Well, well well... I FOUND IT !! Here is the solution : In fact, there is an error in the support_ssl.c source file : there is an inversion of 2 functions inside the function sslGetUserattribute and sslGetCAAttribute.
So, to make in work : 1 - open ssl_support.c 2 - Find the function sslGetUserAttribute 3 - In this function, replace the call to X509_get_issuer_name by the call to X509_get_subject_name 4 - Find the function sslGetCAAttribute 5 - In this function, replace the call to X509_get_subject_name by the call to X509_get_issuer_name function 6 - Compile Squid with SSL activated. In your configuration file squid.conf, the format of filtering for a certificate containing DN= CN=toto [EMAIL PROTECTED] should be the following : acl aclname1 user_cert DN /[EMAIL PROTECTED]/CN=toto : you do a filtering on the complete DN Another example if you filter only on the CN : acl aclname2 user_cert CN toto Regards, Max > -----Message d'origine----- > De : Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Envoy� : samedi 4 septembre 2004 16:10 > � : Fauquet, Xavier > Cc : 'Henrik Nordstrom'; '[EMAIL PROTECTED]' > Objet : RE: [squid-users] Trying too use user_cert acl with > SQUID 2.5 + > SSL patch > > > On Sat, 4 Sep 2004, Fauquet, Xavier wrote: > > >> http_access allow USER-ok > >> http_access deny USER-ko > >> http_access deny all > > > > I tried it and now everybody is denied. > > Suspected this. Your USER-ok is not matching the user. > > Regards > Henrik >
