[squid-dev] [PATCH] Validate server certificates without bumping

Tsantilas Christos chtsanti at users.sourceforge.net
Wed Oct 1 16:17:18 UTC 2014

Hi all,

This patch add support for the "Validate server certificates without 
bumping" use case described on the Peek and Splice wiki page:

This patch send to the certificate validation helper the  certificates 
and errors found in SslBump3 step, even if the splicing mode selected. 
In the case the validation helper found errors in certificates an error 
page returned to the http client.

The SSL error forwarding is controlled by ACLs along these lines:

    sslproxy_cert_error allow sslBoringErrors
    sslproxy_cert_error allow serversWithInvalidCerts
    sslproxy_cert_error deny all

This is a Measurement Factory project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-ssl_bump-err-t3.patch
Type: text/x-patch
Size: 16084 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20141001/89ba2bb4/attachment.bin>

More information about the squid-dev mailing list