From ad6712d42fcdbe7f27bb60ef05d9c4d54afb20d7 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Sun, 25 Apr 2021 10:38:14 +0800 Subject: [PATCH] squid: Enable dynamic SSL certificate generation Maintainer: @neheb / @BKPepe / @zhanhb Compile tested: ipq806x, generic, netgear_r7800, master Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07 Description: Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`): https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on ssl_bump splice all In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration: https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB ssl_bump stare all ssl_bump bump all This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode. Signed-off-by: Wong Hoi Sing Edison (cherry picked from commit dbda77686d5dccb3d3999ed2e7dec18aab11fff8) --- net/squid/Config.in | 2 +- net/squid/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/squid/Config.in b/net/squid/Config.in index bcc072f18e..eeeb856aba 100644 --- a/net/squid/Config.in +++ b/net/squid/Config.in @@ -25,7 +25,7 @@ if PACKAGE_squid config SQUID_enable-ssl-crtd bool "Enable dynamic SSL certificate generation " depends on !SQUID_use-gnutls - default n + default y config SQUID_auth-basic bool "Enable the Basic authentication scheme" diff --git a/net/squid/Makefile b/net/squid/Makefile index c54f23735b..1efd94b658 100644 --- a/net/squid/Makefile +++ b/net/squid/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squid PKG_VERSION:=4.12 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://www3.us.squid-cache.org/Versions/v4/ \