I have a transparent proxy in place. My conf is as this, recommended by squid here :
acl allowed_sites dstdomain "/etc/squid/allowed_sites"
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice allowed_sites
ssl_bump stare all
with my allowed_sites as:
.youtube.com
But when I'm browsing www.youtube.com, bump took place , the certificate is one that was created on my squid server, something that I don't want as this website is included in my "allowed_sites" list, and then should be splice, not bump.
I also tried with no luck:
acl allowed_sites dstdomain "/etc/squid/allowed_sites"
ssl_bump splice allowed_sites
ssl_bump peek all
ssl_bump bump all
Where is my mistake ?
Okay well, I had to change my acl from:
acl allowed_sites dstdomain "/etc/squid/allowed_sites"
to:
acl allowed_sites ssl::server_name "/etc/squid/allowed_sites"
Realised my mistake thanks to this acl directive documentation
I set the logs to debug in my squid.conf with debug_options ALL,3 and then I realised I didn't have match when I was opening youtube and tailing on my cache file with tail -f cache.log | grep 'allowed_sites ' (allowed_sites being my acl name).
So after digging I realised the root cause.
In cache.log I realised that I had to use something that was not checking the "dst" but the SNI of the certifcate received:
Handshake.cc(542) parseSniExtension: host_name=www.youtube.com
And the only reference in acl about SNI is the acl_type named ssl::server_name