On 10/06/2015 01:27 AM, Jason Haar wrote: > Good catch - I don't think squid does CRL/OCSP checks > But this is a bug in squid - this means untrustworthy certs become > trusted again - not a good look IIRC, Squid relies on OpenSSL to perform CRL checks. OpenSSL is difficult to configure to do CRL checks. If my recollection is correct, then this is not exactly a Squid bug but more like a missing convenience feature. Squid does not know about OCSP. Another missing feature. One may perform all those checks using a custom certificate validator helper, of course. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
