[squid-dev] [PATCH] Validate server certificates without bumping

Amos Jeffries squid3 at treenet.co.nz
Thu Oct 2 01:10:30 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/10/2014 5:17 a.m., Tsantilas Christos wrote:
> Hi all,
> 
> This patch add support for the "Validate server certificates
> without bumping" use case described on the Peek and Splice wiki
> page: http://wiki.squid-cache.org/Features/SslPeekAndSplice
> 
> This patch send to the certificate validation helper the
> certificates and errors found in SslBump3 step, even if the
> splicing mode selected. In the case the validation helper found
> errors in certificates an error page returned to the http client.

Any particular reason driving this addition?

I think I can see some impact neding it but you should outline your
reasons for the commit.

NP: have not yet reviewed the patch itself.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJULKYGAAoJELJo5wb/XPRjHFAIAJYEkp6VkOMCRhaeUO6VnAly
IGJ3a2bGtHEFrZumZqtjWxDz+cH77/y8MMsfwks9tfCIbbKOdRag8wR0Esrpqw8L
TuGlkJQtXPf0ijD1SnaorQv614k7SnyAC75PIxWoydaopW3K69wp71rGZV64WXGk
IKyoEnkSeH4Q1Je5kSsJlR8uldybnf9gIvjTdRZjj07I5OKFL+jkqhRUZy0H+21D
tbAqY91u0rj99NQFqVgKtsczU4AXDOziQIQPKmKou0I2WQWxufknpqaUxDYYn47q
2oQoP4Brlr33OiuMG53OLpx5GSNs8Yt/0sJaxWU91+WRArSrrO7OuMC49b5/BXc=
=OmU1
-----END PGP SIGNATURE-----


More information about the squid-dev mailing list