On 12/14/20 4:26 AM, Eliezer Croitor wrote: > So starts with: > 0 cert_validate... line > And ends with?: > error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT > error_cert_0=cert0 > ? No. The size of the key=value block is specified on the first request line. Please try to follow documentation that Amos has pointed you to: https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator If that documentation is missing some details, we should fix it. > I am unsure, let me try to re-read this section. > I am missing a fake helper for this.. > And a "real world" full example. > Can someone simulate it for me? Glad you found src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope it still works! HTH, Alex. > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries > Sent: Monday, December 14, 2020 10:15 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: sslcrtvalidator_program > > On 14/12/20 9:11 am, Eliezer Croitor wrote: >> I am trying to understand the way the sslcrtvalidator_program works. >> I am pretty sure I have asked this in the past but didn’t found it for some >> reason. >> >> I want to read line by line so. >> /^-----BEGIN CERTIFICATE-----$/ >> *** >> /^-----END CERTIFICATE-----$/ >> >> What else should I look for? I was thinking about validating with some extra >> values in the request, for example ip/domain:port and sni. >> Are these available in some way? > > > The details you need are all here: > > > <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator> > > Notice that it receives chains of certificates - maybe several, and/or > out of order. Whatever the client sends. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
