Re: [squid-users] Re: ssl support

From: alp <[email protected]>
Date: Tue, 17 Dec 2002 18:49:40 +0100

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "alp" <alpheus@gmx.de>
Cc: <squid-users@squid-cache.org>
Sent: Friday, December 13, 2002 9:06 AM
Subject: Re: [squid-users] Re: ssl support

> The ssl-update is mainly of interest when Squid acts as a ssl-gateway.
>
> CONNECT has always been available in Squid and does not really care
> the least about about SSL. CONNECT just establishes a tunnel via the
> proxy. How this tunnel is used is mainly up to the client and server.
> The intention is that CONNECT should be used for tunneling of SSL
> connections via a HTTP proxy but it does not enforce that SSL is what
> is being tunneled.
>
>
> The ssl-update allows Squid to both act as a SSL server requesting
> client certificates and to act as a SSL client optionally providing
> its client certificate to upstream servers.
>
> The parameters you can specify in the https_port directive relates to
> the SSL server capability of Squid. If you want Squid to request
> certificates you must tell which CAs these may belong to.
>
> The parameters you can specify in the cache_peer directive relates to
> the SSL client capabilities while talking to SSL enabled cache peers
> such as the https_port of another Squid.
>
> The ssl_proxy_.. directives relates to Squid acting as a SSL client
> when requested to retrieve a https://... URL. Note that this is NOT
> related to the CONNECT method.
>
> Regards
> Henrik
>
>
> On Friday 13 December 2002 07.39, alp wrote:
> > hi,
> > i am not sure if i have understood this correctly.
> > the ssl-update: is it for ssl-tunneling (via connect method) or
> > also for squid acting as a ssl-gateway.
> > can i use with the ssl-update (and squid as ssl-gateway) not only
> > server certificates on squid but also accepting client
> > certificates. or is the update only useful for ssl-tunneling?
> >
> > moreover: i installed the ssl-patch and saw that a lot of new
> > ssl-parameters have been added together with a brief description.
> > but is there anywhere a documentation how to use them? e.g.:
> > "clientca" in relation to the https_port directive. (how have these
> > cas to be used in squid.conf???)
> > so it means to me that these client certificates may be used
> > together with ssl-gateway functionality!?
> >
> > in addition, there are a lot new directives (ssl_proxy...). what is
> > the difference between these and the above mentioned concerning
> > ssl-gateway (cleintca, capath,...)
> >
> > sorry for all these questions...but thx in advance,
> > alp
>

hi thx so far.
i installed the patch successfully. my question now: if i have a ca called
"CA", which signed my client certificate. how do i configure squid then to
accept this client certificate? by using the clientca directive to a
textfile with writing "CA" into it???

thx,
alp
Received on Tue Dec 17 2002 - 10:50:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:07 MST