with 3.5.15, I have this config: ---8<--- https_port 8443 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB \ cert=/etc/squid/ssl/proxy.pem \ key=/etc/squid/ssl/proxy.key \ cafile=/etc/squid/ssl/proxy.pem --->8---
proxy.pem is the concatenation of both the CA cert (intermediate) followed by the root cert (my offline CA). Best i can tell, all of it is sent back to the client (generated cert, intermediate and root CA). HTH Jok On Thu, Apr 7, 2016 at 10:59 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 7/04/2016 5:25 a.m., Nicolaas Hyatt wrote: > > Amos, > > Thanks for your quick response and your time. I have not yet messed with > > 4.0. Is this something that may find its way into the 3.x stable branch > > at some point? > > > > Maybe. I am reliant on the guys doing OpenSSL code (aka. Christos) to > test the backporting though. So it will depend on whether he thinks its > important enough. > > I'm hopeful, but no guarantees. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users