[squid-dev] security_file_certgen protocol
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 22 15:36:02 UTC 2022
On 9/22/22 10:03, ngtech1ltd at gmail.com wrote:
> I am trying to write a service like security_file_certgen as a daemon that will be communicated via a TCP or UNIX Socket.
> However, it’s a bit hard for me now to grasp the STDIN/STDOUT protocol of security_file_certgen.
> I remember vaguely that it involves reading from some string (else then new lines) to another and then sends back
> to stdout a certificate string.
>
> So what are the parts of the request object and what are the parts of the response object?
> If I will grasp it I will be able to model it in a single ruby script.
>
> I know this is not the first time I am asking about this and it’s harder for me that I forget such simple things.
> I will be thankful for any help with this.
The basic protocol syntax is documented at
https://wiki.squid-cache.org/Features/AddonHelpers#SSL_certificate_generation
Beyond that, there is source code and actual traffic that you can
analyze, of course, but there is no comprehensive documentation AFAICT.
Please note that Squid workers already communicate with these helpers
via TCP or UNIX sockets. The helpers just do not know that because a
forked intermediary process remaps those sockets to helper stdin/stdout
descriptors. See `git grep -1 define.IPC_STREAM` and dup2() in ipcCreate().
HTH,
Alex.
More information about the squid-dev
mailing list