[squid-users] Squid 3.4.8 Reverse with multiple SSL Sites and multiple Certs/Domains

Maik Linnemann maik.linnemann at modelco.de
Thu Apr 13 07:43:06 UTC 2017


Thanks for clarification and support the free work/world! i already tried nginx and it seems doing its job. I will keep an eye on squid 4 and what was said about the issues. 
________________________________________
Von: Amos Jeffries [squid3 at treenet.co.nz]
Gesendet: Donnerstag, 13. April 2017 00:56
An: Maik Linnemann; squid-users at lists.squid-cache.org
Betreff: Re: AW: [squid-users] Squid 3.4.8 Reverse with multiple SSL Sites and multiple Certs/Domains

On 13/04/2017 7:13 a.m., Maik Linnemann wrote:
> I figured out that nginx is able to do what i want, at least SNI and
> multiple certs. I am forced to try that in the meantime. Also i will
> check varnish. Is there any realistic date when SNI is available in
> reverse proxy with squid? Is there anyone coding at all for that
> feature?
>

I've been working on it as part of the  GnuTLS support in Squid-4.
https_port can now be configured with multiple cert= key= parameter
pairs. But loading any past the first pair with OpenSSL builds is still
missing.

I _think_ all that is left now (for OpenSSL builds) is to alter that
logic loading cert= files into the server context. But I have not
investigated those details closely yet.

My focus in the 'free' work is getting GnuTLS working for Debian/Ubuntu
and refactoring for more easy porting to other backend libraries in
future (Fedora, RHEL and Apple want other libraries). I intend for SNI
to be usable out of the box with GnuTLS builds. Someone may do OpenSSL
changes to match by the time it goes public - I cannot test it so that
depends on others.

Amos



More information about the squid-users mailing list