On 11/12/19 6:48 pm, GeorgeShen wrote: >> Yes, look for "client certificate" in your squid.conf.documented. > > Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to > verify the client cert again this list before allow the connection to go > further? or it can use those client certificate also for other things? There is no "or" about it. Both. Any client certificate given must verify. Valid client certificates can be used for things other than verification. > > Also the RFC TLS 1.2 says client send certificate only if the server asks > it, here it means the proxy. Does this configure 'clientca=' signal all the > client to send their certificate if it has one? > Yes. Exactly so. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
