On 04/02/2012 11:05 PM, Henrik Nordström wrote: > mån 2012-04-02 klockan 21:14 +0200 skrev Santiago Garcia Mantinan: > >> The thing I'd like to do and I haven't seen how to do with current squid, is >> to allow transparent proxy of incoming https connections based on this >> Server Name Indication. Maybe I missed this and it is already implemented, >> but if this is not yet implemented I'd like to know if you'd like me to >> implement it and how would you like it to be implemented and on which squid >> code. > > I am not aware of any Squid implementation of SNI parsing to extract the > requested host.
Currently squid sets the SNI extension when connects to the remote SSL server. But it is not uses SNI for incomming SSL connections... Regards, Christos > > You are very welcome to try to implement SNI identification. > Implementation is preferably done to Squid-3 bzr trunk, but it's OK to > base changes on Squid-3.2 as well. This is closely related to sslbump > and there have been significant changes to sslbump in 3.2. > > > > >
