1 files changed, 61 insertions, 6 deletions

diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 72c10ab6..6bc40c6f 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -10,7 +10,7 @@
     authng.xml
     part of pfSense (http://www.pfSense.com)
     Copyright (C) 2007 to whom it may belong
-    Copyright (C) 2012 Marcello Coutinho
+    Copyright (C) 2012-2013 Marcello Coutinho
     All rights reserved.
 
     Based on m0n0wall (http://m0n0.ch/wall)
@@ -22,7 +22,7 @@
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions are met:
 
-     1. Redistributions of source code must retain the above copyright notice,
+     1. Redistributions of source code MUST retain the above copyright notice,
         this list of conditions and the following disclaimer.
 
      2. Redistributions in binary form must reproduce the above copyright
@@ -47,7 +47,7 @@
     <requirements>Describe your package requirements here</requirements>
     <faq>Currently there are no FAQ items provided.</faq>
 	<name>squid</name>
-	<version>3.1.STABLE19</version>
+	<version>3.2.7</version>
 	<title>Proxy server: General settings</title>
 	<include_file>/usr/local/pkg/squid.inc</include_file>
 	<menu>
@@ -199,6 +199,11 @@
 		<item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0755</chmod>
+		<item>http://www.pfsense.org/packages/config/squid-reverse/squid_reverse_redir.xml</item>
+	</additional_files_needed>
+	<additional_files_needed>
 	    <prefix>/usr/local/www/</prefix>
 	    <chmod>0755</chmod>
 		<item>http://www.pfsense.org/packages/config/squid-reverse/squid_monitor.php</item>
@@ -254,11 +259,11 @@
 			<default_value>on</default_value>
 		</field>
 		<field>
-			<fielddescr>Transparent proxy</fielddescr>
+			<fielddescr>Transparent HTTP proxy</fielddescr>
 			<fieldname>transparent_proxy</fieldname>
 			<description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
-						 <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br>
-						 To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description>
+						 <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br>
+						 To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description>
 			<type>checkbox</type>
 			<enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>			
 			<required/>
@@ -303,6 +308,56 @@
 			<type>input</type>
 			<size>70</size>
 		</field>
+				<field>
+			<name>SSL man in the middle Filtering</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>HTTPS/SSL interception</fielddescr>
+			<fieldname>ssl_proxy</fieldname>
+			<description><![CDATA[Enable SSL filtering.]]></description>
+			<type>checkbox</type>
+			<enablefields>dca,dcert,sslcrtd_children,check_certificate</enablefields>
+		</field>
+		<field>
+			<fielddescr>SSL Proxy port</fielddescr>
+			<fieldname>ssl_proxy_port</fieldname>
+			<description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description>
+			<type>input</type>
+			<size>5</size>
+			<default_value>3129</default_value>
+		</field>
+		<field>
+			<fielddescr>Cert</fielddescr>
+			<fieldname>dcert</fieldname>
+			<description><![CDATA[Select Certificate to use in SSL interception<br>
+								To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
+	    	<type>select_source</type>
+			<source><![CDATA[$config['cert']]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
+		</field>
+		<field>
+			<fielddescr>sslcrtd children</fielddescr>
+			<fieldname>sslcrtd_children</fieldname>
+			<description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br>
+			if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description>
+			<type>input</type>
+			<size>2</size>
+			<default_value>5</default_value>
+		</field>
+		<field>
+			<fielddescr>Remote Cert checks</fielddescr>
+			<fieldname>interception_checks</fieldname>
+			<description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description>
+		<type>select</type>
+		<options>
+				<option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option>
+				<option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option>
+		</options>
+		<multiple/>
+		<size>3</size>
+		</field>
 		<field>
 			<name>Logging Settings</name>
 			<type>listtopic</type>