Thanks for catching that regex error. I will change it to what you suggest.
SNI not providing the needed server info would explain the problem I guess I will just wait for any improvements to the SNI acl. Stan On Fri, Sep 4, 2015 at 3:59 PM, Amos Jeffries <[email protected]> wrote: > On 5/09/2015 8:37 a.m., Stanford Prescott wrote: > >> acl s1_tls_connect at_step SslBump1 > >> acl s2_tls_client_hello at_step SslBump2 > >> acl s3_tls_server_hello at_step SslBump3 > >> > >> acl tls_server_name_is_ip ssl::server_name_regex \ > >> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n > > > > You have a letter 'n' on the end there is that intentional? > > > > It would seem so. I copied that from someone else's "peek-splice" > > directives that they said worked well for them. The actual regex in the > > perl script that writes squid.conf is *"print FILE "acl > > tls_server_name_is_ip ssl::server_name_regex > > ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$\n\n";*." > > Thats not right. The script is broken. > > The '$' in that position is an anchor on the pattern. Not a variable > perl is interpreting it as. > > Not that a $ anchor would work, since the input contains a ":port" section. > > A better raw-IP pattern is: > > > ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443 > > > I think the main problem though is that the SNI support is not yet fully > polished. > > Amos >
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
