[squid-users] Squid reject self-signed SSL certificate of ICAP server
Alex Rousskov
rousskov at measurement-factory.com
Wed Jun 21 16:46:46 UTC 2017
On 06/21/2017 10:15 AM, Nikita wrote:
> Is it possible to allow self-signed SSL certificates for ICAP server
> connections somehow?
Can you configure your OpenSSL library (or equivalent) to trust the ICAP
server certificate? Squid deletages most of the certificate validation
work to OpenSSL (or equivalent).
> There is tls-flags=DONT_VERIFY_PEER flag, but in this case Squid
> don't send it's own certificate to ICAP server
Why do you think tls-flags=DONT_VERIFY_PEER only works if Squid sends
its own certificate? The two actions (from-peer certificate validation
and sending of a certificate to a peer) seem unrelated to me.
Alex.
More information about the squid-users
mailing list