On 04.10.2015 21:08, Walter H. wrote:
Hello,does anybody know if squid does certificate checks and how to tell squid to do so;this is a site with a revoked certificate https://revoked.grc.com/without squid, the browser shows that the certificate is revoked and doesn't show the pagewith squid, the page is shown ... Thanks,Walter
these are my sslproxy_* lines in squid.confsslproxy_cipher HIGH:MEDIUM:!AECDH:!ADH:!DES:!SSLv2:+SSLv3:+3DES:!RC4:!MD5:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP:!SEED:!IDEA
sslproxy_options NO_SSLv2 NO_SSLv3 TLSv1 TLSv1_1 TLSv1_2 sslproxy_cafile /etc/pki/tls/certs/ca-bundle.trust.crt acl ssl_expired_cert ssl_error X509_V_ERR_CERT_HAS_EXPIRED acl ssl_revoked_cert ssl_error X509_V_ERR_CERT_REVOKED sslproxy_cert_error deny ssl_expired_cert <-- must these be 'allow'? sslproxy_cert_error deny ssl_revoked_certsslproxy_cert_sign signUntrusted ssl_revoked_cert <.-- how should I recognice if this won?
sslproxy_cert_sign signUntrusted ssl_expired_cert sslproxy_cert_error deny all and that doesn't work
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
