On 08/13/2015 12:06 AM, Amos Jeffries wrote: > On 13/08/2015 9:20 a.m., Jeremie Rafin wrote: >> sslproxy_cert_error deny all > You have also configured "sslproxy_cert_error deny all" which forces > Squid to accept and ignore all possible origin server certificate > errors. Including revocation. "deny" does not force Squid to "accept and ignore". I think you are describing the effects of the opposite setting: sslproxy_cert_error allow all The actual "deny all" configuration means "do not allow any error to get through". We should have used custom ACL verbs if the default allow/deny are causing confusion among the best of us. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
