On 12/14/20 1:55 PM, Eliezer Croitor wrote: > We can use this as an example for a single transaction in the wiki: > https://gist.githubusercontent.com/elico/a0397c879776336eeae569317015edc1/raw/b34dff8ece76e480007a950655efff3564afcccc/cache.log > Let me know if it's enough to document this subject. I am not sure I understand your question -- the format is already documented. If you think that attaching an example of a raw helper request to that wiki page would help others, please feel free to do so! Just avoid the implication that all helper requests would have the same set of fields. Alex. > -----Original Message----- > From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Monday, December 14, 2020 6:42 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> > Subject: Re: sslcrtvalidator_program > > On 12/14/20 4:26 AM, Eliezer Croitor wrote: >> So starts with: >> 0 cert_validate... line > >> And ends with?: >> error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT >> error_cert_0=cert0 >> ? > > No. The size of the key=value block is specified on the first request > line. Please try to follow documentation that Amos has pointed you to: > https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator > > If that documentation is missing some details, we should fix it. > > > >> I am unsure, let me try to re-read this section. >> I am missing a fake helper for this.. >> And a "real world" full example. > >> Can someone simulate it for me? > > Glad you found > src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope > it still works! > > > HTH, > > Alex. > > >> -----Original Message----- >> From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries >> Sent: Monday, December 14, 2020 10:15 AM >> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: Re: sslcrtvalidator_program >> >> On 14/12/20 9:11 am, Eliezer Croitor wrote: >>> I am trying to understand the way the sslcrtvalidator_program works. >>> I am pretty sure I have asked this in the past but didn’t found it for some >>> reason. >>> >>> I want to read line by line so. >>> /^-----BEGIN CERTIFICATE-----$/ >>> *** >>> /^-----END CERTIFICATE-----$/ >>> >>> What else should I look for? I was thinking about validating with some extra >>> values in the request, for example ip/domain:port and sni. >>> Are these available in some way? >> >> >> The details you need are all here: >> >> >> <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator> >> >> Notice that it receives chains of certificates - maybe several, and/or >> out of order. Whatever the client sends. >> >> >> Amos >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users