On 6/8/21 7:36 AM, squ...@treenet.co.nz wrote:
> The way I think to approach it though is to start with the
> configuration parser.
That starting point does not compute for me. We do need to agree on how
to configure this feature, but parsing any resulting Squid configuration
ought to be very
Could you direct me to those scripts? Also, am I understanding
correctly that in this mode:
acl blocklist dstdomain ...
ssl_bump peek all
ssl_bump splice blocklist
ssl_bump terminate all
I will only need certs to display an error page from squid via ssl,
but unblocked domains should be just
On 2021-06-08 22:51, His Shadow wrote:
Greetings. I've been trying to make a patch for squid,
Code changes should be discussed on the squid-dev mailing list.
FWIW, we (Squid devs) have already discussed this functionality change
and I have a TODO list entry (far down sadly) of supporting
Greetings. I've been trying to make a patch for squid, so that it
could read client hello on connect requests and set the SNI without
using ssl_bump, as that requires generating certificates and is too
complicated for my needs. Here's the patch I've come up with. It seems
to be working, but I'm