Search squid archive

Re: sslcrtvalidator_program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So starts with:
0 cert_validate... line

And ends with?:
error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
error_cert_0=cert0
?

I am unsure, let me try to re-read this section.
I am missing a fake helper for this..
And a "real world" full example.

Can someone simulate it for me?

Thanks,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx

-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries
Sent: Monday, December 14, 2020 10:15 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  sslcrtvalidator_program

On 14/12/20 9:11 am, Eliezer Croitor wrote:
> I am trying to understand the way the sslcrtvalidator_program  works.
> I am pretty sure I have asked this in the past but didn’t found it for some
> reason.
> 
> I want to read line by line so.
> /^-----BEGIN CERTIFICATE-----$/
> ***
> /^-----END CERTIFICATE-----$/
> 
> What else should I look for? I was thinking about validating with some extra
> values in the request, for example ip/domain:port and sni.
> Are these available in some way?


The details you need are all here:

 
<https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>

Notice that it receives chains of certificates - maybe several, and/or 
out of order. Whatever the client sends.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux