You mention this part : Severity: The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain. you mean that there is a way to use certificate that signed by a global certificate authority (Trusted CA) ? if yes then we can use it and then no need to import our self certificate in client browser to force it as trusted ? Thanks. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/about-Incorrect-X509-server-certificate-valdidation-tp4671042.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users