Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing
websites.
First, get the fingerprint :
openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl
x509 -fingerprint -noout
# Build the acl
acl TestFinger server_cert_fingerprint
77:F6:8D:C1:0A:DF:94:8B:43:1F:8E:0E:91:5E:0C:32:42:8B:99:C9
# I want squid to not bump this fingerprint.
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
But browsing on the website still receive squid certificate and not the
original one.
Seems TestFinger Acls did not matches in any case
Did i'm wrong somewhere ?
Regards.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
