[squid-users] Trying to set up SSL cache - solved!
Dave Blanchard
dave at killthe.net
Thu Feb 24 21:49:53 UTC 2022
On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov <rousskov at measurement-factory.com> wrote:
> > What is the replacement for client-first?
>
> A "good" answer depends on what exactly you are trying to achieve;
> details matter. A "dumb" answer (i.e. a direct replacement without
> considering your true needs and Squid bugs) is:
>
> ssl_bump bump all
That's what I had tried first, and was banging my head on the wall for hours trying to get it to work right--though the "ssl_bump peek" was in there also, on the suggestion of various tutorials. Now I just tried it again, with only that line...and it works perfectly! No problem. SMH...
This tutorial situation is really out of control. Sadly, this is what can be expected to happen when the syntax is changed with every version. Now we're in a real mess. I hope the Squid developers will make up their minds on how they want the syntax to be structured, build it that way, then LEAVE IT ALONE!
> > I prefer to handle the certificate validation externally
>
> It is a common need. Squid supports external certificate validator
> programs (a.k.a. helpers). Look for sslcrtvalidator_program in
> squid.conf.documented. For communication details, see the following
> wikip age and src/security/cert_validators/fake/
>
> https://wiki.squid-cache.org/Features/AddonHelpers
Awesome! That's very useful.
Thanks a lot for your help!
--
Dave Blanchard <dave at killthe.net>
More information about the squid-users
mailing list