On 22/10/2015 7:22 p.m., Sebastian Kirschner wrote: > Hi, > > I have a question regarding the SSL Server Certificate Validator. > > In the Wiki is written: > "The helper will be optionally consulted after an internal OpenSSL validation we do now, regardless of that validation results." > > What checks does the internal validation include ? The "internal" validation is done by OpenSSL library. So whatever it is doing based on the configuration you give it. I believe that includes X.509 certificate syntax validity, and X.509 properties validity in light of the TLS extensions negotiated on the connection, and a check the cert was signed by one of the system default Trusted-CA authorities (unless flags=NO_DEFAULT_CA was used) or a custom CA you loaded (with cafile=/capath= options). There may be more (or less) happening but that is the bulk of it. And all inside OpenSSL so we can't easily debug the what/when/how of it when the output messages are obscure. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
