On 20/09/2012 9:40 a.m., wiki_at_wiki.squid-cache.org wrote:
> Dear Wiki user,
>
> You have subscribed to a wiki page or wiki category on "Squid Web Proxy Wiki" for change notification.
>
> The "Features/AddonHelpers" page has been changed by ChristosTsantilas:
> http://wiki.squid-cache.org/Features/AddonHelpers?action=diff&rev1=16&rev2=17
>
> Squid-3.1+ support:
> * SSL certificate generation (3.1.12.1 and later).
>
> + Proposed:
> + * SSL certificate generation
> +
Was this supposed to be "validation" instead of "generation" ?
>
> + === SSL server certificate validator ===
> +
> + ## start sslcrtvd protocol
> + This interface is similar to the SSL certificate generation interface.
> +
> + Input ''line'' received from Squid:
> + {{{
> + request size [body]
> + }}}
> +
Please make sure this interface is supporting concurrency. The helper
core routines do.
Which also makes me wonder why multiple certificates details are being
exchanged using ID suffixes on the keys instead of as submitted
individually down multiple concurrency channels?
> + /!\ ''line'' refers to a logical input. '''body''' may contain \n characters so each line in this format is delimited by a 0x01 byte instead of the standard \n byte.
> +
> + request::
> + The type of action being requested. Presently the code '''cert_validate''' is the only request made.
> +
> + size::
> + Total size of the following request bytes taken by the '''key=pair''' parameters and '''body'''.
> +
> + body::
> + Consist of key=value pairs.
In which case document the input format properly as:
request size [key-pairs]
no need to confuse people with an abstract "body" thing which even the
code won't mention.
> The supported key=value pairs are:
> + || host || FQDN host name or the domain ||
> + || errors || A comma separated list of the detected openSSL certificate validation errors ||
> + || cert_'''''ID''''' || Server certificate. The ID is an index number for this certificate. This parameter exist as many as the server certificates are||
What about tag= to tag the transaction with a meta low/group tag?
What about passing an existing transaction tag to the helper?
What about log= ? (ie a loggable compaction of all those errors)
> +
> + result::
> + The result code '''OK''' indicates that the certificate validation is successful. The result code '''ERROR''' indicates that an error occurred.
"ERR" is the standard result code opposite to "OK" (ie invalid
certificate on succcessful lookup). For helper internal errors please
use "BH" with a message= key-pair.
Amos
Received on Thu Sep 20 2012 - 06:40:15 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 20 2012 - 12:00:06 MDT