> I haven’t tried it but would using ssl::server_name_regex work to match
> IP=10.0.97.* work?
No, it should not work. When looking at SAN, Squid only looks at dNSName.
> Also I couldn’t find a way to capture ssl::server_name (that Squid
> builds as described in the “acl” directive doc) in the logs. Logformat
> directive has only some bits of ssl information.
Squid does not have a logformat %code that would always contain the same
name as the one examined by the ssl::server_name ACL. Moreover, since
ssl::server_name ACL examines different names (depending on the
evaluation timing/context), logging a single value at the end of the
transaction would not tell you what ssl::server_name ACL was dealing with.
Needless to say, it is possible to modify Squid to add ACL(s) that would
interrogate other SAN names and logformat %codes that would log SAN
dNSName and other server certificate details. Same for logging the
equivalent of the final ssl::server_name is also possible.