On 09/15/2015 04:11 AM, Amos Jeffries wrote: > On 15/09/2015 6:23 a.m., Alex Rousskov wrote: >> On 09/14/2015 10:53 AM, Steve Hill wrote: >> >>> If you peek at step 1 and bump at step 2, everything works correctly - >>> the CN, SAN, etc. from the original server certificate is copied into >>> the forged certificate as expected >> >> OK, that matches http://wiki.squid-cache.org/Features/SslPeekAndSplice >> >> >>> If you bump at step 1, the forged certificate's CN is whatever >>> hostname/IP was given in the CONNECT request. >> >> >> That may not match the above documentation. We claim that "bump" >> establishes "a secure connection with the server and, using a mimicked >> server certificate, with the client". I would expect the origin server >> CN in the forged certificate then. We should change the documentation if >> bumping at step #1 does (and should do) something else. Another bug >> report to file?
> Only if the origin server is responding with some other CN values than > is in the mimic'd certificate. AFAICT, that is exactly what Steve is alleging. Alex. _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
