[squid-dev] [PATCH] support custom OIDs in *_cert ACLs

Amos Jeffries squid3 at treenet.co.nz
Tue May 26 10:02:39 UTC 2015


On 26/05/2015 9:26 p.m., Tsantilas Christos wrote:
> On 05/26/2015 12:10 PM, Amos Jeffries wrote:
>> On 26/05/2015 9:00 p.m., Tsantilas Christos wrote:
>>> Hi all,
>>>
>>> This patch allow user_cert and ca_cert ACLs to match arbitrary
>>> stand-alone OIDs (not DN/C/O/CN/L/ST objects or their substrings). For
>>> example, should be able to match certificates that have
>>> 1.3.6.1.4.1.1814.3.1.14 OID in the certificate Subject or Issuer field.
>>> Squid configuration would look like this:
>>>
>>>   acl User_Cert-TrustedCustomerNum user_cert 1.3.6.1.4.1.1814.3.1.14
>>> 1001
>>>
>>> This is a Measurement Factory project
>>>
>>>
>>
>> +1 anyway.
>>
>> Dont like the extra leak-ish part though. Does TidyPointer make sense
>> there?
> 
> No.
> It is not a memory leak.
> The OBJ_create just adds the OID in internal openSSL database of valid
> fields.  Even if the OID is not used after a reconfigure, still remains
> in this database. This is not a real problem unless someone add some
> thousands of these OIDs.
> But I do not believe that this is a real problem...
> 

Ah, okay. No problem then. This can go in whenever you wish.

Amos



More information about the squid-dev mailing list