[squid-users] Dynamic SSL certificate generation in intercept (transparent) mode.

From: Paweł Mojski <pawcio_at_pawcio.net>
Date: Wed, 04 May 2011 12:13:45 +0200

Hi.

I'm using squid ssl interception in transparent proxy mode. But, of
course I have problem with invalid common name in any ssl transaction. I
found this: "...We believe it is technically possible to implement
dynamic certificate generation for transparent connections. Doing so
requires turning Squid transaction handling steps upside down, so that
the secure connection with the server is established /before/ the secure
connection with the client. The implementation will be difficult, but it
will allow Squid to get the server name from the server certificate and
use that to generate a fake server certificate to give to the client.
Quality patches or sponsorships welcomed. ..." on squid wiki. So, maybe
there is a related point on a road-map right now? Or maybe wome
work-around usign 3rd-party application? I have to admit, i would be
very welcome feature for me.

Regards;

-- 
Pawel Mojski
Received on Wed May 04 2011 - 10:13:31 MDT

This archive was generated by hypermail 2.2.0 : Wed May 04 2011 - 12:00:02 MDT