Search squid archive

Re: Cache Peer Redirection Based on User Certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey there,
Squid doesn't support and cannot support any user level certificate validation or intervention. You are looking for a feature which is in the level of "forgery" and "theft" which are not supported by squid project. 

Thanks,
Eliezer

On 27/12/13 17:39, Waldemar Siebert wrote:

Hello,
i've really diligent searched all Squid mailing lists and archives, but
without success.
My problem: I try to implement Cache Peer Redirection based on User
Certificate.
Config extract:
#################################################
# First HTTPS peer
cache_peer websrv01.dd.com parent 443 0 no-query proxy-only no-digest
originserver ssl sslflags=DONT_VERIFY_PEER name=PEER01

acl CERT_01 user_cert CN NYTIMES

cache_peer_access PEER01 allow CERT_01

http_access allow CERT_01

# Second HTTPS peer

cache_peer websrv02.dd.com parent 443 0 no-query proxy-only no-digest
originserver ssl sslflags=DONT_VERIFY_PEER name=PEER02

acl CERT_02 user_cert CN BOSTONGLOBE

cache_peer_access PEER02 allow CERT_02

http_access allow CERT02

http_access deny all

################################################

The acl CERT_01,02 works with http_access:

2013/12/27 13:35:25.093| ACLChecklist::preCheck: 0xa6a3f68 checking
'http_access allow CERT_01'
2013/12/27 13:35:25.093| ACLList::matches: checking CERT_01
2013/12/27 13:35:25.093| ACL::checklistMatches: checking 'CERT_01'
2013/12/27 13:35:25.093| aclMatchStringList: checking 'NYTIMES'
2013/12/27 13:35:25.094| aclMatchStringList: 'NYTIMES' found
2013/12/27 13:35:25.094| ACL::ChecklistMatches: result for 'CERT_01' is 1
2013/12/27 13:35:25.094| ACLList::matches: result is true


But witch cache _peer_access not:

2013/12/27 13:35:25.113| ACLChecklist::preCheck: 0xbfbde738 checking
'cache_peer_access PEER01 allow CERT_01'
2013/12/27 13:35:25.113| ACLList::matches: checking CERT_01
2013/12/27 13:35:25.113| ACL::checklistMatches: checking 'CERT_01'
2013/12/27 13:35:25.113| ACL::ChecklistMatches: result for 'CERT_01' is 0
2013/12/27 13:35:25.113| ACLList::matches: result is false
2013/12/27 13:35:25.113| aclmatchAclList: 0xbfbde738 returning false
(AND list entry failed to match)
2013/12/27 13:35:25.113| aclmatchAclList: async=0 nodeMatched=0
async_in_progress=0 lastACLResult() = 0 finished() = 0
2013/12/27 13:35:25.113| aclCheckFast: no matches, returning: 0


Please help me. Thanks.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux