Search squid archive

Re: Trying to set up SSL cache - solved!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> > What is the replacement for client-first?
> 
> A "good" answer depends on what exactly you are trying to achieve; 
> details matter. A "dumb" answer (i.e. a direct replacement without 
> considering your true needs and Squid bugs) is:
> 
>    ssl_bump bump all

That's what I had tried first, and was banging my head on the wall for hours trying to get it to work right--though the "ssl_bump peek" was in there also, on the suggestion of various tutorials. Now I just tried it again, with only that line...and it works perfectly! No problem. SMH... 

This tutorial situation is really out of control. Sadly, this is what can be expected to happen when the syntax is changed with every version. Now we're in a real mess. I hope the Squid developers will make up their minds on how they want the syntax to be structured, build it that way, then LEAVE IT ALONE!

> > I prefer to handle the certificate validation externally
> 
> It is a common need. Squid supports external certificate validator 
> programs (a.k.a. helpers). Look for sslcrtvalidator_program in 
> squid.conf.documented. For communication details, see the following 
> wikip age and src/security/cert_validators/fake/
> 
> https://wiki.squid-cache.org/Features/AddonHelpers

Awesome! That's very useful. 

Thanks a lot for your help!

-- 
Dave Blanchard <dave@xxxxxxxxxxx>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux