with 3.5.15, I have this config:
---8<---
https_port 8443 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB \
cert=/etc/squid/ssl/proxy.pem \
key=/etc/squid/ssl/proxy.key \
cafile=/etc/squid/ssl/proxy.pem
--->8---
proxy.pem is the concatenation of both the CA cert (intermediate) followed by the root cert (my offline CA). Best i can tell, all of it is sent back to the client (generated cert, intermediate and root CA).
HTH
Jok
On Thu, Apr 7, 2016 at 10:59 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 7/04/2016 5:25 a.m., Nicolaas Hyatt wrote:
> Amos,
> Thanks for your quick response and your time. I have not yet messed with
> 4.0. Is this something that may find its way into the 3.x stable branch
> at some point?
>
Maybe. I am reliant on the guys doing OpenSSL code (aka. Christos) to
test the backporting though. So it will depend on whether he thinks its
important enough.
I'm hopeful, but no guarantees.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
