On 27/06/20 7:07 pm, mikio.kishi wrote: > Hi all, > > I am currently using sslbump feature. Sometimes, squid failed to verify > a https web site with > cross root cert. On the other hand, the site is accessible directly from > major web browsers, > such as chrome and firefox. I am guessing that the cert verification > handling of the current > sslbump seems to be NOT trusted_first mode. Are there any solutions to > change to trusted_first > verification mode for squid ? > Solutions based purely on guesswork are unlikely to work. Missing information: * Squid version * details of the chain being delivered to Squid * details of the expected cross-signing chain(s). * by "trusted_first mode" do you mean TOFU or something else? Squid supports a helper, which can to do any type of validation - including none. BUT ... you first need to eliminate the guesses to see if it is a validation or something completely unexpected. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
