Search squid archive

Re: after changed from 3.4.13 to 3.5.8 sslbump doesn't work for the site https://banking.postbank.de/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/10/2015 7:58 p.m., Jason Haar wrote:
> Just a reminder people, but you've gone off-topic. The postbank.de
> website issue has NOTHING to do with pining
> 
> Someone mentioned earlier it's due to the HTTPS cert not having a
> complete cert-chain, and that web browsers auto-correct that situation,
> but squid does not. So I would say either squid should:
> 
> 1. implement the same sort of auto-correction code (say) Firefox does
> (which I bet is a lot of work), or
> 2. flick into splice-mode when there's a cert error (which could be as
> much work - I dunno)
> 
> I use external_acl_type to call an external script that tries to achieve
> that. Basically it manually downloads the homepage to get the cert,
> checks if it's valid against the OS CA list and if not, returns ERR so
> that squid splice's the connection instead of bump-ing it. Means the
> entire connection blocks of course the first time this occurs, but after
> that caches it and it mostly works.

I'm not sure but a custom certificate validator helper can probably do
all this better. An example helper in Perl can be found at
helpers/ssl/cert_valid.pl

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux