On Thu, 24 Feb 2022 15:07:53 -0500 Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > What is the replacement for client-first? > > A "good" answer depends on what exactly you are trying to achieve; > details matter. A "dumb" answer (i.e. a direct replacement without > considering your true needs and Squid bugs) is: > > ssl_bump bump all That's what I had tried first, and was banging my head on the wall for hours trying to get it to work right--though the "ssl_bump peek" was in there also, on the suggestion of various tutorials. Now I just tried it again, with only that line...and it works perfectly! No problem. SMH... This tutorial situation is really out of control. Sadly, this is what can be expected to happen when the syntax is changed with every version. Now we're in a real mess. I hope the Squid developers will make up their minds on how they want the syntax to be structured, build it that way, then LEAVE IT ALONE! > > I prefer to handle the certificate validation externally > > It is a common need. Squid supports external certificate validator > programs (a.k.a. helpers). Look for sslcrtvalidator_program in > squid.conf.documented. For communication details, see the following > wikip age and src/security/cert_validators/fake/ > > https://wiki.squid-cache.org/Features/AddonHelpers Awesome! That's very useful. Thanks a lot for your help! -- Dave Blanchard <dave@xxxxxxxxxxx> _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users