Hello, can you please provide an example of how to use this in squid.conf by the way how would I use these sslcrtvalidator_program and sslcrtvalidator_children Thanks, Walter On Tue, October 6, 2015 09:27, Jason Haar wrote: > Good catch - I don't think squid does CRL/OCSP checks > > I'm using the external_acl_type method to achieve that: it does the > extra work and returns "ERR" for revoked certs - which (for me) causes > squid to fallback on splice mode - so that the client browser can see > the actual fault directly (ie I'm making sure revoked certs are never > bumped) > > But this is a bug in squid - this means untrustworthy certs become > trusted again - not a good look > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users