On 12/11/19 7:10 AM, Amos Jeffries wrote: > On 11/12/19 6:48 pm, GeorgeShen wrote: >> Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to >> verify the client cert again this list before allow the connection to go >> further? > Any client certificate given must verify. And, by default, any TLS client not providing a certificate will be denied. >> Does this configure 'clientca=' signal all the >> client to send their certificate if it has one? By default, the setting implies that a client has to send a client certificate. If a client does not have a certificate, it cannot successfully negotiate a TLS connection with a clientca-enabled https_port. Squid has options that can change the above default behavior. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
