Search squid archive

Re: sslcrtvalidator_program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/14/20 1:55 PM, Eliezer Croitor wrote:

> We can use this as an example for a single transaction in the wiki:
> https://gist.githubusercontent.com/elico/a0397c879776336eeae569317015edc1/raw/b34dff8ece76e480007a950655efff3564afcccc/cache.log

> Let me know if it's enough to document this subject.

I am not sure I understand your question -- the format is already
documented. If you think that attaching an example of a raw helper
request to that wiki page would help others, please feel free to do so!
Just avoid the implication that all helper requests would have the same
set of fields.

Alex.


> -----Original Message-----
> From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> 
> Sent: Monday, December 14, 2020 6:42 PM
> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx>
> Subject: Re:  sslcrtvalidator_program
> 
> On 12/14/20 4:26 AM, Eliezer Croitor wrote:
>> So starts with:
>> 0 cert_validate... line
> 
>> And ends with?:
>> error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
>> error_cert_0=cert0
>> ?
> 
> No. The size of the key=value block is specified on the first request
> line. Please try to follow documentation that Amos has pointed you to:
> https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator
> 
> If that documentation is missing some details, we should fix it.
> 
> 
> 
>> I am unsure, let me try to re-read this section.
>> I am missing a fake helper for this..
>> And a "real world" full example.
> 
>> Can someone simulate it for me?
> 
> Glad you found
> src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope
> it still works!
> 
> 
> HTH,
> 
> Alex.
> 
> 
>> -----Original Message-----
>> From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries
>> Sent: Monday, December 14, 2020 10:15 AM
>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
>> Subject: Re:  sslcrtvalidator_program
>>
>> On 14/12/20 9:11 am, Eliezer Croitor wrote:
>>> I am trying to understand the way the sslcrtvalidator_program  works.
>>> I am pretty sure I have asked this in the past but didn’t found it for some
>>> reason.
>>>
>>> I want to read line by line so.
>>> /^-----BEGIN CERTIFICATE-----$/
>>> ***
>>> /^-----END CERTIFICATE-----$/
>>>
>>> What else should I look for? I was thinking about validating with some extra
>>> values in the request, for example ip/domain:port and sni.
>>> Are these available in some way?
>>
>>
>> The details you need are all here:
>>
>>  
>> <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>
>>
>> Notice that it receives chains of certificates - maybe several, and/or 
>> out of order. Whatever the client sends.
>>
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux