[squid-dev] Patches proposal

William Lima william.lima at hscbrasil.com.br
Wed Feb 17 16:59:39 UTC 2016


Alex,

I'll implement according to your instructions.

William

----- Original Message -----
From: "Alex Rousskov" <rousskov at measurement-factory.com>
To: squid-dev at lists.squid-cache.org
Cc: "William Lima" <william.lima at hscbrasil.com.br>
Sent: Friday, January 15, 2016 8:31:40 PM
Subject: Re: [squid-dev] Patches proposal

On 01/15/2016 11:25 AM, William Lima wrote:

> I have two patches there might be useful, 

Thank you for sharing this useful code!


> one of them (Redis) needs
> some polishing if accepted. One adds the source (authenticated user
> or IP) parameter for Cert Validation and 

Supplying metadata to Squid helpers should be done using the
configurable "extras" concept instead of hard-coding an ever-growing
list of often-unused-by-others parameters. I believe that principle
should apply to certificate validation [and generation] helpers as well.

Please see url_rewrite_extras and store_id_extras for implementation
examples.


> the other uses Redis for certificate caches.

A polished version of this would be a very welcomed addition for busy
bumping proxies IMO!

AFAICT, this polishing would require generalizing Ssl::CertificateDb
into a base class providing open/get/put/close API to ssl_crtd and
containing any code common to the supported db flavors. Two
Ssl::CertificateDb kids would then cover the two known flavors:

* OpenSslDb: The current clunky on-disk OpenSSL cache (available if
ssl_crtd was built with OpenSSL headers/library);

* RedisDb: A shiny Redis database client (available if ssl_crtd was
built with Redis headers/library).

The selection between the two kids will be determined, in part, by a
command line option.


Would you be willing to implement the above changes to your patches?


Thank you,

Alex.



More information about the squid-dev mailing list