[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: Re: [squid-users] SSLBump
From: Amos Jeffries <squid3 () treenet ! co ! nz>
Date: 2011-11-30 0:41:22
Message-ID: c4bdbe14ca60c25644b95a4d40bdf74b () treenet ! co ! nz
[Download RAW message or body]
On Tue, 29 Nov 2011 10:57:25 -0500, Roman Gelfand wrote:
> In case of certificate error, is it possible to redirect to another
> page describing the certificate with a choice/hyperlink to view the
> page or not.
>
> Thanks in advance
Not in the current implementation. At the point of detection Squid and
client are already halfway through the SSL handshake. We are restricted
to SSL internal protocol error states instead of HTTP ones.
It would only be possible with the BumpServerFirst feature (not yet
added or even started AFAIK). Since the client handshake is not started
at that point. Client certificate errors will remain problematic.
Amos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic