[squid-users] sslcrtvalidator_program

Eliezer Croitor ngtech1ltd at gmail.com
Mon Dec 14 11:12:20 UTC 2020


Found the helper at:

https://github.com/squid-cache/squid/blob/9837567dd913854a4deddcc49043bfd7631ab63f/src/security/cert_validators/fake/security_fake_certverify.pl.in


----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: Eliezer Croitor <ngtech1ltd at gmail.com> 
Sent: Monday, December 14, 2020 11:27 AM
To: 'Amos Jeffries' <squid3 at treenet.co.nz>
Cc: squid-users at lists.squid-cache.org
Subject: RE: [squid-users] sslcrtvalidator_program

So starts with:
0 cert_validate... line

And ends with?:
error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
error_cert_0=cert0
?

I am unsure, let me try to re-read this section.
I am missing a fake helper for this..
And a "real world" full example.

Can someone simulate it for me?

Thanks,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Monday, December 14, 2020 10:15 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] sslcrtvalidator_program

On 14/12/20 9:11 am, Eliezer Croitor wrote:
> I am trying to understand the way the sslcrtvalidator_program  works.
> I am pretty sure I have asked this in the past but didn’t found it for some
> reason.
> 
> I want to read line by line so.
> /^-----BEGIN CERTIFICATE-----$/
> ***
> /^-----END CERTIFICATE-----$/
> 
> What else should I look for? I was thinking about validating with some extra
> values in the request, for example ip/domain:port and sni.
> Are these available in some way?


The details you need are all here:

 
<https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>

Notice that it receives chains of certificates - maybe several, and/or 
out of order. Whatever the client sends.


Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users




More information about the squid-users mailing list