Hi, what does "PeerSelector186 found pinned, destination" that appears in the
Squid log mean?
The log is as follows??
####################################
2023/09/20 15:49:57.086 kid1| 28,3| Checklist.cc(62) markFinished: 0x30798c8
answer ALLOWED for match
2023/09/20 15:49:57.086 kid1| 28,3| Checklist.cc(162) checkCallback:
ACLChecklist::checkCallback: 0x30798c8 answer=ALLOWED
2023/09/20 15:49:57.086 kid1| 44,3| peer_select.cc(373) checkAlwaysDirectDone:
ALLOWED
2023/09/20 15:49:57.086 kid1| 44,3| peer_select.cc(379) checkAlwaysDirectDone:
direct = DIRECT_YES (always_direct allow)
2023/09/20 15:49:57.086 kid1| 44,7| peer_select.cc(1153) interestedInitiator:
PeerSelector186
2023/09/20 15:49:57.086 kid1| 44,3| peer_select.cc(612) selectMore: GET
my.local.web
2023/09/20 15:49:57.086 kid1| 44,3| peer_select.cc(1102) addSelection: adding
PINNED#my.local.web
2023/09/20 15:49:57.086 kid1| 44,3| peer_select.cc(1102) addSelection: adding
HIER_DIRECT#my.local.web
2023/09/20 15:49:57.086 kid1| 44,7| peer_select.cc(1153) interestedInitiator:
PeerSelector186
2023/09/20 15:49:57.086 kid1| 24,7| SBuf.cc(202) append: from c-string to id
SBuf79918
2023/09/20 15:49:57.086 kid1| 24,7| SBuf.cc(160) rawSpace: reserving 71 for
SBuf79918
2023/09/20 15:49:57.086 kid1| 24,7| SBuf.cc(859) reAlloc: SBuf79918 new store
capacity: 128
2023/09/20 15:49:57.086 kid1| 44,2| peer_select.cc(1176) handlePath:
PeerSelector186 found pinned, destination #1 for https://my.local.web
#########################################################################################
The destination address https://my.local.web in this log is returned by
URL-Rewrite, rewrite-url=https://my.local.web, which is a local web service of
mine.But it failed directly after peer_select. I think this should be related
to ssl-bump. My decryption configuration is roughly as follows.
The strange thing is that as long as I comment these two lines,
#acl step1 at_step SslBump1
#ssl_bump peek step1 all
the pinned destination disappears and the access is successful,why?
I think this might be a squid bug?
##follows is ssl-bump config################
http_port 3126 intercept
https_port 3129 intercept ssl-bump generate-host-certificates=on
options=NO_SSLv3 tls-min-version=1.2 dynamic_cert_mem_cache_size=4MB
tls-cert=/os/usr/local/proxy/etc/cert.pem
http_port 3128 ssl-bump generate-host-certificates=on options=NO_SSLv3
tls-min-version=1.2 dynamic_cert_mem_cache_size=4MB
tls-cert=/usr/local/proxy/etc/cert.pem
acl step1 at_step SslBump1
sslcrtd_program /os/usr/local/proxy/libexec/security_file_certgen -s
/usr/local/proxy/var/lib/ssl_db -M 4MB
sslcrtd_children 5
ssl_bump peek step1 all
ssl_bump splice white_list
ssl_bump bump bump_domain
ssl_bump bump all
http_access allow all
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
