SSLBump+DynamicSSL was working for me in squid-3.2.0.5-20110329, I
built and tried 3.2.0.7 last night and it seems to present the spoofed
cert to the browser but the page never loads. Can anybody else verify
this behavior?
./configure --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3
--mandir=/usr/share/man --with-cppunit-basedir=/usr --enable-inline
--enable-async-io=8 --enable-storeio="ufs,aufs,diskd"
--enable-removal-policies="lru,heap" --enable-delay-pools
--enable-cache-digests --enable-underscores --enable-icap-client
--enable-follow-x-forwarded-for --enable-arp-acl --enable-esi
--disable-translation --with-logdir=/var/log/squid3
--with-pidfile=/var/run/squid3.pid --with-filedescriptors=65536
--with-large-files --with-default-user=proxy --enable-ssl
--enable-ssl-crtd --enable-ecap && make && sudo make install
#relevant portion of the squid.conf that works with squid-3.2.0.5-20110329
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/ssl_cert/will.lan.pem
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/ssl_db -M 4MB
sslcrtd_children 5
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
Received on Thu Apr 21 2011 - 02:51:11 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 22 2011 - 12:00:03 MDT