openwrt-packages-dist

squid: Enable dynamic SSL certificate generation

Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07

Description:

Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    ssl_bump splice all

In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
    ssl_bump stare all
    ssl_bump bump all

This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>

lilik-openwrt-22.03

Wong Hoi Sing Edison 3 years ago

parent

9c6fc23e01

commit

dbda77686d

No known key found for this signature in database GPG Key ID: F0D6A60644E28D3

1 changed files with 1 additions and 1 deletions

Split View

							
								+ 1
								
								- 1
							
net/squid/Config.inView File
								
					@ -25,7 +25,7 @@ if PACKAGE_squid
				
						config SQUID_enable-ssl-crtd
				
							bool "Enable dynamic SSL certificate generation "
				
							depends on !SQUID_use-gnutls
				
							default n
				
							default y
				
						config SQUID_auth-basic
				
							bool "Enable the Basic authentication scheme"

squid: Enable dynamic SSL certificate generation

+ 1 - 1 net/squid/Config.in View File

+ 1

- 1
net/squid/Config.in View File