From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Wed, 5 Dec 2012 14:18:13 +0000 (+0200)
Subject: SSL server certificate fingerprint ACL type
X-Git-Tag: SQUID_3_4_0_1~458
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42d3334;p=thirdparty%2Fsquid.git

SSL server certificate fingerprint ACL type

This patch add the "server_ssl_cert_fingerprint" acl type to match against
server SSL certificate fingerprint.
The new acl type has the form:
  acl aclname server_ssl_cert_fingerprint [-sha1] fingerprint1 ...

The fingerprint must given in the form:
    XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
where X are any valid hexadecimal number

Example usage:
acl BrokeServer dst 192.168.1.23
acl GoodCert server_ssl_cert_fingerprint AB:2A:82:AF:46:AE:1F:31:21:74:65:BF:56:47:25:D1:87:51:41:AE
sslproxy_cert_error allow BrokeServer GoodCert
sslproxy_cert_error deny all

This is a Measurement Factory project
---

42d33344c68b7e2d42984c88b5b92dceca8e8b5b