Hi,
I am able to intercept normal SSL connections using ssl_bump. How can I
pass on the client certificate to the server? I tried using cache_peer but
could not get it to work. Here is the conf :
acl myacl dstdomain myssldomain.com
cache_peer ssl.myssldomain.com parent 443 0 no-query proxy-only
originserver ssl sslcert=/home/certificates/cl2.crt
sslflags=DONT_VERIFY_PEER name=myssl
cache_peer_access myssl allow myacl
never_direct allow myacl
I have disabled always_direct :
#always_direct allow all
Ssl-bump config :
http_port 3128 ssl-bump generate-host-certificates=off
dynamic_cert_mem_cache_size=4MB cert=/home/certificates/server.crt
ssl_bump server-first all
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5
Any help in resolving this will be much appreciated.
Regards,
Shinoj.
Received on Mon Nov 18 2013 - 11:42:58 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 19 2013 - 12:00:04 MST