[squid-dev] [PATCH] Fetch missing certificates
Christos Tsantilas
christos at chtsanti.net
Mon Jul 11 16:18:57 UTC 2016
Patch description
~~~~~~~~~~~~~~~~~~~
Many web servers do not have complete certificate chains. Many browsers
use certificate extensions of the server certificate and download the
missing intermediate certificates automatically from the Internet.
This patch add this feature to Squid.
The information for missing issuer certificates provided by the
Authority Information Access X509 extension. This describes the format
and location of additional informations provided by the issuer of the
certificate.
Notes
~~~~~~~
A preview of this patch was discussed under the mail thread:
"[PREVIEW] Fetch missing certificates"
The part of the original patch, which implemented the new SSL handshake
messages parser has already applied to trunk as a separate patch.
This patch includes a Downloader class which implemented as independent
AsyncJob class (in the initial patch was a ConnStateData kid).
Currently runs an other related discussion under the mail thread "Care
and feeding of ConnStateData", but I believe that this discussion does
not affect a decision about applying or not the Downloader class. It is
related to a FUTURE design for the ConnStateData/Esi/Downloade classes
(under a common parent class or not)
More detailed description can be found in patch preamble.
This is a Measurement Factory project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-112-fetch-certificates-t2.patch
Type: text/x-patch
Size: 73052 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160711/0fa9b4ee/attachment-0001.bin>
More information about the squid-dev
mailing list