On 24/01/2017 3:38 p.m., Mustafa Mohammad wrote:
> By regression...I mean our QA testing server. Let me explain this in
> detail: I have a squid proxy running which is needed to connect to the
> server so we can get back if the transaction was approved or not. It is a
> point of sale application th
> On Mon, 2017-01-23 at 19:54 -0700, Alex Rousskov wrote:
>> On 01/23/2017 04:28 PM, David Touzeau wrote:
>>>
>>> ssl_bump peek ssl_step1
>>> ssl_bump splice all
>>>
>>> sslproxy_flags DONT_VERIFY_PEER
>>> sslproxy_cert_error allow all
>>
>>>
>>> When connecting to mozilla.org using transparent, we
On Mon, 2017-01-23 at 19:54 -0700, Alex Rousskov wrote:
> On 01/23/2017 04:28 PM, David Touzeau wrote:
> >
> > ssl_bump peek ssl_step1
> > ssl_bump splice all
> >
> > sslproxy_flags DONT_VERIFY_PEER
> > sslproxy_cert_error allow all
>
> >
> > When connecting to mozilla.org using transparent, we
On 01/23/2017 04:28 PM, David Touzeau wrote:
> ssl_bump peek ssl_step1
> ssl_bump splice all
>
> sslproxy_flags DONT_VERIFY_PEER
> sslproxy_cert_error allow all
> When connecting to mozilla.org using transparent, we receive this error:
>
> * About to connect() to www.mozilla.org port 443 (#0)
>
By regression...I mean our QA testing server. Let me explain this in
detail: I have a squid proxy running which is needed to connect to the
server so we can get back if the transaction was approved or not. It is a
point of sale application that send transaction data to the server to
receive respons
On 24/01/2017 2:11 p.m., David Touzeau wrote:
> De : Amos Jeffries
>
> On 24/01/2017 12:28 p.m., David Touzeau wrote:
>> Same issue with https://www.digitalocean.com/ is somebody did not
>> encounter the issue using Squid in transparent mode with SSL ??
>>
>
> The TLS / HTTP Senvironment is in t
On 23/01/2017 12:08 p.m., senor wrote:
> Hello all,
> Is the use of dynamic_cert_mem_cache_size=SIZE on the http_port
> directive any different with and without using sslcrtd_program?
>
As far as I'm aware they are different. But Squid passes some of the
prot parameters to the helper, and with SM
[ Please reply to the list, not to me personally. ]
On 24/01/2017 11:54 a.m., Mustafa Mohammad wrote:
> I'm using 3.5.23 version. My problem is that I'm trying to hit our
> regression server and after doing research, I found that SSL bump might
> work for me but I'm not sure.
We (the squid-users
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de Amos Jeffries
Envoyé : mardi 24 janvier 2017 01:01
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent
SSL23_GET_SERVER_HELLO:unknown protocol
On 24/01/2
I didn't expected it but it happens to the best of us and the tools used the
drbl-peer library that has a very huge memory leak that was found in a
production environment(more then 10k queries per second).
I fixed the library and I will publish the new and updated binaries for the
squid external
On 01/23/2017 03:59 PM, Amos Jeffries wrote:
> On 24/01/2017 8:22 a.m., Yuri Voinov wrote:
>> 24.01.2017 0:06, Alex Rousskov пишет:
>>> FWIW, IMO, storing the generated fake certificates in the regular Squid
>>> cache would also be better than using an OpenSSL-administered database.
>> Exactly.
>
On 24/01/2017 12:28 p.m., David Touzeau wrote:
> Same issue with https://www.digitalocean.com/
> is somebody did not encounter the issue using Squid in transparent mode with
> SSL ??
>
The TLS / HTTP Senvironment is in the process of stabilizing, but still
quite volatile.
Since the error messag
Same issue with https://www.digitalocean.com/
is somebody did not encounter the issue using Squid in transparent mode with
SSL ??
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part
de David Touzeau
Envoyé : dimanche 22 janvier 2017 19:49
À
On 24/01/2017 7:06 a.m., Marcus Kool wrote:
>
>
> On 23/01/17 15:31, Alex Rousskov wrote:
>> On 01/23/2017 04:28 AM, Yuri wrote:
>>
>>> 1. How does it work?
>>
>> My response below and the following commit message might answer some of
>> your questions:
>>
>> http://bazaar.launchpad.net/~squi
On 24/01/2017 8:22 a.m., Yuri Voinov wrote:
>
>
> 24.01.2017 0:06, Alex Rousskov пишет:
>> On 01/23/2017 10:41 AM, Yuri Voinov wrote:
>>> 23.01.2017 23:31, Alex Rousskov пишет:
On 01/23/2017 04:28 AM, Yuri wrote:
>>
> 2. How this feature is related to sslproxy_foreign_intermediate_certs,
On 24/01/2017 3:58 a.m., FUSTE Emmanuel wrote:
>
> All was carefully checked and nothing in my configuration (acl etc ...)
> explain why Squid insist to do DNS requests for requests forwarded to
> the peer(s).
>
>
> #bug #4575
> url_rewrite_extras XXX
> store_id_extras XXX
I dont think that
On 24/01/2017 11:27 a.m., Mustafa Mohammad wrote:
> I'm trying to enable ssl bump but it says that
> FATAL: No valid signing SSL certificate configured for HTTP_port [::]:the
> port I'm listening on. I did a lot of research and I couldn't find the
> answer. Any help would be deeply appreciated.
