d7f8f02574
Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit dbda77686d)
95 lines
2.3 KiB
Text
95 lines
2.3 KiB
Text
if PACKAGE_squid
|
|
|
|
comment "Optional features"
|
|
|
|
config SQUID_enable-ipv6
|
|
bool "Enable support for IP version 6"
|
|
default y
|
|
|
|
config SQUID_enable-snmp
|
|
bool "Enable SNMP monitoring support"
|
|
default n
|
|
|
|
config SQUID_enable-icmp
|
|
bool "Enable ICMP pinging and Network Measurement"
|
|
default n
|
|
|
|
config SQUID_enable-icap-client
|
|
bool "Enable ICAP client support"
|
|
default n
|
|
|
|
config SQUID_enable-dlmalloc
|
|
bool "Compile & use the malloc package by Doug Lea"
|
|
default y
|
|
|
|
config SQUID_enable-ssl-crtd
|
|
bool "Enable dynamic SSL certificate generation "
|
|
depends on !SQUID_use-gnutls
|
|
default y
|
|
|
|
config SQUID_auth-basic
|
|
bool "Enable the Basic authentication scheme"
|
|
default n
|
|
|
|
config SQUID_auth-digest
|
|
bool "Enable the Digest authentication scheme"
|
|
default n
|
|
|
|
config SQUID_auth-negotiate
|
|
bool "Enable the Negotiate authentication scheme"
|
|
default n
|
|
|
|
config SQUID_auth-ntlm
|
|
bool "Enable the NTLM authentication scheme"
|
|
default n
|
|
|
|
comment "Optional packages"
|
|
|
|
choice
|
|
prompt "Choose SSL Library"
|
|
default SQUID_use-openssl
|
|
|
|
config SQUID_use-openssl
|
|
bool "Use OpenSSL (default)"
|
|
|
|
config SQUID_use-gnutls
|
|
bool "Use GnuTLS (experimental, see help)"
|
|
help
|
|
Use GnuTLS in place of OpenSSL for the core features of receiving
|
|
TLS connections from clients and making TLS connections to servers.
|
|
The GnuTLS support is still very much experimental and should be
|
|
tested before use.
|
|
|
|
SSL-Bump and certificate generation features are not yet supported
|
|
by GnuTLS builds. Nor are many other less commonly used Squid
|
|
TLS/SSL features.
|
|
|
|
squid.conf directives and configuration options which have undergone
|
|
name changes from 'ssl' to 'tls' prefix in Squid-4 have GnuTLS
|
|
support, unless explicitly stated otherwise.
|
|
|
|
Advanced configuration with specific selection of ciphers and
|
|
similar settings should still work, but needs the GnuTLS Priority
|
|
Strings instead of the OpenSSL options when using GnuTLS.
|
|
endchoice
|
|
|
|
config SQUID_with-libcap
|
|
bool "Use libcap - Linux capabilities library"
|
|
default n
|
|
|
|
config SQUID_with-nettle
|
|
bool "Use nettle - GNU crypto library"
|
|
default n
|
|
|
|
config SQUID_with-expat
|
|
bool "Use expat - XML parsing library"
|
|
default n
|
|
|
|
config SQUID_with-libxml2
|
|
bool "Use libxml2 - Gnome XML library"
|
|
default n
|
|
|
|
comment "Additional tools"
|
|
|
|
endif
|
|
|