On 12/14/20 2:15 PM, Eliezer Croitor wrote: > I wrote a simple ruby helper but squid claims it crashes rapidly. > Since probably nobody else is willing to do some pipelining job I > assume it's on me... > I understand what you are saying/writing but from what I see some in > the market do not want to pay. I am sorry, but you lost me here. I do not understand the connection between your earlier questions (which Amos and I tried to answer) and the above statements. Alex. > -----Original Message----- > From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Monday, December 14, 2020 9:05 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> > Subject: Re: sslcrtvalidator_program > > On 12/14/20 1:55 PM, Eliezer Croitor wrote: > >> We can use this as an example for a single transaction in the wiki: >> https://gist.githubusercontent.com/elico/a0397c879776336eeae569317015edc1/raw/b34dff8ece76e480007a950655efff3564afcccc/cache.log > >> Let me know if it's enough to document this subject. > > I am not sure I understand your question -- the format is already > documented. If you think that attaching an example of a raw helper > request to that wiki page would help others, please feel free to do so! > Just avoid the implication that all helper requests would have the same > set of fields. > > Alex. > > >> -----Original Message----- >> From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> >> Sent: Monday, December 14, 2020 6:42 PM >> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >> Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx> >> Subject: Re: sslcrtvalidator_program >> >> On 12/14/20 4:26 AM, Eliezer Croitor wrote: >>> So starts with: >>> 0 cert_validate... line >> >>> And ends with?: >>> error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT >>> error_cert_0=cert0 >>> ? >> >> No. The size of the key=value block is specified on the first request >> line. Please try to follow documentation that Amos has pointed you to: >> https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator >> >> If that documentation is missing some details, we should fix it. >> >> >> >>> I am unsure, let me try to re-read this section. >>> I am missing a fake helper for this.. >>> And a "real world" full example. >> >>> Can someone simulate it for me? >> >> Glad you found >> src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope >> it still works! >> >> >> HTH, >> >> Alex. >> >> >>> -----Original Message----- >>> From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries >>> Sent: Monday, December 14, 2020 10:15 AM >>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >>> Subject: Re: sslcrtvalidator_program >>> >>> On 14/12/20 9:11 am, Eliezer Croitor wrote: >>>> I am trying to understand the way the sslcrtvalidator_program works. >>>> I am pretty sure I have asked this in the past but didn’t found it for some >>>> reason. >>>> >>>> I want to read line by line so. >>>> /^-----BEGIN CERTIFICATE-----$/ >>>> *** >>>> /^-----END CERTIFICATE-----$/ >>>> >>>> What else should I look for? I was thinking about validating with some extra >>>> values in the request, for example ip/domain:port and sni. >>>> Are these available in some way? >>> >>> >>> The details you need are all here: >>> >>> >>> <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator> >>> >>> Notice that it receives chains of certificates - maybe several, and/or >>> out of order. Whatever the client sends. >>> >>> >>> Amos >>> _______________________________________________ >>> squid-users mailing list >>> squid-users@xxxxxxxxxxxxxxxxxxxxx >>> http://lists.squid-cache.org/listinfo/squid-users >>> >>> _______________________________________________ >>> squid-users mailing list >>> squid-users@xxxxxxxxxxxxxxxxxxxxx >>> http://lists.squid-cache.org/listinfo/squid-users >>> >> > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users