On 03/10/15 19:16, Amos Jeffries wrote: > Anyhow, there have been long periods (12-18 months IIRC) where they > were not trusted as a global CA. If your CA certificates set is from one > of those periods your Squid will not be able to verify trust of the > origin cert. Should that show up in the logs somewhere? Put it this way: we have a situation where "something" is causing a website that works without bump to not work with it. If squid doesn't "like" something, could it "auto-splice" - or at the very least log that there's a problem? I'd like to find out what squid doesn't like about it because I could probably update my external_acl_type script to detect that situation and make squid splice the session (BTW my script already verifies the real cert using the same CAs file that squid uses and it says it's legit - so I don't think it's actually got anything to do with the CA itself) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
