On 3/10/23 7:19 PM, Peter Hucker wrote:
Somebody mentioned if Boinc accesses the internet through a proxy (and I already have it going through squid to cache data) I can get the proxy to disable this. Is this possible and how?
As Amos said, it depends.I would assume that you could use something like Squid's TLS intercepting capability to present current certificates from a locally trusted root CA to the Boinc client.
I think the biggest hurtle will be getting Squid to accept expired certificates from upstream servers and / or expired root certificates needed by upstream servers. Maybe there are some knobs that can be twiddled to allow this.
There might be other ways to address this. This starts to get into black hat TLS busting methodology, but for what seems to be a white hat reason.
-- Grant. . . . unix || die
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users