How does squid 'normally' handle security revocations, like from
this test page?:
https://revoked.grc.com/
Or how 'should' it be handling it (i.e. is my setup more broken
than most? ;^) )
Or, when squid fetches the page, does it do any checking before
sending it to the user?
Or, does it pass it through, w/o checking, to user, but check
revocation before storing it in the local disk cache.
In the above two cases, a client (say a browser) configured to
check revocations, would detect the revocations both on initial
connect as well as content served from cache. That works, though
it _might_ be more efficient if squid didn't cache such pages.
However, in the case of squid using https-interception to allow
breaking open otherwise uncacheable streams, my configuration doesn't
seem to check if a remote site is using a revoked cert.
So question(s): Is there anyway to configure squid to check and
either add a message to the page indicating the security revocation,
or, at least, fail in retrieving the message?
And, ideally, _could_ squid interactively prompt the user about
whether or not the specific cert should be used/allowed anyway,
*and* whether or not the cert should be _stored_ as an "exception"?
If so, then further connects would "just work", otherwise, clients
would get an error message)?
Ideas? Anyone else solved this problem?
Thanks!
-linda
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
