[squid-users] sslcrtvalidator_program
Amos Jeffries
squid3 at treenet.co.nz
Mon Dec 14 08:15:16 UTC 2020
On 14/12/20 9:11 am, Eliezer Croitor wrote:
> I am trying to understand the way the sslcrtvalidator_program works.
> I am pretty sure I have asked this in the past but didnt found it for some
> reason.
>
> I want to read line by line so.
> /^-----BEGIN CERTIFICATE-----$/
> ***
> /^-----END CERTIFICATE-----$/
>
> What else should I look for? I was thinking about validating with some extra
> values in the request, for example ip/domain:port and sni.
> Are these available in some way?
The details you need are all here:
<https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>
Notice that it receives chains of certificates - maybe several, and/or
out of order. Whatever the client sends.
Amos
More information about the squid-users
mailing list