From: Amos Jeffries Date: Thu, 23 Jun 2011 00:03:25 +0000 (-0600) Subject: Add man(8) file for ssl_crtd X-Git-Tag: take08~55^2~106 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb2b9f7ea02ce5b9ad62b9168df4ba97de3846ec;p=thirdparty%2Fsquid.git Add man(8) file for ssl_crtd --- diff --git a/mksnapshot.sh b/mksnapshot.sh index 8254362159..eca97fd420 100755 --- a/mksnapshot.sh +++ b/mksnapshot.sh @@ -112,7 +112,7 @@ if (groff --help >/dev/null); then if [ ! -d ${tmpdir}/doc/manuals ] ; then mkdir -p ${tmpdir}/doc/manuals fi - for f in `ls -1 ${tmpdir}/helpers/*/*/*.8 ${tmpdir}/src/*.8 ${tmpdir}/tools/*.1 ${tmpdir}/tools/*.8 ./helpers/*/*/*.8 2>/dev/null` ; do + for f in `ls -1 ${tmpdir}/helpers/*/*/*.8 ${tmpdir}/src/*.8 ${tmpdir}/src/*/*.8 ${tmpdir}/tools/*.1 ${tmpdir}/tools/*.8 ./helpers/*/*/*.8 2>/dev/null` ; do cp $f ${tmpdir}/doc/manuals/ done for f in `ls -1 ${tmpdir}/doc/manuals/*.1 ${tmpdir}/doc/manuals/*.8 2>/dev/null` ; do diff --git a/src/ssl/Makefile.am b/src/ssl/Makefile.am index ed161ba367..e73e9db059 100644 --- a/src/ssl/Makefile.am +++ b/src/ssl/Makefile.am @@ -6,7 +6,10 @@ noinst_LTLIBRARIES = libsslsquid.la libsslutil.la EXTRA_PROGRAMS = \ ssl_crtd -EXTRA_DIST = stub_libsslsquid.cc stub_libsslutil.cc +EXTRA_DIST = \ + stub_libsslsquid.cc \ + stub_libsslutil.cc \ + ssl_crtd.8 if USE_SSL_CRTD SSL_CRTD = ssl_crtd diff --git a/src/ssl/ssl_crtd.8 b/src/ssl/ssl_crtd.8 new file mode 100644 index 0000000000..9f98fa4000 --- /dev/null +++ b/src/ssl/ssl_crtd.8 @@ -0,0 +1,169 @@ +.if !'po4a'hide' .TH ssl_crtd 8 +. +.SH NAME +.if !'po4a'hide' .B ssl_crtd +.if !'po4a'hide' \- +SSL certificate generator. +.PP +Version 1.0 +. +.SH SYNOPSIS +.if !'po4a'hide' .B ssl_crtd +.if !'po4a'hide' .B [\-dhv] +. +.if !'po4a'hide' .B ssl_crtd +.if !'po4a'hide' .B "[\-d] -s " +directory +.if !'po4a'hide' .B [\-M +size +.if !'po4a'hide' .B ] +. +.if !'po4a'hide' .B ssl_crtd +.if !'po4a'hide' .B "[\-d] \-c \-s " +directory +.if !'po4a'hide' .B [\-n] +serial number +. +.if !'po4a'hide' .B ssl_crtd +.if !'po4a'hide' .B "[\-d] \-g \-s " +directory +. +.SH DESCRIPTION +.B ssl_crtd +is an installed binary. +.PP +Because the generation and signing of SSL certificates takes time +Squid must use external process to handle the work. +. +This process generates new SSL certificates and uses a disk cache of certificatess +to improve response times on repeated requests. +Communication occurs via TCP sockets bound to the loopback interface. +. +.SH OPTIONS +.if !'po4a'hide' .TP 12 +.if !'po4a'hide' .B \-b fs_block_size +File system block size in bytes. Needed for processing natural size of certificate on disk. +Default value is 2048 bytes. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-c +Initialize the SSL storage database and exit. +Requires the +.B -s +option to determine the storage location being created. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-d +Write debug info to stderr. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-g +Display the current serial number using stderr and exit. +Requires +.B \-s +option to determine which storage directory the serial is located in. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-h +Display the binary help and command line syntax info using stderr. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-s directory +Directory path of disk storage for new SSL certificates. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-M size +Maximum size of SSL certificate disk storage. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-n serial number +HEX +.B "serial number " +to use when initializing an SSL storage database. +The default value of serial number is the number of seconds since Epoch minus 1200000000. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-v +Display the binary version details using stderr. +. +.SH KNOWN ISSUES +.PP +The version 1.0 of this helper will not add chained intermediate CA certificates. +The client must have a full chain of trust from the root CA all the way +down to the end certificate generated by this program. +. +Signing with an intermediate CA needs to install both the +root and the intermediate public CA on the clients. +. +.SH CONFIGURATION +.PP +Before this helper can be used the storage area for new certificates must be initialized manually. +This is done from the command line using the +.B \-c +parameters. +. +.PP +For example: +.if !'po4a'hide' .RS +.if !'po4a'hide' .B ssl_crtd -c -s /var/lib/ssl_db +.if !'po4a'hide' .RE +. +.PP +For simple configuration the helper defaults can be used. +Only HTTP listening port options are required to enable generation and set the signign CA certificate. +For Example: +.if !'po4a'hide' .RS +.if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem +.if !'po4a'hide' .RE +. +.PP +For more customized configuration the helper certificate storage directory location and size can be altered with the +.B sslcrtd_program +configuration directive. +For example: +.if !'po4a'hide' .RS +.if !'po4a'hide' .B sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB +.if !'po4a'hide' . +.if !'po4a'hide' .B sslcrtd_children 5 +.if !'po4a'hide' .RE +. +.SH AUTHOR +This program was written by +.if !'po4a'hide' .I Christos Tsantilas +.PP +This manual was written by +.if !'po4a'hide' .I Christos Tsantilas +.if !'po4a'hide' .I Amos Jeffries +. +.SH COPYRIGHT +This program and documentation is copyright to the authors named above. +.PP +Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). +. +.SH QUESTIONS +Questions on the usage of this program can be sent to the +.I Squid Users mailing list +.if !'po4a'hide' +. +.SH REPORTING BUGS +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid-cache.org/ +.PP +Report serious security bugs to +.I Squid Bugs +.PP +Report ideas for new improvements to the +.I Squid Developers mailing list +.if !'po4a'hide' +. +.SH SEE ALSO +.if !'po4a'hide' .BR squid "(8), " +.if !'po4a'hide' .BR GPL "(7), " +.br +The Squid FAQ wiki +.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq +.br +The Squid Configuration Manual +.if !'po4a'hide' http://www.squid-cache.org/Doc/config/