Search squid archive

Re: sslcrtvalidator_program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alex sorry,

There is no connection between you or this sentence.
I don't know why these things keep popping up while I'm sending emails.
The AV should have blocked this proofing software from pasting things while I'm writing but,
sometimes the desktop works in mysteries ways.
... Delete the quoted sentence in the email...

Both of you indeed are answering so again thanks.
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx

-----Original Message-----
From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> 
Sent: Monday, December 14, 2020 9:31 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx>
Subject: Re:  sslcrtvalidator_program

On 12/14/20 2:15 PM, Eliezer Croitor wrote:

> I wrote a simple ruby helper but squid claims it crashes rapidly.

> Since probably nobody else is willing to do some pipelining job I
> assume it's on me...

> I understand what you are saying/writing but from what I see some in
> the market do not want to pay.

I am sorry, but you lost me here. I do not understand the connection
between your earlier questions (which Amos and I tried to answer) and
the above statements.

Alex.


> -----Original Message-----
> From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> 
> Sent: Monday, December 14, 2020 9:05 PM
> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx>
> Subject: Re:  sslcrtvalidator_program
> 
> On 12/14/20 1:55 PM, Eliezer Croitor wrote:
> 
>> We can use this as an example for a single transaction in the wiki:
>> https://gist.githubusercontent.com/elico/a0397c879776336eeae569317015edc1/raw/b34dff8ece76e480007a950655efff3564afcccc/cache.log
> 
>> Let me know if it's enough to document this subject.
> 
> I am not sure I understand your question -- the format is already
> documented. If you think that attaching an example of a raw helper
> request to that wiki page would help others, please feel free to do so!
> Just avoid the implication that all helper requests would have the same
> set of fields.
> 
> Alex.
> 
> 
>> -----Original Message-----
>> From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> 
>> Sent: Monday, December 14, 2020 6:42 PM
>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
>> Cc: Eliezer Croitor <ngtech1ltd@xxxxxxxxx>
>> Subject: Re:  sslcrtvalidator_program
>>
>> On 12/14/20 4:26 AM, Eliezer Croitor wrote:
>>> So starts with:
>>> 0 cert_validate... line
>>
>>> And ends with?:
>>> error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
>>> error_cert_0=cert0
>>> ?
>>
>> No. The size of the key=value block is specified on the first request
>> line. Please try to follow documentation that Amos has pointed you to:
>> https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator
>>
>> If that documentation is missing some details, we should fix it.
>>
>>
>>
>>> I am unsure, let me try to re-read this section.
>>> I am missing a fake helper for this..
>>> And a "real world" full example.
>>
>>> Can someone simulate it for me?
>>
>> Glad you found
>> src/security/cert_validators/fake/security_fake_certverify.pl.in. I hope
>> it still works!
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>>> -----Original Message-----
>>> From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries
>>> Sent: Monday, December 14, 2020 10:15 AM
>>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> Subject: Re:  sslcrtvalidator_program
>>>
>>> On 14/12/20 9:11 am, Eliezer Croitor wrote:
>>>> I am trying to understand the way the sslcrtvalidator_program  works.
>>>> I am pretty sure I have asked this in the past but didn’t found it for some
>>>> reason.
>>>>
>>>> I want to read line by line so.
>>>> /^-----BEGIN CERTIFICATE-----$/
>>>> ***
>>>> /^-----END CERTIFICATE-----$/
>>>>
>>>> What else should I look for? I was thinking about validating with some extra
>>>> values in the request, for example ip/domain:port and sni.
>>>> Are these available in some way?
>>>
>>>
>>> The details you need are all here:
>>>
>>>  
>>> <https://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator>
>>>
>>> Notice that it receives chains of certificates - maybe several, and/or 
>>> out of order. Whatever the client sends.
>>>
>>>
>>> Amos
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>
> 


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux