Re: [squid-users] Is there a way on client to show proxy's certificate?

On 24/12/19 3:47 pm, GeorgeShen wrote: > > >> No. You receive a server cert and the CA chain required to validate that >> server cert. >> >> Stop thinking of certs as belonging to the proxy. It seems to be >> confusing you. All 3 certs can be called "the proxy's certs" and yet >> none of them is

Re: [squid-users] Is there a way on client to show proxy's certificate?

>That is saying the "ssl-bump" flag requires "intercept" on that port >directive. > >SSL-Bump is intercepting the TLS layer. It makes no sense for a client >to explicitly open TCP connections to Squid when trying to perform TLS >with a different server elsewhere. but my proxy's purpose is to do t

Re: [squid-users] Is there a way on client to show proxy's certificate?

>No. You receive a server cert and the CA chain required to validate that >server cert. > >Stop thinking of certs as belonging to the proxy. It seems to be >confusing you. All 3 certs can be called "the proxy's certs" and yet >none of them is a "proxy cert" in TLS definitions. Amos, but those t

Re: [squid-users] Is there a way on client to show proxy's certificate?

On 24/12/19 7:55 am, GeorgeShen wrote: > >>> actually doing "openssl s_client -proxy 192.168.1.35:3129 -connect >>> -showcerts ", >>> noticed two of the three certs from that display is from the proxy server >>> I >>> think. the first one >>> is the modified host cert. maybe that's the way to get

Re: [squid-users] Is there a way on client to show proxy's certificate?

>> actually doing "openssl s_client -proxy 192.168.1.35:3129 -connect >> -showcerts ", >> noticed two of the three certs from that display is from the proxy server >> I >> think. the first one >> is the modified host cert. maybe that's the way to get proxy server's >> certs. >> >You are using S

Re: [squid-users] squid log responce time %6tr or %tr ?

On 12/22/19 5:53 AM, Ahmad Alzaeem wrote: > im confused on why default response time configured as %6tr not %tr Many Squid developers look at raw access logs. I suspect early Squid developers wanted to first (or "left") access.log fields at a semi-fixed position. Making most response time entries

Re: [squid-users] c-icap documentation getting stuck

On Sat, Dec 21, 2019 at 7:42 PM robert k Wild wrote: > > WARNING Bad configuration keyword: enable_libarchive 0 > WARNING Bad configuration keyword: banmaxsize 2M You're probably running an outdated squidclamav. ___ squid-users mailing list squid-users@

Re: [squid-users] Is there a way on client to show proxy's certificate?

On 23/12/19 7:26 pm, GeorgeShen wrote: >> this is http port, speaking http. This is not a https port, so you can't >> speak https to it. The difference between 3128 and 3129 is, when you issue >> CONNECT request to 3129, squid tries to communicate using SSL as if it was >> the destination server