diff options
| author | Wong Hoi Sing Edison <hswong3i@pantarei-design.com> | 2021-04-25 10:38:14 +0800 |
|---|---|---|
| committer | Wong Hoi Sing Edison <hswong3i@pantarei-design.com> | 2021-04-25 11:03:54 +0800 |
| commit | dbda77686d5dccb3d3999ed2e7dec18aab11fff8 (patch) | |
| tree | 92d7f34161b9e176fab068be6f2c1b01762a8fb9 | |
| parent | 9c6fc23e01a2227770659d0060dbabb491fdff67 (diff) | |
squid: Enable dynamic SSL certificate generation
Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
| -rw-r--r-- | net/squid/Config.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/squid/Config.in b/net/squid/Config.in index bcc072f18..eeeb856ab 100644 --- a/net/squid/Config.in +++ b/net/squid/Config.in @@ -25,7 +25,7 @@ if PACKAGE_squid config SQUID_enable-ssl-crtd bool "Enable dynamic SSL certificate generation " depends on !SQUID_use-gnutls - default n + default y config SQUID_auth-basic bool "Enable the Basic authentication scheme" |