Re: explicit forward proxy to server requring client authentication

Yuri Voinov <yvoinov@xxxxxxxxx> · Wed, 18 May 2016 04:02:30 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    18.05.16 3:11, Robert W Weaver пишет:

    > Greetings, squid users and
      devs,

      >

      > I think this is usual, but I can't find examples, and I can't
      make it work. :-)

      >

      > The issue is I need to connect to a site that requires client
      authentication.  Don't want to put the key and cert on each
      individual user, so instead want the key and cert on the proxy.

      >

      > Diagram:

      >

      > User A ---> Squid S ---> Server B

      >         ^            ^

      >         |            +-- TLS client authentication

      >         +-- cleartext okay

      >

      > I'm able to bump, but the client authentication to server B
      isn't working.  Configured cert and key on S with ssl-bump cert=
      .. key= .. but that isn't working.

    Because these parameters is for bump, from squid to server. Not for
    client certificate.

    >

      > Is this not possible?

    You doing it wrong.

    
    When we read squid.conf.documented, a bit below we can see:

    
    #       clientca=    File containing the list of CAs to use when

    #            requesting a client certificate.

    #

    
    >

      > --woody

      >

      >

      > /--  

      > "I used to wish the universe were fair. Then one day it hit
      me: What if

      > the universe were fair? Then all the awful things that happen
      to us in

      > life, would happen because we deserved them. So now I take
      great pleasure

      > in the general hostility and unfairness of things."

      > -- Marcus, on Babylon 5/

      >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJXO5T2AAoJENNXIZxhPexGzrwH/2Sk8ins4kzXjWX55mvE10nh


    HSd4T5e4inQihmPlV6xPB/+HugHcBU1Zuxi9Mmy/BuvB1axMW7BRfC+COSenxpaI


    4eekoPx4ndlW7s6vxkzlnHIfjgI0Y0TLYL3/f+15DdlXfduqai17GHT58t3yrhO7


    GnskQVYrQ7Rje2MzmQ/bfmEBZjGRFYFbwnceCnkXxG1P42aBqLF0GLuuHhKAbsEm


    IGnfkXlvhmlTsG3i4+ZDaVRku6QzsChpp1hjAkF+slZJ3IogTq5Dgym3kbnQXrYE


    2Jjqrri3Stw7xWRheVFF4JlMtgii3HzSCMGcsdON9WpGvDRvOu+wwPNxBWXUtGE=


    =uJQV


    -----END PGP SIGNATURE-----


Attachment:
0x613DEC46.asc

Description: application/pgp-keys
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users