Seems to work: This one output stream. We can use this as an example for a single transaction in the wiki: https://gist.githubusercontent.com/elico/a0397c879776336eeae569317015edc1/raw/b34dff8ece76e480007a950655efff3564afcccc/cache.log Let me know if it's enough to document this subject. Thanks, Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> Sent: Monday, December 14, 2020 6:42 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> Subject: Re: sslcrtvalidator_program On 12/14/20 4:26 AM, Eliezer Croitor wrote: > So starts with: > 0 cert_validate... line > And ends with?: > error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT > error_cert_0=cert0 > ? No. The size of the key=value block is specified on the first request line. Please try to follow documentation that Amos has pointed you to: https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator If that documentation is missing some details, we should fix it. > I am unsure, let me try to re-read this section. > I am missing a fake helper for this.. > And a "real world" full example. > Can someone simulate it for me? Glad you found src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope it still works! HTH, Alex. > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries > Sent: Monday, December 14, 2020 10:15 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: sslcrtvalidator_program > > On 14/12/20 9:11 am, Eliezer Croitor wrote: >> I am trying to understand the way the sslcrtvalidator_program works. >> I am pretty sure I have asked this in the past but didn’t found it for some >> reason. >> >> I want to read line by line so. >> /^-----BEGIN CERTIFICATE-----$/ >> *** >> /^-----END CERTIFICATE-----$/ >> >> What else should I look for? I was thinking about validating with some extra >> values in the request, for example ip/domain:port and sni. >> Are these available in some way? > > > The details you need are all here: > > > <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator> > > Notice that it receives chains of certificates - maybe several, and/or > out of order. Whatever the client sends. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
