Dear Squid developers,
thank you for all your effort and work on Squid.
I’ve created several patches to improve dynamic SSL certificate
generation for modern browser compatibility. The patches are for Squid
4, but most should also apply to Squid 5 and 6. Would you be interested
in reviewing and possibly merging them (with adjustments if needed)?
Main improvements:
- Correct generation of certificates mimicked from self-signed certs
(use |CA:FALSE| instead of |CA:TRUE|).
- Add SAN when missing (derived from CN), as modern browsers require SAN.
- Proper generation of certificates for IP addresses.
- Improved setCommonName functionality, so valid certificates for DNS/IP
are generated in intercept/tproxy modes too.
Thank you again, and I wish you all the best.
--
Regards,
Michal Rybarik
_______________________________________________
squid-dev mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-dev
