fre 2011-10-21 klockan 16:49 +0300 skrev Tsantilas Christos:
> With this change, Squid may send the signing certificate (along with the
> generated one) using the following rules:
>
> * If the configured signing certificate is self-signed,
> then just send the generated certificate alone.
> Note that root CA certificates are self-signed (by root CA).
>
> * Otherwise (i.e., if the configured signing certificate is an
> intermediate CA certificate), send both the intermediate CA
> and the generated fake certificate.
To be complete one needs to be able to specify the certificate chain.
This because there may be a chain of certificates with more than one
intermediary ca level.
But the above is a good and reasonable approximation.
Regards
Henrik
Received on Mon Oct 24 2011 - 06:28:09 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 24 2011 - 12:00:07 MDT