Support generate-host-certificates=FILE configuration

[yadij]

This is the final part required to move the signing CA from the cert=/key= parameters to the generate-host-certificates parameter.

As I understand it the SSL-Bump functionality still requires cert= to be configured. But it no longer is required to be the signing CA and future work on certificate generation itself will attempt to remove that requirement.

For legacy installations the absence of a filename on generate-host-certificates the cert=/key= files will be used exactly as in previous Squid versions.

[rousskov]

@yadij, I could not find the answer to this earlier review question so I am repeating it here for your convenience.

AFAICT, SslBump still requires a signing certificate for nearly all practical configurations.

• If this PR moves the correct place to specify that signing certificate from cert= to generate-host-certificates=, then why is cert= still required for SslBump?
• If this PR does not move the correct place to specify that signing certificate from cert= to generate-host-certificates=, then what are the motivation/benefits of the proposed changes?

[yadij]

The certificate generation feature is using signingCa members, not certs.front() specifically. The non-generate code in SSL-Bump remains as it was intentionally so that it uses the static tls-cert= when that is configured. Both code paths should error at runtime if the relevant context was not initialized.

[rousskov]

Your answer discusses internal implementation details, but I was asking about the configuration interface. Since we seem to have trouble communicating, I will try to split my question into several parts. Here is the first part:

• After this PR changes, is tsl-cert option required for a port that already has ssl-bump and generate-host-certificates=FILE options?