the above of line 1 in squid.conf), then only line2 and line3 will get its chance to work, line1 will not work.
From the screenshot , you can see that when I use “squid –k parse” to check squid.conf, it shows that it will initialize three SSL context, but if you check the port, only the first SSL context is initialized. Any help will be appreciated! Horise Hou |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
