On Fri, Dec 5, 2014 at 8:56 AM, sven falempin <sven.falem...@gmail.com> wrote:
> Index: Makefile.inc > =================================================================== > RCS file: /cvs/ports/www/squid/Makefile.inc,v > retrieving revision 1.9 > diff -u -p -r1.9 Makefile.inc > --- Makefile.inc 15 May 2014 21:24:33 -0000 1.9 > +++ Makefile.inc 5 Dec 2014 13:54:30 -0000 > @@ -66,6 +66,7 @@ CONFIGURE_ARGS+= ${CONFIGURE_SHARED} \ > --enable-referer-log \ > --enable-removal-policies="lru heap" \ > --enable-ssl \ > + --enable-ssl-crtd \ > --with-openssl \ > --enable-storeio="aufs ufs diskd" \ > --with-default-user="_squid" \ > > > > because, why not ? > > # ./squid-3.4.6/build-amd64/src/ssl/ssl_crtd -h > usage: ssl_crtd -hv -s ssl_storage_path -M storage_max_size > -h Help > -v Version > -s ssl_storage_path Path to specific disk storage of ssl server > certificates. > -M storage_max_size max size of ssl certificates storage. > -b fs_block_size File system block size in bytes. Need for > processing > natural size of certificate on disk. > Default value is > 2048 bytes. > > After running write requests in the next format: > <request code><whitespace><body_len><whitespace><body> > There are two kind of request now: > new_certificate 13 host=host.dom > Create new private key and selfsigned certificate for "host.dom". > new_certificate xxx host=host.dom > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > -----BEGIN RSA PRIVATE KEY----- > ... > -----END RSA PRIVATE KEY----- > Create new private key and certificate request for "host.dom" > Sign new request by received certificate and private key. > usage: ssl_crtd -c -s ssl_store_path > -c Init ssl db directories and exit. > > > > > > Dear ports, Me again,,, is it possible than sslbump from squid has some problem with libTLS ? All i got from my sslbump config is that my certifcate are invalid. Best regards, -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\