Project

General

Profile

Actions
Copy link

Bug #7871

closed

Add squid validation for selected CA when MITM is enabled

Added by Kill Bill over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Jim Pingle
Category:
Squid
Target version:
-
Start date:
09/17/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All

Description

Obviously, this needs to be a CA we have a private key to so that it can issue certificates on the fly to prevent PEBKAC cases such as [1]. The current validation does not check this. [2]

Jim Pingle: Any chance you can hack a quick check for this? Otherwise please re-assign to myself and I'll dig into the certs.inc later, not exactly something I'd be familiar with. The other relevant code is here [3] - so it basically adds the required bits to squid.conf if we can get the private key, if not, it results in broken config as in [1]. I guess there's no need to touch that once the validation is in place though.

[1] https://forum.pfsense.org/index.php?topic=136450.0
[2] https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L808
[3] https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1124

Actions
Copy link

Also available in: Atom PDF