]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 20fb357) | patch
Bug 3849: Duplicate certificate sent when using https_port
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Sun, 8 Sep 2013 10:48:51 +0000 (13:48 +0300)
committerChristos Tsantilas <chtsanti@users.sourceforge.net>
Sun, 8 Sep 2013 10:48:51 +0000 (13:48 +0300)
commita411d2130af47ffdd988f88affde10e30ab71368
tree4059b23f09d0c43d766f839bdb52aaeefbf86cf0tree | snapshot
parent20fb35716bddaf1cb13aefbd3647a37b8cffbd42commit | diff
Bug 3849: Duplicate certificate sent when using https_port

The certificate file given with the "cert=" option it may contain a list of
certificates to be chained to the SSL client, for example intermediate
certificates.
The bug caused because in the certificates  chain we are storing also the
certificate of the port. This is works well for SSL-bump because squid
generates a certificate which uses the port certificate as CA certificate.
But in the case of https_port without bumping the port certificate is sent
twice, one as SSL server certificate and one as chained certificate.

This patch try to chain port certificate only when the sslbump is used.

This is a Measurement Factory project
src/client_side.cc diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git