Search squid archive

Re: How to configure a "proxy home" page ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/03/18 11:11, Yuri wrote:
> By the way, Amos. I have an idea spinning around. Is it possible to
> specify the SSL error of the unknown certificate issuer for the correct
> processing of the situation when the client does not have a proxy
> certificate installed? This would greatly facilitate the task that we
> are discussing.
> 
> We're can, in this case, just use deny_info to redirect client to proxy
> page. ;-)
> 

"error of the unknown issuer" is an implementation detail of the SSL/TLS
library used by the client-end software.

Is that clear enough about why Squid cannot do anything?


Squid can change the cert issuer from X to A or X to Y. But cannot make
any specific issuer A or Y known when it is not already known** by the
client.


** intermediate certs that can be D/L by the client can be considered
"known" when (and only when) their root CA is already trusted. Unless
the client does not download missing intermediates.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux