Re: Accelerated SSL from Henrik Nordstrom on 2002-02-26 (squid-dev)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 26 Feb 2002 09:54:09 +0100

To get around the problem when compiling on RedHat 6.2 you need to
add -ldl to the link line.

make SSLLIB="-lssl -lcrypto -ldl"

should get you around the problem I think.

When acting as an SSL accelerator then any SSL certificates needs to
be stored on the Squid server, not the real HTTP server.

Regards
Henrik Nordström

On Tuesday 26 February 2002 03:28, Peter Robinson wrote:
> Hi Adrian,
>
> Yes, I know about that side of things but there is a bug when
> compiling it on 6.2. The bits that I wasn't sure about was what
> you confirmed in the last line - that it can't forward the https
> request.
>
> Thanks
> Peter
>
> > Hi,
> >
> > squid-2.5 can act as an SSL "accelerator" - it can accept
> > incoming SSL requests (squid has the certificate/key), and
> > forward a HTTP request (_not_ HTTPS) to the origin server (say,
> > iis.)
> >
> >
> >
> >
> > adrian
> >
> > On Mon, Feb 25, 2002, Peter Robinson wrote:
> > > Hi All,
> > >
> > > Not sure if this is a 'stupid' question or not regarding squid
> > > and accelerated caching or not. Can squid act as a accelerated
> >
> > cache (more
> >
> > > like a pass through cache) for ssl connections like it does for
> > > ssl 'proxying'?
> > >
> > > To explain some more. I have a number of sites using squid
> >
> > as a mask for
> >
> > > IIS servers running various sites so that iis isn't visible
> >
> > to the outside
> >
> > > world as I do't believe it is 'old enough to be let out
> >
> > alone :)'. I now
> >
> > > have a number of sites that wish to run the same iis box
> >
> > with ssl (secure
> >
> > > iis - bit of an oxymoron really) and have two running with
> >
> > squid doing the
> >
> > > ssl for them to take take the load off the iis servers (how
> >
> > is the fix
> >
> > > for 6.2 and the automake problem going :) but have a couple
> >
> > of sites that
> >
> > > want to use it as a standard accel pass-through cache, I
> >
> > don't think this
> >
> > > is possible but it did make mention in the FAQ of some
> >
> > people working on a
> >
> > > 'decrypt' thing for ssl. Is this relivant? Or can squid be
> >
> > just configured
> >
> > > as a reverse proxy say for people running a web server on a
> >
> > network of
> >
> > > non-real addresses behind a firewall running squid?
> > >
> > > Peter
Received on Tue Feb 26 2002 - 01:54:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:49 MST