[squid-users] Squid 3.4.8 Reverse with multiple SSL Sites and multiple Certs/Domains
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 12 22:56:22 UTC 2017
On 13/04/2017 7:13 a.m., Maik Linnemann wrote:
> I figured out that nginx is able to do what i want, at least SNI and
> multiple certs. I am forced to try that in the meantime. Also i will
> check varnish. Is there any realistic date when SNI is available in
> reverse proxy with squid? Is there anyone coding at all for that
> feature?
>
I've been working on it as part of the GnuTLS support in Squid-4.
https_port can now be configured with multiple cert= key= parameter
pairs. But loading any past the first pair with OpenSSL builds is still
missing.
I _think_ all that is left now (for OpenSSL builds) is to alter that
logic loading cert= files into the server context. But I have not
investigated those details closely yet.
My focus in the 'free' work is getting GnuTLS working for Debian/Ubuntu
and refactoring for more easy porting to other backend libraries in
future (Fedora, RHEL and Apple want other libraries). I intend for SNI
to be usable out of the box with GnuTLS builds. Someone may do OpenSSL
changes to match by the time it goes public - I cannot test it so that
depends on others.
Amos
More information about the squid-users
mailing list