On 02/10/15 21:38, Amos Jeffries wrote: > I'm not sure but a custom certificate validator helper can probably do > all this better. An example helper in Perl can be found at > helpers/ssl/cert_valid.pl That website worked for me because my external validator had an exception rule for valid certs containing "bank" (which makes it "ERR" - causing squid to splice it instead of bump it). To see this problem for myself I removed that check and indeed bump-ing then failed to work (squid-3.5.10) I then pointed sslabs.com at that site and it got a "B" rating and there's no obvious signs of a cert error - so I can't figure out what is going wrong. I've manually downloaded the server cert using "openssl s_client" and the cert chain validates just fine - so what is squid doing to it? Weird... -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
