Hi
Opened a while ago, but no answer, if this problem is a (known) bug or
it's already solved with 3.5.6..?
Thanks for a answer.
Kind regards,
Tom
-- Forwarded message --
From: Tom Tom
Date: Tue, Jun 30, 2015 at 1:09 PM
Subject: Re: [squid-users] Squid 3.5.5 automatically
OK, it seems that CONNECT+SSL/TLS is really not supported yet...
So I use proxychains and allow_direct without cache_peer.
And things works:
--
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=www.google.com
* start date: 2015-07-06 07:17:41 GMT
* e
Some extra clue:
Cache log says:
--
2015/07/07 08:55:54 kid1| Accepting SSL bumped HTTP Socket connections
at local=[::]:3128 remote=[::] FD 23 flags=9
2015/07/07 08:55:55 kid1| storeLateRelease: released 0 objects
2015/07/07 08:55:57 kid1| assertion failed: PeerConnector.cc:116:
"peer->use_ss
Tried your config in my environment.
Although curl can get to the sites through privoxy, just like the log says:
--
1436230195.213432 ::1 TCP_TUNNEL/200 4146 CONNECT
www.google.com:443 - FIRSTUP_PARENT/127.0.0.1 -
--
But the certificate got is still the original one, not the fake one:
Thanks Amos,
i will test it!!
Le 06/07/2015 19:09, Amos Jeffries a écrit :
On 7/07/2015 4:49 a.m., David Touzeau wrote:
Dear
I'm using 3.5.5-20150528-r13841
After this error, the kid crash
How can fix this issue ?
Please try 3.5.6. If the problem persists you will need to run Squid
under gdb
On 7/07/2015 4:49 a.m., David Touzeau wrote:
> Dear
>
> I'm using 3.5.5-20150528-r13841
> After this error, the kid crash
> How can fix this issue ?
Please try 3.5.6. If the problem persists you will need to run Squid
under gdb and obtain a backtrace.
Amos
_
Dear
I'm using 3.5.5-20150528-r13841
After this error, the kid crash
How can fix this issue ?
2015/06/12 08:37:22 kid1| BUG 3279: HTTP reply without Date:
2015/06/12 08:37:22 kid1| StoreEntry->key: 9A3B8E1EFB517CD386A1CBF13E477C5B
2015/06/12 08:37:22 kid1| StoreEntry->next: 0
2015/06/12 08:37:2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I use 3.4 version. Yes, this is old directives.
3.5.x, on my opinion, don't do SSL Bump in NAT transparent interception
environment.
06.07.15 20:21, adam900710 пишет:
> 2015-07-06 22:05 GMT+08:00 Yuri Voinov :
>>
> My own solution in conjunction
2015-07-06 22:05 GMT+08:00 Yuri Voinov :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> My own solution in conjunction with Tor + Privoxy looks like this (Note:
> for Squid 3.4.13):
>
> # Tor acl
> acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
>
> # SSL bump rules
> sslproxy_ce
Great thanks,I'll try it later.
Thanks
2015年7月6日 22:06于 "Yuri Voinov" 写道:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> My own solution in conjunction with Tor + Privoxy looks like this (Note:
> for Squid 3.4.13):
>
> # Tor acl
> acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My own solution in conjunction with Tor + Privoxy looks like this (Note:
for Squid 3.4.13):
# Tor acl
acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
# SSL bump rules
sslproxy_cert_error allow all
ssl_bump none localhost
ssl_bump none url
Thank You Amos ... with a little trial and error I got it right.
Danny
On Jul 04 15, Amos Jeffries :
> To: squid-users@lists.squid-cache.org
> Date: Sat, 04 Jul 2015 03:35:23 +1200
> From: Amos Jeffries
> Subject: Re: [squid-users] reply_body_max_size question
> User-Agent: Mozilla/5.0 (Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And finally:
HTTPS is used for malware transmission - and we can't scan it!, for porn
viewing, for illegal P2P traffic and others.
And we are the paladines in white robes.
06.07.15 19:34, adam900710 пишет:
> 2015-07-06 20:06 GMT+08:00 Amos Jeffr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And also:
As long as you stay in the white robes, the whole world supports the
illusion of security HTTPS. The world has changed in the eyes of the
past three years. And by the way, your branch 3.4 has long been used in
commercial solutions. Doing
2015-07-06 20:06 GMT+08:00 Amos Jeffries :
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a lot of sites I can't access.
>>
>> 2) Use local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
On 6/07/2015 9:30 p.m., adam900710 wrote:
>
> Here is some of my experiments:
> 1) Remove "never_direct"
> Then ssl_bump works as expected, but all traffic doesn't goes through
> the SOCKS5 proxy. So a lot of sites I can't access.
>
> 2) Use local 8118 proxy
> That works fine without any problem,
Forgot some extra infomation:
squid build info:
---
Squid Cache: Version 3.5.5
Service Name: squid
configure options: '--prefix=/usr' '--sbindir=/usr/bin'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid' '--localstatedir=/var'
'--with-logdir=/var/log/squid' '--w
Hi all,
I tried to build a ssl bumping proxy with up level proxy, but client
failed to connect like the following.
The error:
---
$ curl https://www.google.co.jp - -k
* Rebuilt URL to: https://www.google.co.jp/
* Trying ::1...
* Connected to localhost (::1) port 3128 (#0)
* Establish HTTP pro
20 matches
Mail list logo
