hi everyone,
i hope someone can help me :) i have this problem:
squid is running as a ssl transparent proxy, and at the moment it's receiving
all the traffic with these two iptables rules:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port
3130
so far no problem at all. everything works perfect ... but when i add any
simple acl to block a ssl website, i get this browser's error: ssl connection
error (ERR_SSL_PROTOCOL_ERROR)
also, if i try to run squid with the line currently commented in the conf
pasted below, i get a certificate error (domain mismatch) from the client.
http_port 3128 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy_matrix-
test_com.crt key=/usr/local/squid/ssl_cert/squid.key
acl broken_sites dstdomain google.it
ssl_bump none localnet
ssl_bump none broken_sites
#ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
(proxy_matrix-test_com.crt is signed by a recognized certification authority)
any ideas ?
thanks.
Received on Thu Feb 27 2014 - 18:13:57 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 28 2014 - 12:00:06 MST