[squid-users] How to configure a "proxy home" page ?
Amos Jeffries
squid3 at treenet.co.nz
Sun Mar 25 23:09:30 UTC 2018
On 26/03/18 11:11, Yuri wrote:
> By the way, Amos. I have an idea spinning around. Is it possible to
> specify the SSL error of the unknown certificate issuer for the correct
> processing of the situation when the client does not have a proxy
> certificate installed? This would greatly facilitate the task that we
> are discussing.
>
> We're can, in this case, just use deny_info to redirect client to proxy
> page. ;-)
>
"error of the unknown issuer" is an implementation detail of the SSL/TLS
library used by the client-end software.
Is that clear enough about why Squid cannot do anything?
Squid can change the cert issuer from X to A or X to Y. But cannot make
any specific issuer A or Y known when it is not already known** by the
client.
** intermediate certs that can be D/L by the client can be considered
"known" when (and only when) their root CA is already trusted. Unless
the client does not download missing intermediates.
Amos
More information about the squid-users
mailing list