git.ipfire.org Git - thirdparty/squid.git/commit

author	Dan Searle <dan@censornet.com>
	Fri, 19 Jan 2018 01:37:16 +0000 (01:37 +0000)
committer	Amos Jeffries <yadij@users.noreply.github.com>
	Fri, 19 Jan 2018 09:04:36 +0000 (22:04 +1300)
commit	21f79b1f2dcfade2909d2a91d10092f1ac139a56
tree	55072f4987986f98026d5a7cf9b0bb945be9c3aa	tree
parent	84c91daff326be8ea1ec2d228fa4770a38014c40	commit \| diff

Bug 4631: security_file_certgen helper without disk cache (#95)

* disable the certificate DB disk cache if -s and -M command line options are omitted.

E.g. with this you can change squid.conf from:
sslcrtd_program security_file_certgen -s /var/lib/ssl_db -M 32MB
...to...
sslcrtd_program security_file_certgen

...and it will operate without the disk cache, generating certs fresh every time.

* Remove Ssl::CertificateDb::IsEnabledDiskStore()
Make the CertificateDb temporary objects dynamically allocated instead.

* Do command line checks in main() not the CertificateDb object.
This avoids a risky constructor exception and simplifies validity testing of parameters.

* Update man(8) documentation

The helper version is now 1.1. A minor version bump since it is being kept compatible with
installations using 1.0 properly but new feature available.

Also simplify the command line SYNOPSIS and incomplete mention of sslcrtd_* squid.conf directives.

src/security/cert_generators/file/certificate_db.cc		diff \| blob \| blame \| history
src/security/cert_generators/file/certificate_db.h		diff \| blob \| blame \| history
src/security/cert_generators/file/security_file_certgen.8.in		diff \| blob \| blame \| history
src/security/cert_generators/file/security_file_certgen.cc		diff \| blob \| blame \| history