Regards, Ming
Sounds like it could work, but I don't know with openssl if it's even possible to generate a cert that has already expired!
Alex
E.g. if the server cert has expired, sign an expired squid cert to the
browser. At least this will reproduce the same behavior as if the
sslbump is not turned on. The browser will warn the certificate problem
and the user can proceed at his own risk. The squid administrator can be
kept out of the loop in dealing with not so well maintained server
certificate.
- [squid-users] SslBump and bad cert Ming Fu
- Re: [squid-users] SslBump and bad cert Alex Crow
- RE: [squid-users] SslBump and bad cert Ming Fu
- Re: [squid-users] SslBump and bad cert Amos Jeffries
- RE: [squid-users] SslBump and bad cert Ming Fu
- Re: [squid-users] SslBump and bad cert Amos Jeffries
- RE: [squid-users] SslBump and bad ... Ming Fu
- RE: [squid-users] SslBump and ... Amos Jeffries
