[squid-users] yum update fails when using squid even though .redhat.com is whitelisted
Giles Coochey
giles at coochey.net
Thu Nov 21 16:29:56 UTC 2019
On 21/11/2019 12:51, Kassir Bariq wrote:
>
> Hi,
>
> You can add this line in your squid.conf
>
> sslproxy_cert_error allow allowed_https_sites
>
> this should fix your issue to bypass sites without a valid certificate.
>
>
I probably wouldn't do this blindly, either use a different acl such as
known_broken_cert_sites and add sites that you have trouble with to that
ACL.
I believe Palo Alto and Bluecoats have a feature mechanism to provide
the client with an appropriately broken cert , e.g. if the cert is
expired, but has a trusted chain then it uses an expired cert with a
trusted chain to the client, and if a cert is self signed, then it sends
a self-signed cert to the client.
I don't know whether Squid also has that mechanism, but would probably
be preferred.
--
Giles Coochey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20191121/75185f5a/attachment.html>
More information about the squid-users
mailing list