[squid-users] Sending intermediate certificate with SSL-Bumped Certificate. (V3.5.1516-3-2-r14000)

Jok Thuau jok at spikes.com
Thu Apr 7 18:15:49 UTC 2016


with 3.5.15, I have this config:

---8<---
https_port 8443 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=64MB \
    cert=/etc/squid/ssl/proxy.pem \
    key=/etc/squid/ssl/proxy.key \
    cafile=/etc/squid/ssl/proxy.pem
--->8---

proxy.pem is the concatenation of both the CA cert (intermediate) followed
by the root cert (my offline CA). Best i can tell, all of it is sent back
to the client (generated cert, intermediate and root CA).

HTH
Jok




On Thu, Apr 7, 2016 at 10:59 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 7/04/2016 5:25 a.m., Nicolaas Hyatt wrote:
> > Amos,
> > Thanks for your quick response and your time. I have not yet messed with
> > 4.0. Is this something that may find its way into the 3.x stable branch
> > at some point?
> >
>
> Maybe. I am reliant on the guys doing OpenSSL code (aka. Christos) to
> test the backporting though. So it will depend on whether he thinks its
> important enough.
>
> I'm hopeful, but no guarantees.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160407/dc9580c7/attachment-0001.html>


More information about the squid-users mailing list