On 07/13/2013 09:01 AM, Eliezer Croitoru wrote:
> I was thinking about adding a small "setup" script for the ssl_crtd that
> creates the PEM and DER files based on the wiki.
> any ideas regarding doing that and how?
Do you mean providing a script that creates a root certificate for
signing fake certificates? If yes, please note that is not tied to
ssl_crtd because that root certificate is needed even when the admin is
not using ssl_crtd to optimize fake certificate generation (by placing
that generation outside of Squid workers).
It would be rather tricky to script the process of generating a good
root certificate IMO because different environments will require
different fields to be set. In most cases, it is a good idea to create a
"super secure" root certificate and then use that root certificate to
create a "less secure" Squid signing certificate. I do not want to
discourage you from trying to automate this complex process, but I am
also worried that providing a script that creates a overly simple,
insecure root certificate will not make things better.
> Another issue is the SMP support out of the box in the RPM.
> When you compile you need to create a directory for the IPC stuff and I
> was thinking of adding it into the RPM spec file.
I agree with Amos that this bug is best solved in Squid Makefile(s).
Patches welcome!
Cheers,
Alex.
Received on Mon Jul 15 2013 - 05:33:21 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 15 2013 - 12:00:53 MDT