On Wed, Dec 15, 2010 at 7:01 PM, Karoly Negyesi <karoly_at_negyesi.net> wrote:
> Hi,
>
> I am trying to set up Squid to use SSL user certifications for auth.
> My attempt is http://paste.pocoo.org/show/305243/ here but the
>
> acl clientcert user_cert O Organization name
> http_access allow clientcert
>
> rule seemingly does not kick in. I get The request CONNECT
> www.example.com:443 is DENIED, because it matched 'all'
While I'm not an SSL expert, I guess the rule doesn't kick in because
your squid is not really using encryption.
It's doing plain HTTP tunneling, it never sees the cert really.
I guess that the documentation may be clearer and specify that this is
really only useful for reverse-proxy scenarios.
It is not a limitation by squid, but it is a limitation of all known browsers.
-- /kinkieReceived on Wed Dec 15 2010 - 18:36:57 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 16 2010 - 12:00:03 MST