[squid-users] Squid ignores crlfile options

Amos Jeffries squid3 at treenet.co.nz
Sat Oct 3 05:09:29 UTC 2015


On 3/10/2015 12:11 a.m., Sebastian Kirschner wrote:
> Thanks Amos for the reply ,
> 
> I will trim the config with your recommendations but a few questions exists on my side.
> 
> " If you mean it to be used to verify the *server* certificates then you need to configure sslproxy_crlfile instead."
> 
> 	I guess that was what im looking for :-) , 
> 	but I couldn’t find something about that configuration directives on the squid doc configuration site and my squid ignores the options
> 	because its unrecognized.
> 

Sorry. I keep forgetting that one is not supported in Squid-3.

You will need Squid-4 with:
 tls_outgoing_options crlfile=/...


> "> request_body_max_size 0 KB
> 
> Seriously? POST and PUT are forbidden to send data anywhere?"
> 
> 	Should the value be ignored because it’s a zero ?
> 	Here the part of the Squid configuration document 
> 		"If you set this parameter to a zero (the default), there will be no limit imposed."

Maybe yes, maybe no. Sometimes our documentation is out of data and we
are moving to a model where "none" (the word) means no limits.

If you want the default, remove it from the config file. That goes for
almost all directives in Squid-3.


> 
> " build-info requires a string. Whoever provided this package needs to fix that."
> 	I was the builder :-) , could you give me a hint about that ?

It is a string for branding, or adding a custom sentence to squid -v
output. Major distros use it to label their builds clearly in a way
separated from the release version. Some of my clients use it to label
what their custom patching was applied to the build.

If you dont set it to a string like --enable-build-info="something" it
is not useful and can be removed entirely.


Amos



More information about the squid-users mailing list