Hello List,
This is my situation:
squid3.4.4 on Debian compiled from source (with options --enable-ssl and
--enable-ssl-crtd)
It works quite well.
Now, I'm trying to create a list of "ssl whitelisted" sites, using the ssl_bump feature and following:
http://wiki.squid-cache.org/Features/SslBump
With some sites added to this list (like Google, Hotmail, etc) the certificate presented to the client isn't the original one but the created by squid.
It happens with some sites, particularly these. There are other that is OK.
Have you folks go through these issues?
Below is my squid.conf setting regarding to this. Thanks in advance!
http_port 3129
http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=256MB cert=/etc/squid3/certs/ssl/public.pem key=/etc/squid3/certs/ssl/private.pem
## --\
acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl"
#acl broken_sites dstdomain .cisco.com .virustotal.com .mail-archive.com .facebook.com
always_direct allow broken_sites
ssl_bump none localhost
ssl_bump none broken_sites
#ssl_bump server-first !broken_sites
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all
Received on Thu May 01 2014 - 21:21:14 MDT
This archive was generated by hypermail 2.2.0 : Fri May 02 2014 - 12:00:03 MDT