Squid 配置指令 sslproxy_cert_error

可用版本:   v6   v5   v4   3.5   3.4   3.3   3.2   3.1  

此指令在 Squid 的 v8 版本中不可用。

对于 v5 之前的旧版本,请参阅以上链接页面。

配置详情

选项名称sslproxy_cert_error
替代
要求--with-openssl
默认值服务器证书错误将终止事务。
建议配置 

      		
    

    

      

	Use this ACL to bypass server certificate validation errors.

	For example, the following lines will bypass all validation errors
	when talking to servers for example.com. All other
	validation errors will result in ERR_SECURE_CONNECT_FAIL error.

		acl BrokenButTrustedServers dstdomain example.com
		sslproxy_cert_error allow BrokenButTrustedServers
		sslproxy_cert_error deny all

	This clause only supports fast acl types.
	See https://wiki.squid.org.cn/SquidFaq/SquidAcl for details.
	Using slow acl types may result in server crashes

	Without this option, all server certificate validation errors
	terminate the transaction to protect Squid and the client.

	SQUID_X509_V_ERR_INFINITE_VALIDATION error cannot be bypassed
	but should not happen unless your OpenSSL library is buggy.

	SECURITY WARNING:
		Bypassing validation errors is dangerous because an
		error usually implies that the server cannot be trusted
		and the connection may be insecure.

	See also: sslproxy_flags and DONT_VERIFY_PEER.



      		
    

    
 

  



返回

    	
 
	

		
 

		
简介

		
		
文档

		
		
支持

		
		
杂项