]> git.ipfire.org Git - thirdparty/squid.git/commit - src/ssl/support.cc
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f518cf) | patch
Validate the shortest certificate chain (#84)
authorChristos Tsantilas <christos@chtsanti.net>
Fri, 1 Dec 2017 17:54:17 +0000 (19:54 +0200)
committerGitHub <noreply@github.com>
Fri, 1 Dec 2017 17:54:17 +0000 (19:54 +0200)
commit9fdbe1654dadc2dbb66472146af57e2a2609ebd3
tree11347be7626cf795157e4cae2c6ef82bafe02e29tree | snapshot
parent6f518cf0acdd672d69e34ff10716244302a11475commit | diff
Validate the shortest certificate chain (#84)

Do not download remote certificate for issuer X if the received server
certificate (signed by X) can be validated using a locally available CA
certificate. According to our tests, a typical browser does not follow
'CA Issuers' references to download 'missing' certificates when the
browser can validate the origin server certificate (or its chain) using
a local CA certificate. Avoiding unnecessary validations and downloads
not only saves time, but can prevent validation failures as well!

This is Measurement Factory project
src/security/PeerConnector.cc diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
src/ssl/support.h diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git