Thank you for this information. Please could you tell me how to force use of client certificates ? I want squid to reject connections without client certificates authenticated by my CA certificate.
Regards, Laurent Derrien Henrik Nordstrom <[EMAIL PROTECTED]> 27/08/2003 19:07 Pour : [EMAIL PROTECTED], [EMAIL PROTECTED] cc : Objet : Re: [squid-users] user_cert in Squid 3.0 PRE3 On Wednesday 27 August 2003 05.12, [EMAIL PROTECTED] wrote: > The configuration is good without client certificate ACL. > But connections always fail when I activate the user_cert ACL. I > guess I don't use the right syntax. > The help in squid.conf is not detailed enough for me : > # acl aclname user_cert attribute values... > # # match against attributes in a user SSL certificate > # # attribute is one of DN/C/O/CN/L/ST > Could you help me with examples ? > > Here are the main lines of my squid.conf : > > https_port 443 defaultsite=192.168.x.x protocol=http > cert=rproxy.crt key=rproxy.key cafile=myca.crt > sslflags=DELAYED_AUTH > cache_peer 192.168.x.x parent 80 0 originserver > acl Cert_OK user_cert CN="Laurent Derrien" > http_access allow Cert_OK > http_access deny all Delayed/acl triggered SSL certificate negotiations is not yet implemented. For now the use of client certificates is all or none. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]