24.01.2017 0:06, Marcus Kool пишет: > > > On 23/01/17 15:31, Alex Rousskov wrote: >> On 01/23/2017 04:28 AM, Yuri wrote: >> >>> 1. How does it work? >> >> My response below and the following commit message might answer some of >> your questions: >> >> http://bazaar.launchpad.net/~squid/squid/5/revision/14769 > > This seems that the feature only goes to Squid 5. Will it be ported > to Squid 4 ? > >>> I.e., where downloaded certs stored, how it >>> handles, does it saves anywhere to disk? >> >> Missing certificates are fetched using HTTP[S]. Certificate responses >> should be treated as any other HTTP[S] responses with regard to caching. >> For example, if you have disk caching enabled and your caching rules >> (including defaults) allow certificate response caching, then the >> response should be cached. Similarly, the cached certificate will >> eventually be evicted from the cache following regular cache maintenance >> rules. When that happens, Squid will try to fetch the certificate again >> (if it becomes needed again). >> >> >>> 2. How this feature is related to sslproxy_foreign_intermediate_certs, >>> how it can interfere with it? >> >> AFAICT by looking at the code, Squid only downloads certificates that >> Squid is missing when trying to build a complete certificate chain for a >> given server connection. Any sslproxy_foreign_intermediate_certs are >> used as needed during the chain building process (i.e., they are _not_ >> "missing"). > > I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659 > a week ago but there has not been any activity. > Is there someone who has sslproxy_foreign_intermediate_certs > working in Squid 4.0.17 ? Seems works as by as in 3.5.x. As I can see. > > Thanks, > Marcus > > [snip] > >> HTH, >> >> Alex. >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
