[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] SSLBump
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2011-11-30 0:41:22
Message-ID: c4bdbe14ca60c25644b95a4d40bdf74b () treenet ! co ! nz
[Download RAW message or body]

 On Tue, 29 Nov 2011 10:57:25 -0500, Roman Gelfand wrote:
> In case of certificate error, is it possible to redirect to another
> page describing the certificate  with a choice/hyperlink to view the
> page or not.
>
> Thanks in advance


 Not in the current implementation. At the point of detection Squid and 
 client are already halfway through the SSL handshake. We are restricted 
 to SSL internal protocol error states instead of HTTP ones.

 It would only be possible with the BumpServerFirst feature (not yet 
 added or even started AFAIK). Since the client handshake is not started 
 at that point. Client certificate errors will remain problematic.


 Amos
[prev in list] [next in list] [prev in thread] [next in thread]