Squid configuration directive sslproxy_cert_error
Available in: v7 v6 v5 v4 3.5 3.4 3.3 3.2 3.1
For older versions than v4 see the linked pages above
Configuration Details:
Option Name: | sslproxy_cert_error |
---|---|
Replaces: | |
Requires: | --with-openssl |
Default Value: | Server certificate errors terminate the transaction. |
Suggested Config: |
|
Use this ACL to bypass server certificate validation errors. For example, the following lines will bypass all validation errors when talking to servers for example.com. All other validation errors will result in ERR_SECURE_CONNECT_FAIL error. acl BrokenButTrustedServers dstdomain example.com sslproxy_cert_error allow BrokenButTrustedServers sslproxy_cert_error deny all This clause only supports fast acl types. See https://wiki.squid-cache.org/SquidFaq/SquidAcl for details. Using slow acl types may result in server crashes Without this option, all server certificate validation errors terminate the transaction to protect Squid and the client. SQUID_X509_V_ERR_INFINITE_VALIDATION error cannot be bypassed but should not happen unless your OpenSSL library is buggy. SECURITY WARNING: Bypassing validation errors is dangerous because an error usually implies that the server cannot be trusted and the connection may be insecure. See also: sslproxy_flags and DONT_VERIFY_PEER. |
|
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products