On 10/02/2014 04:10 AM, Amos Jeffries wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/10/2014 5:17 a.m., Tsantilas Christos wrote:
Hi all,
This patch add support for the "Validate server certificates
without bumping" use case described on the Peek and Splice wiki
page: http://wiki.squid-cache.org/Features/SslPeekAndSplice
This patch send to the certificate validation helper the
certificates and errors found in SslBump3 step, even if the
splicing mode selected. In the case the validation helper found
errors in certificates an error page returned to the http client.
Any particular reason driving this addition?
I think I can see some impact neding it but you should outline your
reasons for the commit.
We are supporting certs validation for ssl bumped requests.
The certificates validation required because:
1) Not all of the certificate errors are dangerous to the user.
2) System admin may want to block some serious server certificate
errors
The validation helper allow analyzing the errors and decide to ingore
them or abort immediately the connection.
This patch makes possible to do server certificates validation, without
the need to bump the connection.
NP: have not yet reviewed the patch itself.
OK.
Amos
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
