Re: [squid-users] SSL bumping (again)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 12 Jul 2014 20:16:32 +1200

On 12/07/2014 7:33 p.m., Eugene M. Zheganin wrote:
> Hi.
>
> Squid-3.3.11
> FreeBSD 10.0-STABLE
>
> I've set up SSL bumping in order to deal with file uploading (actually
> to block file uploading for certain groups of users) via HTTPS.
> It works just fine for most of the HTTPS enabled sites, but with some
> Google sites I have a problem - browsers (FF for example) display an
> error - "www.youtube.com uses an invalid security certificate. The
> certificate does not come from a trusted source. (Error code:
> sec_error_inadequate_key_usage)".

Sounds like http://bugs.squid-cache.org/show_bug.cgi?id=3966

PS. 3.3 series will never get this fix. It is on the TODO list for a
3.4.7 porting attempt, but the volatile SSL-bump related infrastructure
in Squid in recent years makes it unlikely to succeed.

Amos
Received on Sat Jul 12 2014 - 08:16:55 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 14 2014 - 12:00:05 MDT