[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-dev
Subject:    Re: [squid-dev] Securtiy_file_gen in a server format development
From:       Alex Rousskov <rousskov () measurement-factory ! com>
Date:       2018-12-30 17:07:39
Message-ID: 043e54e0-16f8-9507-847e-77b8979af4a3 () measurement-factory ! com
[Download RAW message or body]

On 12/29/18 11:45 PM, Eliezer Croitoru wrote:

> From what I understood until now it seems that the current ssl_db
> directory structure is simple enough that it might be possible to share
> it across a NFS store.

I would expect NFS store to work in environments that support file
locking over NFS. For example, NFS flock(2) does not work with Linux
kernels up to v2.6.11. For the list of environment-specific file locking
system calls used by the certificate generator, see Ssl::Lock::lock().


> Since squid is being used in couple locations as a security software it
> would be good for security admins to be able to have some history logs.

The generated certificate database is just an optimization/cache.
Logging certificate cache operations would probably be as useful/useless
as store.log is for the HTTP cache. It would be good to discuss and
target some specific use cases before designing where and how to log
certificate operations.

Alex.

_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[prev in list] [next in list] [prev in thread] [next in thread]