This patch add the sslproxy_cert_adapt option to squid.conf which gives to
squid administrators the required functionality to "fix" a known broken
certificate using acls.
Currently only the "Not After", "Not Before" and "Common Name" fields of a
certificate can be modified/fixed.
The sslproxy_cert_adapt option has the form:
sslproxy_cert_adapt <adaptation algorithm> acl ...
where <adaptation algorithm> is one of the setValidAfter, setValidBefore and
setCommonName.
setValidAfter: sets the "Not After" property to the signing cert's
"Not After" property.
setValidBefore: sets the "Not Before" property to the signing cert's
"Not After" property.
setCommonName: sets certificate Subject.CN property to the host name
from specified as a CN parameter (setCommonName{CN}) or,
if no explicit CN parameter was specified, extracted from
the CONNECT request
When the acl(s) match, the corresponding adaptation algorithm is applied to
the fake/generated certificate. Otherwise, the default mimicking action takes
place.