Based on a string in client certficate (in my case CN field) I would like to
route an https request to a dedicated webserver by using the
cache_peer_access directive.
E.g.: Client with certificate field CN a111 will be redirected to the parent
P1
Client with certificate field CN a222 will be redirected to the parent P2
That works with acl type "src" but not with acl type user_cert
Thanks
Walt
----- Original Message -----
From: "Eliezer Croitoru" <eliezer@xxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, December 28, 2013 2:43 PM
Subject: Re: Cache Peer Redirection Based on User Certificate
I am still not sure what you are trying to achieve..
From the docs at:
http://www.squid-cache.org/Doc/config/acl/
acl aclname user_cert attribute values...
# match against attributes in a user SSL certificate
# attribute is one of DN/C/O/CN/L/ST [fast]
It is only there for a basic inspection of the user SSL certificate...
the same goes for:
acl aclname ca_cert attribute values...
# match against attributes a users issuing CA SSL certificate
# attribute is one of DN/C/O/CN/L/ST [fast]
It is there since 3.1 and the respective aspect on the client side is on
the side of the "client" which we are talking about "squid" in the manner
of making squid as a client and user while the "end user" cannot send
squid certificates for now.
Squid is not a VPN system which allows specific clients access to a
specific level of the system since it's a very fast piece of software.
All these levels of SSL connection is not to be used inside of squid.
I must say that I am not the SSL expert and if you need more information
on the matter it's pretty simple to ask about the whole subject to
understand it properly.(feel free to contact me or anyone else)
Regards,
Eliezer
On 28/12/13 15:15, Waldemar Siebert wrote:
Hello,
what about acl user_cert?
It works with http_access, but not with cache_peer_access. See Log bellow
I use Squid 3.1.8
Thanks
Walt
