]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e81c1c) | patch
Validate the shortest certificate chain
authorChristos Tsantilas <christos@chtsanti.net>
Mon, 4 Dec 2017 10:07:10 +0000 (12:07 +0200)
committerAmos Jeffries <yadij@users.noreply.github.com>
Mon, 4 Dec 2017 15:09:29 +0000 (04:09 +1300)
commit998063281edb62893a6cf522adbca8b4e5092ecc
tree7f8a6444d6e463413c51715bdb3b8ded666d9daetree
parent9e81c1c54d1be3d9b7d49a2b1d9e8efd8f997b31commit | diff
Validate the shortest certificate chain

Do not download remote certificate for issuer X if the received server
certificate (signed by X) can be validated using a locally available CA
certificate. According to our tests, a typical browser does not follow
'CA Issuers' references to download 'missing' certificates when the
browser can validate the origin server certificate (or its chain) using
a local CA certificate. Avoiding unnecessary validations and downloads
not only saves time, but can prevent validation failures as well!

This is Measurement Factory project
src/security/PeerConnector.cc diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
src/ssl/support.h diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git