Hello,
Thanks to your answer Alex, https://ml-archives.squid-cache.org/squid-users/2025-May/027560.html our team is running a Squid with HTTPS transparent interception and requests rewrite to cache services since months. With recent OpenSSL v3 introduction in distributions like Debian 13, Python 3 requests or httpx modules (and probably soon more https client) now complains about missing AKID in squid mimic certificate with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier. We are investigating by adding logging to src/ssl/gadgets.cc and probably the ssl_bump sequence configured (step1/bump step2/stare step3/bump) prevents certificate generation to include these extensions. Does this hypothesis sound plausible? Is there a way to work-around this new issue thanks to configuration, or patching? Thank you in advance for your help Best regards, Yves From: Yves MARTIN Sent: Tuesday, May 27, 2025 4:37 PM To: [email protected] Subject: How to do transparent rewrite with https requests? Hello, My team expects to transparently rewrite requests through squid, replacing original URL/hostname by another target URL/host. Main objective is to redirect original HTTPS requests triggered by "docker pull alpine" to a local mirrored registry without obvious information in user client that the obtained image comes from mirror: original image location is preserved, no specific proxy or mirror configuration in docker client/daemon to set. To do so, we have used squid-urlrewrite and it works well for HTTP request, even if rewrite targets HTTPS URL. But when original request is HTTPS, connection still goes to original URL/hostname IP address https://github.com/rchunping/squid-urlrewrite/issues/3 According to debug logs, the original request hostname is resolved to IP early and kept in internal context after squid-urlrewrite is invoked. Do you have recommendations how to implement such a rewrite? Any idea how to improve/fix current squid behavior? Thank you in advance for your help Best regards, Yves
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
