Project

General

Profile

Actions
Copy link

Feature #10605

closed

Add certificates from Trusted Store to Squid cert store

Added by Viktor Gurov almost 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Squid
Target version:
-
Start date:
05/28/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

PfSense 2.5 has the 'add to Trust Store' feature #4068, which allows you to add pfSense certificates to /etc/ssl/certs
It would be nice to add these certificates to the Squid /usr/local/share/certs certificate store:
https://github.com/pfsense/FreeBSD-ports/blob/ca039b812ec217cfad08f7812ac1dc4e3174a640/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L178

Related issues

Related to Bug #12738: Squid ignores CA Trust StoreResolved

Actions
Actions
Copy link
 #1

Updated by Viktor Gurov almost 4 years ago

  • Subject changed from Add certificates from Trusted Store to to Add certificates from Trusted Store to Squid cert store
Actions
Copy link
 #2

Updated by Viktor Gurov over 3 years ago

"Extra Trusted CA" option to select the CA certificate that is used by the upstream SSL/MITM proxy:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/19

Actions
Copy link
 #3

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #4

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions
Copy link
 #5

Updated by Viktor Gurov about 3 years ago

  • Status changed from Feedback to New

works fine on 2.5, but produces php error on 2.4.5 if 'Extra Trusted CA' != none:

PHP Errors:
[08-Feb-2021 13:03:17 Europe/Moscow] PHP Fatal error:  Uncaught Error: Call to undefined function ca_setup_capath() in /usr/local/pkg/squid.inc:199
Stack trace:
#0 /usr/local/pkg/squid.inc(1236): squid_gen_extra_ca()
#1 /usr/local/pkg/squid.inc(2264): squid_resync_general()
#2 /usr/local/www/pkg_edit.php(243) : eval()'d code(1): squid_resync()
#3 /usr/local/www/pkg_edit.php(243): eval()
#4 {main}
  thrown in /usr/local/pkg/squid.inc on line 199

Actions
Copy link
 #7

Updated by Renato Botelho about 3 years ago

  • Status changed from New to Feedback

Merged

Actions
Copy link
 #8

Updated by Viktor Gurov about 3 years ago

  • Status changed from Feedback to Resolved

squid pkg 0.4.45_3 - fixed

Actions
Copy link
 #9

Updated by Viktor Gurov about 2 years ago

  • Related to Bug #12738: Squid ignores CA Trust Store added
Actions
Copy link

Also available in: Atom PDF