On 2016-11-04 19:42, Amos Jeffries wrote:
On 5/11/2016 1:43 a.m., Garri Djavadyan wrote:
The configuration for splice at step 3:
# diff etc/squid.conf.default etc/squid.conf
73a74,78
https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem
generate-host-certificates
acl StepSplice at_step SslBump3
ssl_bump splice StepSplice
ssl_bump peek all
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un
%Sh/%<a %mt %ssl::>sni
The result:
1478256303.420 574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT
104.124.119.14:443 - ORIGINAL_DST/104.124.119.14 - www.openssl.org
Is it a bug or intended behavior? Thanks.
The person (Christos) who designed that behaviour is not reading this
mailing list very often.
Does it mean a bug report would have better chances to get noticed?
AFAIK, it depends on what the SubjectAltName field in the certificate
provided by 104.124.119.14 contains.
The SubjectAltName field's value in the certificate is:
Not Critical
DNS Name: www.openssl.org
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
