squid: Enable dynamic SSL certificate generation

Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07

Description:

Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    ssl_bump splice all

In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
    ssl_bump stare all
    ssl_bump bump all

This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit dbda77686d5dccb3d3999ed2e7dec18aab11fff8)

diff --git a/net/squid/Config.in b/net/squid/Config.in
index bcc072f18ea2ddf71864e5b5bf67563db8c699f2..eeeb856aba1f28e873657e4f711b8de080e572ba 100644 (file)
--- a/net/squid/Config.in
+++ b/net/squid/Config.in
@@ -25,7 +25,7 @@ if PACKAGE_squid
        config SQUID_enable-ssl-crtd
                bool "Enable dynamic SSL certificate generation "
                depends on !SQUID_use-gnutls
-               default n
+               default y
 
        config SQUID_auth-basic
                bool "Enable the Basic authentication scheme"

diff --git a/net/squid/Makefile b/net/squid/Makefile
index c54f23735b87493cd6dbf0863f8d3ebb6b76d658..1efd94b658652b3bc87c9422d975f25ed39ad7ed 100644 (file)
--- a/net/squid/Makefile
+++ b/net/squid/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=squid
 PKG_VERSION:=4.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www3.us.squid-cache.org/Versions/v4/ \