OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: netranger on May 27, 2017, 01:15:06 pm

Title: Webproxy accepting revoked certificates
Post by: netranger on May 27, 2017, 01:15:06 pm

Hi guys,

I was playing around with HTTPS interception and noticed that the webproxy seems to accept revoked certificates (see screenshot revoked_interception.PNG).

If I disable HTTPS interception and try the testpage again, my browser blocks this page (see screenshot revoked_nointerception.PNG).

Is there something I can do to block those certificates using the webproxy? Other certificates, for example expired ones, get blocked correctly.

Cheers,
Netranger

Title: Re: Webproxy accepting revoked certificates
Post by: fabian on May 27, 2017, 01:44:45 pm

This post says this is an OpenSSL problem (hard to bring openssl to do the check): http://lists.squid-cache.org/pipermail/squid-users/2015-October/005894.html