On 07/13/2013 09:01 AM, Eliezer Croitoru wrote: > I was thinking about adding a small "setup" script for the ssl_crtd that > creates the PEM and DER files based on the wiki. > any ideas regarding doing that and how?
Do you mean providing a script that creates a root certificate for signing fake certificates? If yes, please note that is not tied to ssl_crtd because that root certificate is needed even when the admin is not using ssl_crtd to optimize fake certificate generation (by placing that generation outside of Squid workers). It would be rather tricky to script the process of generating a good root certificate IMO because different environments will require different fields to be set. In most cases, it is a good idea to create a "super secure" root certificate and then use that root certificate to create a "less secure" Squid signing certificate. I do not want to discourage you from trying to automate this complex process, but I am also worried that providing a script that creates a overly simple, insecure root certificate will not make things better. > Another issue is the SMP support out of the box in the RPM. > When you compile you need to create a directory for the IPC stuff and I > was thinking of adding it into the RPM spec file. I agree with Amos that this bug is best solved in Squid Makefile(s). Patches welcome! Cheers, Alex.
