On 2/10/2015 10:33 p.m., Jason Haar wrote: > On 02/10/15 21:38, Amos Jeffries wrote: >> I'm not sure but a custom certificate validator helper can probably do >> all this better. An example helper in Perl can be found at >> helpers/ssl/cert_valid.pl > That website worked for me because my external validator had an > exception rule for valid certs containing "bank" (which makes it "ERR" - > causing squid to splice it instead of bump it). To see this problem for > myself I removed that check and indeed bump-ing then failed to work > (squid-3.5.10) > > I then pointed sslabs.com at that site and it got a "B" rating and > there's no obvious signs of a cert error - so I can't figure out what is > going wrong. I've manually downloaded the server cert using "openssl > s_client" and the cert chain validates just fine - so what is squid > doing to it? Weird... > I'm suspecting the order of these options screws things up. Or maybe just the use of "ALL". sslproxy_options NO_SSLv2:NO_SSLv3:ALL Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
