Search squid archive

Re: squid reverse proxy and client certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30.12.15 15:11, Alex Samad wrote:
I have squid 3.5.12 working as a reverse proxy

cache_peer 127.0.0.1 \
parent 443 0 proxy-only no-query no-digest originserver \
login=PASS \
ssl \
sslcafile=/etc/pki/tls/certs/ca-bundle.crt \
sslflags=DONT_VERIFY_PEER \
name=webServer

This points to httpd which has a
       <Location /test/>
               DirectoryIndex index.shtml index.html
               Options -Indexes -Includes +IncludesNOEXEC
-SymLinksIfOwnerMatch -ExecCGI -FollowSymLinks

               SSLOptions +StdEnvVars +ExportCertData
               SSLVerifyClient optional_no_ca
               SSLVerifyDepth 4
       </Location>

Unfortunately the request for a client cert never makes it to the client.

How can I change this to allow client certs to work

client certs will only work when you pass the connection directly to web
server without unbundling SSL.
That means, it's useless to use reverse proxy for HTTPS server when it needs
client certificates.

The workaround you could be in verifying client certificates by squid,
pushing that info to server and webserver trusting that info...

--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux