Found the helper at: https://github.com/squid-cache/squid/blob/9837567dd913854a4deddcc49043bfd7631ab63f/src/security/cert_validators/fake/security_fake_certverify.pl.in ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx -----Original Message----- From: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> Sent: Monday, December 14, 2020 11:27 AM To: 'Amos Jeffries' <squid3@xxxxxxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: RE: sslcrtvalidator_program So starts with: 0 cert_validate... line And ends with?: error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error_cert_0=cert0 ? I am unsure, let me try to re-read this section. I am missing a fake helper for this.. And a "real world" full example. Can someone simulate it for me? Thanks, Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Monday, December 14, 2020 10:15 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: sslcrtvalidator_program On 14/12/20 9:11 am, Eliezer Croitor wrote: > I am trying to understand the way the sslcrtvalidator_program works. > I am pretty sure I have asked this in the past but didn’t found it for some > reason. > > I want to read line by line so. > /^-----BEGIN CERTIFICATE-----$/ > *** > /^-----END CERTIFICATE-----$/ > > What else should I look for? I was thinking about validating with some extra > values in the request, for example ip/domain:port and sni. > Are these available in some way? The details you need are all here: <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator> Notice that it receives chains of certificates - maybe several, and/or out of order. Whatever the client sends. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users