On 18/02/2016 5:59 a.m., William Lima wrote: > Alex, > > I'll implement according to your instructions. > > William > > ----- Original Message ----- > From: "Alex Rousskov" <[email protected]> > To: [email protected] > Cc: "William Lima" <[email protected]> > Sent: Friday, January 15, 2016 8:31:40 PM > Subject: Re: [squid-dev] Patches proposal > > On 01/15/2016 11:25 AM, William Lima wrote: > >> I have two patches there might be useful, > > Thank you for sharing this useful code! > > >> one of them (Redis) needs >> some polishing if accepted. One adds the source (authenticated user >> or IP) parameter for Cert Validation and > > Supplying metadata to Squid helpers should be done using the > configurable "extras" concept instead of hard-coding an ever-growing > list of often-unused-by-others parameters. I believe that principle > should apply to certificate validation [and generation] helpers as well. > > Please see url_rewrite_extras and store_id_extras for implementation > examples. > > >> the other uses Redis for certificate caches. > > A polished version of this would be a very welcomed addition for busy > bumping proxies IMO! > > AFAICT, this polishing would require generalizing Ssl::CertificateDb > into a base class providing open/get/put/close API to ssl_crtd and > containing any code common to the supported db flavors. Two > Ssl::CertificateDb kids would then cover the two known flavors: > > * OpenSslDb: The current clunky on-disk OpenSSL cache (available if > ssl_crtd was built with OpenSSL headers/library); > > * RedisDb: A shiny Redis database client (available if ssl_crtd was > built with Redis headers/library). > > The selection between the two kids will be determined, in part, by a > command line option. >
FYI: the model we have for helpers is that each backend type is represented by a different helper binary that end-users configure to be used (or not). The OpenSSL local filesystem one is now called "security_file_certgen". A Redis DB helper would be "security_redis_certgen". Being able to build or omit helpers based on what the final environment contains is important for our redistributors and portability. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
