Re: [squid-users] SSLBump

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 30 Nov 2011 13:41:22 +1300

 On Tue, 29 Nov 2011 10:57:25 -0500, Roman Gelfand wrote:
> In case of certificate error, is it possible to redirect to another
> page describing the certificate with a choice/hyperlink to view the
> page or not.
>
> Thanks in advance

 Not in the current implementation. At the point of detection Squid and
 client are already halfway through the SSL handshake. We are restricted
 to SSL internal protocol error states instead of HTTP ones.

 It would only be possible with the BumpServerFirst feature (not yet
 added or even started AFAIK). Since the client handshake is not started
 at that point. Client certificate errors will remain problematic.

 Amos
Received on Wed Nov 30 2011 - 00:41:25 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 30 2011 - 12:00:03 MST