[squid-dev] security_file_certgen protocol

Alex Rousskov rousskov at measurement-factory.com
Thu Sep 22 15:36:02 UTC 2022


On 9/22/22 10:03, ngtech1ltd at gmail.com wrote:

> I am trying to write a service like security_file_certgen as a daemon that will be communicated  via a TCP or UNIX Socket.
> However, it’s a bit hard for me now to grasp the STDIN/STDOUT protocol of security_file_certgen.
> I remember vaguely that it involves reading from some string (else then new lines) to another and then sends back
> to stdout a certificate string.
> 
> So what are the parts of the request object and what are the parts of the response object?
> If I will grasp it I will be able to model it in a single ruby script.
> 
> I know this is not the first time I am asking about this and it’s harder for me that I forget such simple things.
> I will be thankful for any help with this.

The basic protocol syntax is documented at 
https://wiki.squid-cache.org/Features/AddonHelpers#SSL_certificate_generation

Beyond that, there is source code and actual traffic that you can 
analyze, of course, but there is no comprehensive documentation AFAICT.

Please note that Squid workers already communicate with these helpers 
via TCP or UNIX sockets. The helpers just do not know that because a 
forked intermediary process remaps those sockets to helper stdin/stdout 
descriptors. See `git grep -1 define.IPC_STREAM` and dup2() in ipcCreate().


HTH,

Alex.


More information about the squid-dev mailing list