[squid-users] Use squid to disable outdated security certificate warning?
Grant Taylor
gtaylor at tnetconsulting.net
Sun Mar 12 22:18:51 UTC 2023
On 3/10/23 7:19 PM, Peter Hucker wrote:
> Somebody mentioned if Boinc accesses the internet through a proxy
> (and I already have it going through squid to cache data) I can get
> the proxy to disable this. Is this possible and how?
As Amos said, it depends.
I would assume that you could use something like Squid's TLS
intercepting capability to present current certificates from a locally
trusted root CA to the Boinc client.
I think the biggest hurtle will be getting Squid to accept expired
certificates from upstream servers and / or expired root certificates
needed by upstream servers. Maybe there are some knobs that can be
twiddled to allow this.
There might be other ways to address this. This starts to get into
black hat TLS busting methodology, but for what seems to be a white hat
reason.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230312/0b5f4642/attachment-0001.bin>
More information about the squid-users
mailing list