Re: [squid-users] squid accelerator and HTTPS

From: Henrik Nordstrom <[email protected]>
Date: Fri, 24 Oct 2003 23:01:00 +0200 (CEST)

On Fri, 24 Oct 2003, Don Pandori wrote:

> I saw the post for this subject I just wanted to know if there was going
> to be any enhancement made to SQUID to not have to run it with the -N
> option for passphrase key-in.

I have not planned any changes in this area, but if someone else does
something decent I have no problem adding it to Squid.

There is however a somewhat of a technical difficulty in that Squid has
not even read the configuration file before it backgrounds itself when the
-N option is not used.

It should not be too hard to add a configuration option for specifying the
key passphrase, but then you may just as well have the key unencrypted.

Please note that there has already been some important changes after
Squid-2.5 to make the key management a little more secure. Squid now reads
the key before changing userid or chrooting, allowing your to have the
keys stored only readable by root and outside the chroot jail where Squid
is normally running. I do not remember off-hand if this is in the
Squid-2.5 SSL update or just in Squid-3.

Regards
Henrik
Received on Fri Oct 24 2003 - 15:05:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:39 MST