[squid-dev] [PATCH] Validate server certificates without bumping
Tsantilas Christos
chtsanti at users.sourceforge.net
Wed Oct 1 16:17:18 UTC 2014
Hi all,
This patch add support for the "Validate server certificates without
bumping" use case described on the Peek and Splice wiki page:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
This patch send to the certificate validation helper the certificates
and errors found in SslBump3 step, even if the splicing mode selected.
In the case the validation helper found errors in certificates an error
page returned to the http client.
The SSL error forwarding is controlled by ACLs along these lines:
sslproxy_cert_error allow sslBoringErrors
sslproxy_cert_error allow serversWithInvalidCerts
sslproxy_cert_error deny all
This is a Measurement Factory project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-ssl_bump-err-t3.patch
Type: text/x-patch
Size: 16084 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20141001/89ba2bb4/attachment.bin>
More information about the squid-dev
mailing list