Re: [squid-users] SSL_bump ACL for destdomain

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Tue, 04 Feb 2014 09:00:06 -0700

On 02/04/2014 03:34 AM, Yury Paykov wrote:

> MY QUESTION IS - Is there a way to use CN information from server
> certificate which is retrieved with /server-first/ method? Can I construct
> an ACL rule based on it?

Yes, but only after Peek and Splice project is finished. And, as
discussed on that project wiki page, learning CN while still being able
to splice the connection later often requires that you refuse to bump
the connection (you can still terminate it at TCP level after learning
CN, of course).

Cheers,

Alex.
Received on Tue Feb 04 2014 - 16:00:36 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 04 2014 - 12:00:04 MST