>
I'm trying to enable ssl bump but it says that
FATAL: No valid signing SSL certificate configured for HTTP_port [::]:the
port I'm listening on. I did a lot of research and I couldn't find the
answer. Any help would be deeply appreciated.
Thanks,
Mustafa Mohammad
___
On 01/23/2017 12:18 PM, Alexander wrote:
> 2017-01-23 21:41 GMT+03:00 Alex Rousskov:
> It is possible that Squid needs a knob to handle your use
> case differently. However, I am pretty sure that somebody does want
> Squid to do what it does know so we should not change Squid behavior
24.01.2017 2:25, Marcus Kool пишет:
>
>
> On 23/01/17 17:23, Yuri Voinov wrote:
> [snip]
>
>>> I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659
>>> a week ago but there has not been any activity.
>>> Is there someone who has sslproxy_foreign_intermediate_certs
>>> working in
On 23/01/17 17:23, Yuri Voinov wrote:
[snip]
I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659
a week ago but there has not been any activity.
Is there someone who has sslproxy_foreign_intermediate_certs
working in Squid 4.0.17 ?
Seems works as by as in 3.5.x. As I can see
24.01.2017 0:06, Marcus Kool пишет:
>
>
> On 23/01/17 15:31, Alex Rousskov wrote:
>> On 01/23/2017 04:28 AM, Yuri wrote:
>>
>>> 1. How does it work?
>>
>> My response below and the following commit message might answer some of
>> your questions:
>>
>> http://bazaar.launchpad.net/~squid/squid/
24.01.2017 0:06, Alex Rousskov пишет:
> On 01/23/2017 10:41 AM, Yuri Voinov wrote:
>> 23.01.2017 23:31, Alex Rousskov пишет:
>>> On 01/23/2017 04:28 AM, Yuri wrote:
I.e., where downloaded certs stored, how it
handles, does it saves anywhere to disk?
>>> Missing certificates are fetched
2017-01-23 21:41 GMT+03:00 Alex Rousskov :
>
> Needless to say, your specific needs may differ from that general
> principle. It is possible that Squid needs a knob to handle your use
> case differently. However, I am pretty sure that somebody does want
> Squid to do what it does know so we should
On 01/23/2017 11:11 AM, Alexander wrote:
> Actually, a PASV-handling logic looks a bit strange to me. In
> Ftp::Server::handlePasvReply() there is a comment:
>
> "In interception setups, we combine remote server address with a local port
> number and hope that traffic will be redirected to us."
>
On 01/23/2017 03:11 AM, Alexander wrote:
> 3. Squid opens a local port and sends it back to client via the "Entering
> passive mode" reply. Seems to be ok, but a client sees a real server's IP
> address, not a squid's one. So when a client tries to connect to a server,
> it gets ECONNREFUSED becau
Actually, a PASV-handling logic looks a bit strange to me. In
Ftp::Server::handlePasvReply() there is a comment:
"In interception setups, we combine remote server address with a local port
number and hope that traffic will be redirected to us."
How is it supposed to work? A client receives server
On 01/23/2017 10:41 AM, Yuri Voinov wrote:
> 23.01.2017 23:31, Alex Rousskov пишет:
>> On 01/23/2017 04:28 AM, Yuri wrote:
>>> I.e., where downloaded certs stored, how it
>>> handles, does it saves anywhere to disk?
>> Missing certificates are fetched using HTTP[S]. Certificate responses
>> should
On 23/01/17 15:31, Alex Rousskov wrote:
On 01/23/2017 04:28 AM, Yuri wrote:
1. How does it work?
My response below and the following commit message might answer some of
your questions:
http://bazaar.launchpad.net/~squid/squid/5/revision/14769
This seems that the feature only goes to
23.01.2017 23:31, Alex Rousskov пишет:
> On 01/23/2017 04:28 AM, Yuri wrote:
>
>> 1. How does it work?
> My response below and the following commit message might answer some of
> your questions:
>
> http://bazaar.launchpad.net/~squid/squid/5/revision/14769
>
>> I.e., where downloaded certs s
On 01/23/2017 04:28 AM, Yuri wrote:
> 1. How does it work?
My response below and the following commit message might answer some of
your questions:
http://bazaar.launchpad.net/~squid/squid/5/revision/14769
> I.e., where downloaded certs stored, how it
> handles, does it saves anywhere to di
Hello,
I'm in a context where I have a lot of Squid installation without direct
internet access.
All queries are forwarded to an Internet connected peer.
Recently, I migrate my old 2.x Squid to 3.x and take responsibility for
some other 3.x existing installations.
- my Debian based Squid 3.4.8
Hello all,
I have a strange problem where some TLS connections are delayed by 30
seconds when going through my transparent proxy with WCCP. This occurs
typically with sites behind Cloudflare (for example,
https://www.wireshark.org). No problem for Google websites for example.
I only want to
Hi, gents.
I have some stupid questions about subject.
1. How does it work? I.e., where downloaded certs stored, how it
handles, does it saves anywhere to disk? Because of this feature is
completely undocumented and it did not follow from the source code.
2. How this feature is related to ss
Just tried it out with REDIRECT rule. Still no luck, but now Filezilla client
reports ECONNREFUSED error. I do not see any critical errors in squid's
output, however the following thing is suspicious:
2017/01/20 19:10:11.604| 33,3| FtpServer.cc(1655) checkDataConnPost: missing
client data conn:
2
35 matches
Mail list logo
