-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/01/2015 8:20 p.m., Steve Hill wrote: > On 21/01/15 18:39, Eliezer Croitoru wrote: > >>> but not using ssl_crtd >> What are using if not ssl_crtd? > > Squid generates the certificates internally if ssl_crtd isn't > turned on at compile time. I've not seen any information > explaining the pros and cons of each approach (I'd welcome any > input!). > Squid only *generates* server certificates using that helper. If you are seeing the log lines "Generating SSL certificate" they are incorrect when not using the helper. The non-helper bumping is limited to using the configured http(s)_port cert= and key= contents. In essence only doing client-first or peek+splice SSL-bumping styles. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwLFSAAoJELJo5wb/XPRj8OQIAIRtSks7fQaXRZYvMLhrT3EL Kn+AKOg1opYqjmQyIZIWOZYTW61675deiPkQUxjWj//4hU9QegKwsmyDpfyqjOkq GfCbR8mQxu6Z4h/+ECYMmKpj7/iXlmMz9ri9fRxjaDqNJdQWnRPrUkJeKvD6hTM5 x9P6TBYiOeVCg5yySUheLH335z3akrjKKYlML3nJzDuzHhP7lObzhjjbfZqJC6rr 6l5aSfaTA7Oh9wbeSCLBu71IDGAlFgzt9iC0gNefG9tqlcofxWBZNRrs2JGdzmQG lHnbwof5t/hQVpo+tiZY8ZqYxcmWtjIu/hvzBnRjbs6eUr+F0mCdWexgGh6Ts+A= =IOlx -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
