[squid-users] intercepting SSL connections with client certificate

From: Shinoj Gangadharan <sgangadharan_at_wavecrest.gi>
Date: Mon, 18 Nov 2013 17:12:49 +0530

Hi,

I am able to intercept normal SSL connections using ssl_bump. How can I
pass on the client certificate to the server? I tried using cache_peer but
could not get it to work. Here is the conf :

acl myacl dstdomain myssldomain.com

cache_peer ssl.myssldomain.com parent 443 0 no-query proxy-only
originserver ssl sslcert=/home/certificates/cl2.crt
sslflags=DONT_VERIFY_PEER name=myssl
cache_peer_access myssl allow myacl
never_direct allow myacl

I have disabled always_direct :

#always_direct allow all

Ssl-bump config :

http_port 3128 ssl-bump generate-host-certificates=off
dynamic_cert_mem_cache_size=4MB cert=/home/certificates/server.crt

ssl_bump server-first all

sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5

Any help in resolving this will be much appreciated.

Regards,
Shinoj.
Received on Mon Nov 18 2013 - 11:42:58 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 19 2013 - 12:00:04 MST