I can confirm that this configuration works as requested with the configuration Jok Thuau had posted with the latest version 3.5.16.
Thank you so much for the response and the assistance. On Thu, Apr 7, 2016 at 1:15 PM, Jok Thuau <j...@spikes.com> wrote: > with 3.5.15, I have this config: > > ---8<--- > https_port 8443 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=64MB \ > cert=/etc/squid/ssl/proxy.pem \ > key=/etc/squid/ssl/proxy.key \ > cafile=/etc/squid/ssl/proxy.pem > --->8--- > > proxy.pem is the concatenation of both the CA cert (intermediate) followed > by the root cert (my offline CA). Best i can tell, all of it is sent back to > the client (generated cert, intermediate and root CA). > > HTH > Jok > > > > > On Thu, Apr 7, 2016 at 10:59 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: >> >> On 7/04/2016 5:25 a.m., Nicolaas Hyatt wrote: >> > Amos, >> > Thanks for your quick response and your time. I have not yet messed with >> > 4.0. Is this something that may find its way into the 3.x stable branch >> > at some point? >> > >> >> Maybe. I am reliant on the guys doing OpenSSL code (aka. Christos) to >> test the backporting though. So it will depend on whether he thinks its >> important enough. >> >> I'm hopeful, but no guarantees. >> >> Amos >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
