On 23/01/17 15:31, Alex Rousskov wrote:
On 01/23/2017 04:28 AM, Yuri wrote:
1. How does it work?
My response below and the following commit message might answer some of
your questions:
http://bazaar.launchpad.net/~squid/squid/5/revision/14769
This seems that the feature only goes to Squid 5. Will it be ported to Squid 4 ?
I.e., where downloaded certs stored, how it
handles, does it saves anywhere to disk?
Missing certificates are fetched using HTTP[S]. Certificate responses
should be treated as any other HTTP[S] responses with regard to caching.
For example, if you have disk caching enabled and your caching rules
(including defaults) allow certificate response caching, then the
response should be cached. Similarly, the cached certificate will
eventually be evicted from the cache following regular cache maintenance
rules. When that happens, Squid will try to fetch the certificate again
(if it becomes needed again).
2. How this feature is related to sslproxy_foreign_intermediate_certs,
how it can interfere with it?
AFAICT by looking at the code, Squid only downloads certificates that
Squid is missing when trying to build a complete certificate chain for a
given server connection. Any sslproxy_foreign_intermediate_certs are
used as needed during the chain building process (i.e., they are _not_
"missing").
I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659
a week ago but there has not been any activity.
Is there someone who has sslproxy_foreign_intermediate_certs
working in Squid 4.0.17 ?
Thanks,
Marcus
[snip]
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
