On Fri, 24 Oct 2003, Don Pandori wrote: > I saw the post for this subject I just wanted to know if there was going > to be any enhancement made to SQUID to not have to run it with the -N > option for passphrase key-in.
I have not planned any changes in this area, but if someone else does something decent I have no problem adding it to Squid. There is however a somewhat of a technical difficulty in that Squid has not even read the configuration file before it backgrounds itself when the -N option is not used. It should not be too hard to add a configuration option for specifying the key passphrase, but then you may just as well have the key unencrypted. Please note that there has already been some important changes after Squid-2.5 to make the key management a little more secure. Squid now reads the key before changing userid or chrooting, allowing your to have the keys stored only readable by root and outside the chroot jail where Squid is normally running. I do not remember off-hand if this is in the Squid-2.5 SSL update or just in Squid-3. Regards Henrik
