Hi Michal,
Thank you for the interest in improving Squid.
Please be aware that we are already up to working on Squid version 8,
and are not supporting versions older than v7.
If possible, please submit as a github pull request against the "master"
branch at <https://github.com/squid-cache/squid>.
Otherwise, older patches may still be of interest to our downstream
vendors. Please feel free to post them here as attachments that others
can pick up. In this case, ensure each patch adds your name+email to the
CONTRIBUTORS file.
Amos Jeffries
The Squid Software Foundation
On 17/09/25 01:49, Michal Rybarik wrote:
Dear Squid developers,
thank you for all your effort and work on Squid.
I’ve created several patches to improve dynamic SSL certificate
generation for modern browser compatibility. The patches are for Squid
4, but most should also apply to Squid 5 and 6. Would you be interested
in reviewing and possibly merging them (with adjustments if needed)?
Main improvements:
- Correct generation of certificates mimicked from self-signed certs
(use |CA:FALSE| instead of |CA:TRUE|).
- Add SAN when missing (derived from CN), as modern browsers require SAN.
- Proper generation of certificates for IP addresses.
- Improved setCommonName functionality, so valid certificates for DNS/IP
are generated in intercept/tproxy modes too.
Thank you again, and I wish you all the best.
--
Regards,
Michal Rybarik
_______________________________________________
squid-dev mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-dev
_______________________________________________
squid-dev mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-dev
