git.ipfire.org Git - thirdparty/squid.git/commit

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Fri, 18 Dec 2015 11:11:53 +0000 (00:11 +1300)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 18 Dec 2015 11:11:53 +0000 (00:11 +1300)
commit	c398aa3f300160944d8681e674aa41ad65fd1e08
tree	7eaa2a67a9e6b1339bcdf5c72c043f19a979376b	tree
parent	7ef5d4d2f0479e5ade3b82eb1832f9d0d8e1d525	commit \| diff

Complete certificate chains using external intermediate certificates

... stored in sslproxy_foreign_intermediate_certs PEM file.

Many origin servers do not send complete certificate chains. Many
browsers use certificate extensions in the server certificate to
download the missing intermediate certificates automatically from
the Internet. Squid does not do that (yet?).

This patch adds the sslproxy_foreign_intermediate_certs configuration directive
to allow an admin to supply a file with intermediate certificates that
Squid may use to complete certificate chains. These intermediate
certificates are _not_ treated as trusted root certificates.

This is a Measurement Factory project.

doc/release-notes/release-3.5.sgml		diff \| blob \| blame \| history
src/SquidConfig.h		diff \| blob \| blame \| history
src/cache_cf.cc		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history
src/ssl/support.h		diff \| blob \| blame \| history