[squid-users] sslcrtvalidator_program
Alex Rousskov
rousskov at measurement-factory.com
Mon Dec 14 16:41:54 UTC 2020
On 12/14/20 4:26 AM, Eliezer Croitor wrote:
> So starts with:
> 0 cert_validate... line
> And ends with?:
> error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
> error_cert_0=cert0
> ?
No. The size of the key=value block is specified on the first request
line. Please try to follow documentation that Amos has pointed you to:
https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator
If that documentation is missing some details, we should fix it.
> I am unsure, let me try to re-read this section.
> I am missing a fake helper for this..
> And a "real world" full example.
> Can someone simulate it for me?
Glad you found
src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope
it still works!
HTH,
Alex.
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
> Sent: Monday, December 14, 2020 10:15 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] sslcrtvalidator_program
>
> On 14/12/20 9:11 am, Eliezer Croitor wrote:
>> I am trying to understand the way the sslcrtvalidator_program works.
>> I am pretty sure I have asked this in the past but didn’t found it for some
>> reason.
>>
>> I want to read line by line so.
>> /^-----BEGIN CERTIFICATE-----$/
>> ***
>> /^-----END CERTIFICATE-----$/
>>
>> What else should I look for? I was thinking about validating with some extra
>> values in the request, for example ip/domain:port and sni.
>> Are these available in some way?
>
>
> The details you need are all here:
>
>
> <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>
>
> Notice that it receives chains of certificates - maybe several, and/or
> out of order. Whatever the client sends.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list