Re: [squid-users] Cache Peer Redirection Based on User Certificate

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Sat, 28 Dec 2013 15:43:00 +0200

I am still not sure what you are trying to achieve..

 From the docs at:
http://www.squid-cache.org/Doc/config/acl/

acl aclname user_cert attribute values...
   # match against attributes in a user SSL certificate
   # attribute is one of DN/C/O/CN/L/ST [fast]

It is only there for a basic inspection of the user SSL certificate...
the same goes for:
acl aclname ca_cert attribute values...
   # match against attributes a users issuing CA SSL certificate
   # attribute is one of DN/C/O/CN/L/ST [fast]

It is there since 3.1 and the respective aspect on the client side is on
the side of the "client" which we are talking about "squid" in the
manner of making squid as a client and user while the "end user" cannot
send squid certificates for now.

Squid is not a VPN system which allows specific clients access to a
specific level of the system since it's a very fast piece of software.
All these levels of SSL connection is not to be used inside of squid.

I must say that I am not the SSL expert and if you need more information
on the matter it's pretty simple to ask about the whole subject to
understand it properly.(feel free to contact me or anyone else)

Regards,
Eliezer

On 28/12/13 15:15, Waldemar Siebert wrote:
> Hello,
>
> what about acl user_cert?
>
> It works with http_access, but not with cache_peer_access. See Log bellow
> I use Squid 3.1.8
>
> Thanks
> Walt
Received on Sat Dec 28 2013 - 13:48:13 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 28 2013 - 12:00:06 MST