Re: [squid-users] SSL user certificate based access control

From: Kinkie <gkinkie_at_gmail.com>
Date: Wed, 15 Dec 2010 19:36:50 +0100

On Wed, Dec 15, 2010 at 7:01 PM, Karoly Negyesi <karoly_at_negyesi.net> wrote:
> Hi,
>
> I am trying to set up Squid to use SSL user certifications for auth.
> My attempt is http://paste.pocoo.org/show/305243/ here but the
>
> acl clientcert user_cert O Organization name
> http_access allow clientcert
>
> rule seemingly does not kick in. I get The request CONNECT
> www.example.com:443 is DENIED, because it matched 'all'

While I'm not an SSL expert, I guess the rule doesn't kick in because
your squid is not really using encryption.
It's doing plain HTTP tunneling, it never sees the cert really.

I guess that the documentation may be clearer and specify that this is
really only useful for reverse-proxy scenarios.
It is not a limitation by squid, but it is a limitation of all known browsers.

-- 
    /kinkie
Received on Wed Dec 15 2010 - 18:36:57 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 16 2010 - 12:00:03 MST