On 10/24/2011 09:28 AM, Henrik Nordström wrote:
fre 2011-10-21 klockan 16:49 +0300 skrev Tsantilas Christos:
With this change, Squid may send the signing certificate (along with the
generated one) using the following rules:
* If the configured signing certificate is self-signed,
then just send the generated certificate alone.
Note that root CA certificates are self-signed (by root CA).
* Otherwise (i.e., if the configured signing certificate is an
intermediate CA certificate), send both the intermediate CA
and the generated fake certificate.
To be complete one needs to be able to specify the certificate chain.
This because there may be a chain of certificates with more than one
intermediary ca level.
Hi Henrik,
I forgot to mention, but this patch support it. Someone can append in
the certificate file pointed by the "cert=" option all the required
certificates in the chain.
This is already supported by the https_port option.
But the above is a good and reasonable approximation.
Regards
Henrik
