On 09/14/2015 10:53 AM, Steve Hill wrote: > If you peek at step 1 and bump at step 2, everything works correctly - > the CN, SAN, etc. from the original server certificate is copied into > the forged certificate as expected
OK, that matches http://wiki.squid-cache.org/Features/SslPeekAndSplice > If you bump at step 1, the forged certificate's CN is whatever > hostname/IP was given in the CONNECT request. That may not match the above documentation. We claim that "bump" establishes "a secure connection with the server and, using a mimicked server certificate, with the client". I would expect the origin server CN in the forged certificate then. We should change the documentation if bumping at step #1 does (and should do) something else. Another bug report to file? Alex. _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
