[squid-dev] Any code pointers to get sending certificate chain from squid reverse proxy with gnutls?

dsuh dsuhpublic at gmail.com
Sat May 1 00:04:16 UTC 2021


I found the fork that fixes this from the end of 2019 and it works for me.
Not sure when this will be merged into master, but this fork is usable for
me.

https://github.com/squid-cache/squid/pull/458
https://github.com/yadij/squid/tree/v5-gnutls-chainload

On Wed, Apr 28, 2021 at 11:09 PM dsuh <dsuhpublic at gmail.com> wrote:

> I have hit a wall as I want to listen on one https_port for 3 different
> server key/cert chains.
> Previous message about 2 years ago says this has not been implemented yet.
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/sending-certificate-chain-from-squid-reverse-proxy-td4687986.html
>
> I am looking at what it would take to get cert chains working.
> I think the credentials are set for gnutls TLS handshake
> with gnutls_credentials_set() call in CreateSession() in Session.cc
> So, I think that ctx is used for session data for gnutls and also for
> context data for openssl?
> I think I kind of got lost on how I can make sure a cert chain (instead of
> just the server cert) is set in ctx.
> Any direction on where the server cert chain should be set for gnutls TLS
> handshake would be appreciated.
>
> David Suh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20210430/8b459d01/attachment.htm>


More information about the squid-dev mailing list