Re: How to force squid to ask for client certificate during tls handshake on https_port?

[Pavel Kazlenka <pavel.kazlenka@xxxxxxxxxxxxxxxxxxxxxxx>]

Not really. There's no place in documentation where it is said which 
directives trigger user certificate retrieval. This has sense and could 
be assumed, but, e.g. acl user_cert doesn't trigger acquiring user 
certificate though this directive works with user certificate too.

On 01/29/2015 01:27 PM, Yuri Voinov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>   
> .... Just read squid.conf.documented, is it? ;)
>
> 29.01.2015 16:26, Pavel Kazlenka пишет:
> > Answering my own question:
> >
> > Adding clientca= and cafile= options of https_port is enough to
> trigger client certificate request.
> > On 01/28/2015 03:44 PM, Pavel Kazlenka wrote:
> > > Hi gentlemen,
> > >
> > > I have https_port configured as the next:
> > > https_port 3128 cert=/home/tester/certificates/server.crt
> key=/home/tester/certificates/server.key
> > > and would like to force squid to retrieve client's certificate.
> According to
> http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660a.gif
> , client certificate request is optional and looks like squid doesn't
> request the one by default.
> > > Squid version if 3.5.1.
> > >
> > > Is that possible at all and if so, how to do this?
> > >
> > > TIA,
> > > Pavel
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users@xxxxxxxxxxxxxxxxxxxxx
> > > http://lists.squid-cache.org/listinfo/squid-users
> > _______________________________________________
> > squid-users mailing list
> > squid-users@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.squid-cache.org/listinfo/squid-users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>   
> iQEcBAEBAgAGBQJUygr6AAoJENNXIZxhPexGFTQH/ilYlldxB3PI0aWTP4ngfTQM
> SOwo3J73tG5ohi7MMutua8PmhMj28kuGEDXtXj8TradpGeIRcLS8RM2L6yxWFA5C
> ac2T/WjuH0PLLUCYx7mWeFz7WV7lUpf1CmZIiXf5gNxNCrMDHZd+fXphVaAph15T
> QE7W606yKmSM3zGbki7s8GtaBVh9TXSbkzpivnZbvbuvVN8FZow7rUzg9YWqgy79
> wBRJy0GcJx39DsEEhB7KC56ov8nFNe2kMWL7V6E1HbH4bZNMToPM53YO/9S06M9z
> /5dd9z9QReSwLgFEXMH1+yBFCfrA2onozJFcVoXOfu6UiUZbOFrczugwejH81Cc=
> =UTXu
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users