Just a reminder people, but you've gone off-topic. The postbank.de website issue has NOTHING to do with pining Someone mentioned earlier it's due to the HTTPS cert not having a complete cert-chain, and that web browsers auto-correct that situation, but squid does not. So I would say either squid should: 1. implement the same sort of auto-correction code (say) Firefox does (which I bet is a lot of work), or 2. flick into splice-mode when there's a cert error (which could be as much work - I dunno) I use external_acl_type to call an external script that tries to achieve that. Basically it manually downloads the homepage to get the cert, checks if it's valid against the OS CA list and if not, returns ERR so that squid splice's the connection instead of bump-ing it. Means the entire connection blocks of course the first time this occurs, but after that caches it and it mostly works. -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
