10/3/2014

squid : sslproxy_cert_error configuration directive

squid-cache.org
Optimising Web Delivery

docs

download

donate

support

about

contact

shop

blog

Search

Squid configuration directive sslproxy_cert_error

Available in: 3.HEAD 3.4 3.3 3.2 3.1

search

History:
Changes in 3.1 sslproxy_cert_error

Introduction
About Squid Why Squid? Squid Developers How to Donate How to Help Out Getting Squid Squid Source Packages Squid Deployment CaseStudies Squid Software Foundation

New Access Control to selectively bypass server certificate validation errors. DEFAULT: None bypassed. For example, the following lines will bypass all validation errors when talking to servers located at 172.16.0.0/16. All other validation errors will result in ERR_SECURE_CONNECT_FAIL error. acl BrokenServersAtTrustedIP dst 172.16.0.0/16 sslproxy_cert_error allow BrokenServersAtTrustedIP sslproxy_cert_error deny all This option must use fast ACL expressions only. Expressions that use external lookups or communication result in unpredictable behavior or crashes. Without this option, all server certificate validation errors terminate the transaction. Bypassing validation errors is dangerous because an error usually implies that the server cannot be trusted and the connection may be insecure.

Documentation
Configuration: Reference Examples FAQ and Wiki Guide Books: Beginners Definitive Non-English M ore...

Configuration Details:
Option Name: Replaces: Requires: Default Value: Suggested Config:
--enable-ssl Server certificate errors terminate the transaction.

sslproxy_cert_error

Support
Security Advisories Bugzilla Database M ailing lists Contacting us Commercial services Project Sponsors Squid-based products U s et h i sA C Lt ob y p a s ss e r v e rc e r t i f i c a t ev a l i d a t i o ne r r o r s . F o re x a m p l e ,t h ef o l l o w i n gl i n e sw i l lb y p a s sa l lv a l i d a t i o ne r r o r s w h e nt a l k i n gt os e r v e r sf o re x a m p l e . c o m .A l lo t h e r v a l i d a t i o ne r r o r sw i l lr e s u l ti nE R R _ S E C U R E _ C O N N E C T _ F A I Le r r o r . a c lB r o k e n B u t T r u s t e d S e r v e r sd s t d o m a i ne x a m p l e . c o m s s l p r o x y _ c e r t _ e r r o ra l l o wB r o k e n B u t T r u s t e d S e r v e r s s s l p r o x y _ c e r t _ e r r o rd e n ya l l T h i sc l a u s eo n l ys u p p o r t sf a s ta c lt y p e s . S e eh t t p : / / w i k i . s q u i d c a c h e . o r g / S q u i d F a q / S q u i d A c lf o rd e t a i l s . U s i n gs l o wa c lt y p e sm a yr e s u l ti ns e r v e rc r a s h e s

http://www.squid-cache.org/Doc/config/sslproxy_cert_error/

1/2

10/3/2014

squid : sslproxy_cert_error configuration directive

Miscellaneous
Developer Resources Related Writings Related Software: Authenticators Ecap Icap Ident Log Analysis M onitor Proxies Redirectors General Squid Artwork Back

W i t h o u tt h i so p t i o n ,a l ls e r v e rc e r t i f i c a t ev a l i d a t i o ne r r o r s t e r m i n a t et h et r a n s a c t i o nt op r o t e c tS q u i da n dt h ec l i e n t . S Q U I D _ X 5 0 9 _ V _ E R R _ I N F I N I T E _ V A L I D A T I O Ne r r o rc a n n o tb eb y p a s s e d b u ts h o u l dn o th a p p e nu n l e s sy o u rO p e n S S Ll i b r a r yi sb u g g y . S E C U R I T YW A R N I N G : B y p a s s i n gv a l i d a t i o ne r r o r si sd a n g e r o u sb e c a u s ea n e r r o ru s u a l l yi m p l i e st h a tt h es e r v e rc a n n o tb et r u s t e d a n dt h ec o n n e c t i o nm a yb ei n s e c u r e . S e ea l s o :s s l p r o x y _ f l a g sa n dD O N T _ V E R I F Y _ P E E R .

Web Site Translations

Japanese

Mirrors
Website: at eu gr gr il jp nl pl us za ... full list

FTP Package Archive

$Id: footer .inc,v 1.37 2013/05/09 06:37:55 squidadm Ex p $ Design by Fr ee CSS Templates. Template customisation by Alex Daw son and Adr ian Chadd. Icons fr om "Silk" collection by Mar k James of famfamfam.com All w eb content licensed under Cr eative Commons Attr ibution Shar ealike 2.5 License

http://www.squid-cache.org/Doc/config/sslproxy_cert_error/

2/2