Hi Nathan,
The patch works.
However I believe It is not good idea to configure SSL_CTX objects while
we are setting parameters to an SSL object.
A SSL_CTX object is common to many SSL objects.
Instead of setting SSL_CTX object from
configureSSLUsingPkeyAndCertFromMemory I am suggesting a new method
"configureUnconfigureCTX()" which does the job:
Then inside client_side use:
bool ret = Ssl::configureSSLUsingPkeyAndCertFromMemory(...);
if (!ret)
debugs(33, 5, "mpla mpla");
SSL_CTX *sslContext = SSL_get_SSL_CTX(ssl);
ret = configureUnconfigureCTX(sslContext,..., signAlgorithm)
OR
Ssl::configureSSL(ssl, certProperties, *port))
SSL_CTX *sslContext = SSL_get_SSL_CTX(ssl);
ret = configureUnconfigureCTX(sslContext,..., signAlgorithm)
Probably the above should be wrapped to a new method.
Or maybe a new function which its name says that both CTX and SSL
objects are modified.
On 04/30/2015 08:11 AM, Nathan Hoad wrote:
Hello,
I am running Squid with SSL bump in bump and splice mode, and I've
observed that this mode does not append the signing certificate or any
chained certificates to the certificate chain presented to the client.
With old bump mode, Squid adds the signing certificate and any other
chained certificates to the SSL context. With bump and splice mode,
these certificates are not added. Attached is a patch that adds these
certificates for bump and spliced connections.
Thank you,
Nathan.
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
