[squid-users] getting https pages from peer on ssl-bump mode

From: Oguz Yilmaz <oguzyilmazlist_at_gmail.com>
Date: Sun, 7 Oct 2012 15:16:34 +0300

I am trying with ssl-bump. I am using squid 3.1.21.

First of all I got the CANNOT FORWARD error page. When I debug I found:

2012/10/07 14:27:49.380| fwdConnectStart: Ssl bumped connections
through parrent proxy are not allowed
2012/10/07 14:27:49.380| forward.cc(286) fail: ERR_CANNOT_FORWARD
"Service Unavailable"

Then, I added always_direct rule and reached to https site.

acl HTTPS proto HTTPS
always_direct allow HTTPS

According to message above and a reply from Amos in another thread,
squid stopped getting https over peers, because "it does not again
encrypt ssl connection for the peer". Capability of getting https
pages over peers was previous behaviour and I did not understand why
squid does not get pages from peers instead of direct? I assume it is
about software architecture.

Is this the current situation(3.HEAD). Are there any project to
implement getting SSL pages over peers? Because this mode obligate me
to choose between:
a- do https filtering in squid and does not forward https to
dansguardian (I use https domain name filtering on dg)
b- dont do https filtering and continue with https domain name
filtering on dansguardian.

2012/10/07 14:35:50.142| peerSelectCallback: https://www.haberturk.com/
2012/10/07 14:35:50.142| Failed to select source for
'https://www.haberturk.com/'
2012/10/07 14:35:50.142| always_direct = -1
2012/10/07 14:35:50.142| never_direct = 0
2012/10/07 14:35:50.142| timedout = 0
2012/10/07 14:35:50.142| fwdStartComplete: https://www.haberturk.com/
2012/10/07 14:35:50.142| fwdStartFail: https://www.haberturk.com/
2012/10/07 14:35:50.142| forward.cc(286) fail: ERR_CANNOT_FORWARD
"Service Unavailable"
        https://www.haberturk.com/
2012/10/07 14:35:50.142| StoreEntry::unlock: key
'31F6E0CCC4924D82F5F0070DE9555597' count=2
2012/10/07 14:35:50.142| FilledChecklist.cc(168) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x91502d0
2012/10/07 14:35:50.142| ACLChecklist::~ACLChecklist: destroyed 0x91502d0
2012/10/07 14:35:50.142| forward.cc(164) ~FwdState: FwdState destructor starting
2012/10/07 14:35:50.142| Creating an error page for entry 0x9152990
with errorstate 0x91504a0 page id 13
2012/10/07 14:35:50.142| StoreEntry::lock: key
'31F6E0CCC4924D82F5F0070DE9555597' count=3
2012/10/07 14:35:50.142| errorpage.cc(1075) BuildContent: No existing
error page language negotiated for ERR_CANNOT_FORWARD. Using default
error file.

Best Regards,

--
Oguz YILMAZ
Received on Sun Oct 07 2012 - 12:17:02 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 08 2012 - 12:00:02 MDT