Re: [squid-users] Fwd: gmail.com certificate name mismatch

From: Douglas Davenport <doug1234_at_digcorp.net>
Date: Sun, 15 Jun 2014 14:31:34 -0400

Interesting, I thought bump server first solved this type of problem.
I wonder how is google serving different certs for gmail.com vs
mail.google.com at the same IP is this SNI. Is that something squid is
likely to support one day?

On Sun, Jun 15, 2014 at 6:57 AM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> This is one of the downsides of using ssl-bump.
> It's just bumps the IP first before the client and this is one of the side
> effects which happens and cannot be prevented for now due to the basic
> nature and structure of SSL.
>
> Eliezer
>
>
> On 06/13/2014 09:56 PM, Douglas Davenport wrote:
>>
>> I have squid 3.3.10 setup with sslbump working for all sites except
>> when a user tries to type in gmail.com. For some reason the browser
>> complains about certificate name mismatch. On examination the
>> generated cert is actually for mail.google.com. Apparently google is
>> redirecting buy why does this error happen only with sslbump. Anyone
>> else have this issue, workarounds?
>>
>> Thanks in advance!
>>
>
Received on Sun Jun 15 2014 - 18:32:03 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 16 2014 - 12:00:04 MDT