RE: [squid-users] Reverse proxy, SSL cert for each cache peer

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 11 Nov 2009 23:13:14 +0100

ons 2009-11-11 klockan 09:35 -0500 skrev Nick Duda:
> I fixed it, and its working, but I have one issue. It's always using
> the cert associated with the https_port directive, even when I get a
> match on the correct cache peer using another cert.

That's right.

SSL can only support one cert per ip:port acepting requests (https_port)

The certificate details you provide in cache_peer is for authentication
of your Squid to the peer, not related to clients connecting to your
Squid.

There is an extension to SSL that aims to allow the server to select the
right certificate based on the equested hostname. This is however not
yet supported by Squid.

Regards
Henrik
Received on Wed Nov 11 2009 - 22:13:24 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 12 2009 - 12:00:03 MST