Re: [squid-users] SSL error

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 29 Jan 2003 22:30:34 +0100

And what do you get in cache.log?

Adam Lewis wrote:
>
> Sorry about that. Actually I have it in the config now but didn't paste it
> into this email. With this line added I'm getting ...
>
> ERROR
> The requested URL could not be retrieved
>
> ----------------------------------------------------------------------------
> ----
>
> While trying to retrieve the URL: http://pc1267.rtctel.com/exchange
>
> The following error was encountered:
>
> a.. Unable to forward this request at this time.
> This request could not be forwarded to the origin server or to any parent
> caches. The most likely cause for this error is that:
>
> a.. The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> b.. All configured parent caches are currently unreachable.
> Your cache administrator is webmaster.
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "Adam Lewis" <adamlewis@catt.com>
> Sent: Wednesday, January 29, 2003 1:12 PM
> Subject: Re: [squid-users] SSL error
>
> > And your are STILL missing never_direct.
> >
> > Regards
> > Henrik
> >
> > ons 2003-01-29 klockan 18.17 skrev Adam Lewis:
> > > I am using the front-end-https cache peer option but something isn't
> > > working. Here is my entire squid.conf (which I should have included
> > > before). Thanks for all of your help by the way.
> > >
> > > __SNIP__
> > > http_port 80
> > > https_port 64.18.103.9:443 cert=/usr/local/squid/etc/owacert.pem
> > > key=/usr/local/squid/etc/owa.pem
> > > cache_peer pc1267.rtctel.com parent 443 442 ssl proxy-only
> > > front-end-https=on ssl sslcert=/usr/local/squid/etc/owacert.pem
> > > sslkey=/usr/local/squid/etc/owa.pem
> > > hierarchy_stoplist cgi-bin ?
> > > acl QUERY urlpath_regex cgi-bin \?
> > > no_cache deny QUERY
> > > auth_param basic children 5
> > > auth_param basic realm Squid proxy-caching web server
> > > auth_param basic credentialsttl 2 hours
> > > refresh_pattern ^ftp: 1440 20% 10080
> > > refresh_pattern ^gopher: 1440 0% 1440
> > > refresh_pattern . 0 20% 4320
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl manager proto cache_object
> > > acl localhost src 127.0.0.1/255.255.255.255
> > > acl to_localhost dst 127.0.0.0/8
> > > acl SSL_ports port 443 563
> > > acl Safe_ports port 80 443 # http
> > > acl Safe_ports port 21 # ftp
> > > acl Safe_ports port 443 563 # https, snews
> > > acl Safe_ports port 70 # gopher
> > > acl Safe_ports port 210 # wais
> > > acl Safe_ports port 1025-65535 # unregistered ports
> > > acl Safe_ports port 280 # http-mgmt
> > > acl Safe_ports port 488 # gss-http
> > > acl Safe_ports port 591 # filemaker
> > > acl Safe_ports port 777 # multiling http
> > > acl CONNECT method CONNECT
> > > http_access allow manager localhost
> > > http_access allow manager
> > > http_access allow !Safe_ports
> > > http_access allow CONNECT !SSL_ports
> > > acl our_networks src 0.0.0.0/24
> > > http_access allow all
> > > http_access deny all
> > > http_reply_access allow all
> > > icp_access allow all
> > > visible_hostname pc1267.rtctel.com
> > > httpd_accel_host pc1267.rtctel.com
> > > coredump_dir /usr/local/squid/var/cache
> > > extension_methods SEARCH PROPFIND PROPATCH MKCOL MOVE BMOVE DELETE
> BDELETE
> > > BPROPFIND BPROPATCH REPORT
> > > __SNIP__
> > >
> > > Adam
> > >
> > >
> > > ----- Original Message -----
> > > From: "Henrik Nordstrom" <hno@squid-cache.org>
> > > To: "Adam Lewis" <adamlewis@catt.com>
> > > Cc: <squid-users@squid-cache.org>
> > > Sent: Wednesday, January 29, 2003 12:11 PM
> > > Subject: Re: [squid-users] SSL error
> > >
> > >
> > > > You are missing
> > > >
> > > > never_direct allow all
> > > >
> > > > to force Squid to use your peer..
> > > >
> > > > Note: Another option to use ssl between Squid and OWA is to use the
> > > > front-end-https cache_peer option. This tells OWA that it should use
> > > > https:// URLs even if the (inernal) connection was via HTTP.
> > > >
> > > > Regards
> > > > Henrik
> > > >
> > > >
> > > >
> > > > ons 2003-01-29 klockan 15.13 skrev Adam Lewis:
> > > > > I have a cache peer setup as follows...
> > > > >
> > > > > cache_peer pc1267.rtctel.com parent 443 442 ssl proxy-only
> > > > > front-end-https=on ssl sslcert=/usr/local/squid/etc/owacert.pem
> > > > > sslkey=/usr/local/squid/etc/owa.pem
> > > > >
> > > > > I also have
> > > > >
> > > > > httpd_accel_host pc1267.rtctel.com
> > > > >
> > > > > in the config. The name of the OWA server is pc1267.rtctel.com. I
> am
> > > real
> > > > > close but when I goto https://pc1267.rtctel.com in my browser I
> > > authenticate
> > > > > and then I'm back to http://pc1267.rtctel.com. It's as though it's
> SSL
> > > over
> > > > > the authentication but when I'm authenticated it goes back to clear
> > > text.
> > > > > Am I missing an option in the config?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Adam
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Henrik Nordstrom" <hno@squid-cache.org>
> > > > > To: "Adam Lewis" <adamlewis@catt.com>
> > > > > Cc: <squid-users@squid-cache.org>
> > > > > Sent: Tuesday, January 28, 2003 9:20 PM
> > > > > Subject: Re: [squid-users] SSL error
> > > > >
> > > > >
> > > > > > This error is/was seen if SSL failed to load the certificate.
> > > > > >
> > > > > > Regards
> > > > > > Henrik
> > > > > >
> > > > > >
> > > > > > Adam Lewis wrote:
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > I'm receiving the following error when attempting to connect to
> > > > > > > https://myserver. The error is from cache.log. I have compiled
> > > with
> > > > > > > option --enable-ssl and patched squid for ssl with the SSL patch
> > > from
> > > > > > > devel.squid-cache.org. Any ideas would be appreciated...
> > > > > > >
> > > > > > > __SNIP__
> > > > > > >
> > > > > > > httpsAccept: Error allocating handle: error:140BA0C3:SSL
> > > > > > > routines:SSL_new:null ssl ctx
> > > > > > >
> > > > > > > __SNIP__
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Adam
> > > > > >
> > > > --
> > > > Henrik Nordstrom <hno@squid-cache.org>
> > > > MARA Systems AB, Sweden
> > > >
> > > >
> > --
> > Henrik Nordstrom <hno@squid-cache.org>
> > MARA Systems AB, Sweden
> >
> >
Received on Wed Jan 29 2003 - 14:36:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:58 MST