This patch implements the certificate validation helper interface described at:
http://wiki.squid-cache.org/Features/SslServerCertValidator
The helper consulted after the internal OpenSSL validation, regardless of the
validation results. The helper will receive:
1) the origin server certificate [chain],
2) the intended domain name, and
3) a list of OpenSSL validation errors (if any).
If the helper decides to honor an OpenSSL error or report another validation
error(s), the helper will return:
1) A list of certificates.
2) A list of items consists the the validation error name (see %err_name
error page macro and %err_details logformat code), error reason
(%ssl_lib_error macro), and the offending certificate.
The returned information mimics what the internal OpenSSL-based validation code
collects now. Returned errors, if any, fed to sslproxy_cert_error, triggering
the existing SSL error processing code.
The helper invocation controlled by the "sslcrtvalidator_program" and
"sslcrtvalidator_children" configurations options which are similar to the
ssl_crtd related options.
A simple testing cert validation helper developed in perl included in this
patch. This helper just echo back the certificate errors.
This is a Measurement Factory Project