git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Alex Rousskov <rousskov@measurement-factory.com>
	Tue, 19 Mar 2019 20:30:55 +0000 (20:30 +0000)
committer	Amos Jeffries <yadij@users.noreply.github.com>
	Thu, 11 Apr 2019 19:58:25 +0000 (07:58 +1200)
commit	d8ed845f6c365a73d4d8778644c5dbb19ad6c7d4
tree	19434e1708271870d2250105fce9cb96161dfefa	tree
parent	771908d313ee9c255adfb5e4fdba4d6797c18409	commit \| diff

When using OpenSSL, trust intermediate CAs from trusted stores (#383)

According to [1], GnuTLS and NSS do that by default.

Use case: Chrome and Mozilla no longer trust Semantic root CAs _but_
still trust several whitelisted Semantic intermediate CAs[2]. Squid
built with OpenSSL cannot do that without X509_V_FLAG_PARTIAL_CHAIN.

[1] https://www.openldap.org/lists/openldap-devel/201506/msg00012.html
[2] https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec

Mirror of https://github.com/squid-cache/squid.git

RSS Atom

src/security/PeerOptions.cc		diff \| blob \| blame \| history
src/security/PeerOptions.h		diff \| blob \| blame \| history
src/security/ServerOptions.cc		diff \| blob \| blame \| history
src/tests/stub_libsecurity.cc		diff \| blob \| blame \| history