Search squid archive

squid & handling/propagating certificat revocations...?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



How does squid 'normally' handle security revocations, like from
this test page?:

 https://revoked.grc.com/

Or how 'should' it be handling it (i.e. is my setup more broken
than most? ;^) )

Or, when squid fetches the page, does it do any checking before
sending it to the user?

Or, does it pass it through, w/o checking, to user, but check
revocation before storing it in the local disk cache.

In the above two cases, a client (say a browser) configured to
check revocations, would detect the revocations both on initial
connect as well as content served from cache.  That works, though
it _might_ be more efficient if squid didn't cache such pages.

However, in the case of squid using https-interception to allow
breaking open otherwise uncacheable streams, my configuration doesn't
seem to check if a remote site is using a revoked cert.

So question(s):  Is there anyway to configure squid to check and
either add a message to the page indicating the security revocation,
or, at least, fail in retrieving the message?
And, ideally, _could_ squid interactively prompt the user about
whether or not the specific cert should be used/allowed anyway,
*and* whether or not the cert should be _stored_ as an "exception"?
If so, then further connects would "just work", otherwise, clients
would get an error message)?

Ideas?  Anyone else solved this problem?

Thanks!
-linda


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux