[squid-users] sslcrtvalidator_program
Eliezer Croitor
ngtech1ltd at gmail.com
Mon Dec 14 09:26:51 UTC 2020
So starts with:
0 cert_validate... line
And ends with?:
error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
error_cert_0=cert0
?
I am unsure, let me try to re-read this section.
I am missing a fake helper for this..
And a "real world" full example.
Can someone simulate it for me?
Thanks,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Monday, December 14, 2020 10:15 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] sslcrtvalidator_program
On 14/12/20 9:11 am, Eliezer Croitor wrote:
> I am trying to understand the way the sslcrtvalidator_program works.
> I am pretty sure I have asked this in the past but didn’t found it for some
> reason.
>
> I want to read line by line so.
> /^-----BEGIN CERTIFICATE-----$/
> ***
> /^-----END CERTIFICATE-----$/
>
> What else should I look for? I was thinking about validating with some extra
> values in the request, for example ip/domain:port and sni.
> Are these available in some way?
The details you need are all here:
<https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>
Notice that it receives chains of certificates - maybe several, and/or
out of order. Whatever the client sends.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list