On 12/19/19 5:56 AM, PatrĂcia Sousa wrote: > I would like to have an IoT device that only receives and sends requests > to and from certain devices that belong and are authenticated by a > specific certificate authority. Is it possible to block all other > connections or only allow connections from devices that belong to a > specific CA?
Yes, I believe it is possible: * Squid can check (via an https_port configuration option) that a TLS client possesses a certificate signed by a specific CA. * Squid can check (via a ca_cert ACL) that a TLS server uses a certificate signed by a specific CA. This ACL can be applied during SslBump step3 processing, but there may be a way to sneak it in without using SslBump (or such a way can be added by modifying Squid). If ca_cert options are not enough, Squid can check other server certificate properties via a custom certificate validation daemon (which you would have to write). Or one could add support for more properties to the ca_cert ACL. Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
