Search squid archive

Re: sslcrtvalidator_program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Found the helper at:

https://github.com/squid-cache/squid/blob/9837567dd913854a4deddcc49043bfd7631ab63f/src/security/cert_validators/fake/security_fake_certverify.pl.in


----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx

-----Original Message-----
From: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> 
Sent: Monday, December 14, 2020 11:27 AM
To: 'Amos Jeffries' <squid3@xxxxxxxxxxxxx>
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE:  sslcrtvalidator_program

So starts with:
0 cert_validate... line

And ends with?:
error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
error_cert_0=cert0
?

I am unsure, let me try to re-read this section.
I am missing a fake helper for this..
And a "real world" full example.

Can someone simulate it for me?

Thanks,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx

-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries
Sent: Monday, December 14, 2020 10:15 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  sslcrtvalidator_program

On 14/12/20 9:11 am, Eliezer Croitor wrote:
> I am trying to understand the way the sslcrtvalidator_program  works.
> I am pretty sure I have asked this in the past but didn’t found it for some
> reason.
> 
> I want to read line by line so.
> /^-----BEGIN CERTIFICATE-----$/
> ***
> /^-----END CERTIFICATE-----$/
> 
> What else should I look for? I was thinking about validating with some extra
> values in the request, for example ip/domain:port and sni.
> Are these available in some way?


The details you need are all here:

 
<https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>

Notice that it receives chains of certificates - maybe several, and/or 
out of order. Whatever the client sends.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux