From: Guy Helmer Date: Sat, 21 Jul 2012 03:39:52 +0000 (-0600) Subject: Bug 3484: Docs: sslproxy_cert_error example flawed X-Git-Tag: SQUID_3_1_21~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b2a3f9b80049e5216f9e0128788db2220af78c0;p=thirdparty%2Fsquid.git Bug 3484: Docs: sslproxy_cert_error example flawed This is still far from perfect because dstdomain is not really a FAST ACL either: Its documentation says that it becomes slow on IP addresses. --- diff --git a/src/cf.data.pre b/src/cf.data.pre index 724a9be1ea..7798a5bc30 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1711,11 +1711,11 @@ DOC_START Use this ACL to bypass server certificate validation errors. For example, the following lines will bypass all validation errors - when talking to servers located at 172.16.0.0/16. All other + when talking to servers for example.com. All other validation errors will result in ERR_SECURE_CONNECT_FAIL error. - acl BrokenServersAtTrustedIP dst 172.16.0.0/16 - sslproxy_cert_error allow BrokenServersAtTrustedIP + acl BrokenButTrustedServers dstdomain example.com + sslproxy_cert_error allow BrokenButTrustedServers sslproxy_cert_error deny all This clause only supports fast acl types.