]> git.ipfire.org Git - thirdparty/squid.git/commit - src/SquidConfig.h
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dacb8f1) | patch
Complete certificate chains using external intermediate certificates
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Wed, 2 Dec 2015 19:45:15 +0000 (21:45 +0200)
committerChristos Tsantilas <chtsanti@users.sourceforge.net>
Wed, 2 Dec 2015 19:45:15 +0000 (21:45 +0200)
commit866be11cced134c6d9849462f2c12e387e141a9f
tree981b68fbeafcca9cd4c699098ea3ff6d2294f4a1tree | snapshot
parentdacb8f123e9c43c01e60cb09e8fb1df24224379acommit | diff
Complete certificate chains using external intermediate certificates
stored in sslproxy_foreign_intermediate_certs file.

Many origin servers do not send complete certificate chains. Many
browsers use certificate extensions in the server certificate to
download the missing intermediate certificates automatically from
the Internet. Squid does not do that (yet?).

This patch adds the sslproxy_foreign_intermediate_certs configuration directive
to allow an admin to supply a file with intermediate certificates that
Squid may use to complete certificate chains. These intermediate
certificates are _not_ treated as trusted root certificates.

This is a Measurement Factory project.
src/SquidConfig.h diff | blob | blame | history
src/cache_cf.cc diff | blob | blame | history
src/cf.data.pre diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
src/ssl/support.h diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git