On 30/11/10 23:16, Tsantilas Christos wrote:
>
> Hi all,
> This patch adds an interface to allow Squid error responses to contain
> detailed information about SSL certificate verification failure. For
> example, the error message may contain the following text:
>
> "Server Certificate Verification Failed: Certificate Common Name
> (www.lufthansa.com) does not match the host name you are connecting to
> (www.lufthansa.de)."
>
> Supplying SSL error details is useful to end-users if the user can
> bypass errors or communicate with proxy operators to update Squid's
> whitelists.
>
> For more informations please look inside patch documentation.
>
> This is a Measurement Factory project.
>
> Regards,
> Christos
(I'm still not here for a day or so, will check the patch then).
Right now I just want to raw your attention to %Z which is for use as an
internal error messages like this.
Doing the Ssl recursion logic in the case where err_msg is empty for %Z
seems to be possible without adding a new code to existing page.
Alternatively, ESI appears to be the only code using err_msg. You could
followup with a patch which alters ESI to use the same *::ErrorDetails
recursion API and drop err_msg entirely. :)
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Wed Dec 01 2010 - 11:16:29 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 13 2010 - 12:00:05 MST