Squid configuration directive sslproxy_cert_error

Available in: 4   3.5   3.4   3.3   3.2   3.1  

For older versions than 3.3 see the linked pages above

Configuration Details:

Option Name:sslproxy_cert_error
Replaces:
Requires:--with-openssl
Default Value:Server certificate errors terminate the transaction.
Suggested Config:

	Use this ACL to bypass server certificate validation errors.

	For example, the following lines will bypass all validation errors
	when talking to servers for example.com. All other
	validation errors will result in ERR_SECURE_CONNECT_FAIL error.

		acl BrokenButTrustedServers dstdomain example.com
		sslproxy_cert_error allow BrokenButTrustedServers
		sslproxy_cert_error deny all

	This clause only supports fast acl types.
	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
	Using slow acl types may result in server crashes

	Without this option, all server certificate validation errors
	terminate the transaction to protect Squid and the client.

	SQUID_X509_V_ERR_INFINITE_VALIDATION error cannot be bypassed
	but should not happen unless your OpenSSL library is buggy.

	SECURITY WARNING:
		Bypassing validation errors is dangerous because an
		error usually implies that the server cannot be trusted
		and the connection may be insecure.

	See also: sslproxy_flags and DONT_VERIFY_PEER.

 

Back

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors