Re: [squid-users] HTTPS sites

Fernando Ruza wrote:
>
> Hi, nobody can give any clue regarding the problem I posted (enclosed
> below) ??
> Please, if anyone need further information, let me know.
>
> Thanks in advance,
>

 Why did you build squid with :
  
   --enable-ssl

 Note that is not needed for squid to be able to 'connect' to https
 sites (upon browser request).
 This is only needed for ssl gateway-ing configurations.

 Your conf file does not seem to include such a setup.

 As a first step I would remove this i.e. build squid without :

       -enable-ssl --with-openssl=/usr

 See what happens then.

 M.

 
> Fernando.
>
> El lun, 26 de 05 de 2003 a las 10:13, Fernando Ruza escribió:
> > Hi everybody,
> >
> > I'm having a strange problem browsing https sites. I can access and
> > browse to https sites well however, when I access to my bank account for
> > example, sometimes when I login with my Bank user account I cannot
> > access to my movement details and other times I can access but when I
> > try to make any operation I lost the connection to my account and I have
> > to login again but it happens the same again.
> >
> > It's something very strange because my proxy is a child of another squid
> > proxy and if I do anything jumping my proxy and pointing the browser
> > directly to the parent proxy everything goes right, I can access and
> > browse inside my bank account making any operation in the site without
> > any problem. I suppose is a https/ssl misconfigured option or something
> > like that in my child proxy but I don't know what could be wrong.
> >
> > I use Debian Sid 2.4.20 and Squid version:
> >
> > luna:~# squid -v
> > Squid Cache: Version 2.5.STABLE2
> > configure options: --prefix=/home/fruza/tmp/Curro/Squid/squid
> > --enable-auth=basic,ntlm --enable-basic-auth-helpers=winbind
> > --enable-ntlm-auth-helpers=winbind --enable-ssl --with-openssl=/usr
> >
> > with the following options in the squid.conf configuration file:
> >
> > http_port 8080
> > cache_peer proxy.jclm.es parent 8080 0 proxy-only default no-query
> > no-digest
> > ssl_unclean_shutdown on
> >
> > auth_param basic program /usr/local/bin/smb_auth -W HGUV
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl acceso_internet src 10.36.192.0/22 localhost
> > acl domainusers proxy_auth REQUIRED
> > acl SSL method CONNECT
> >
> > http_access allow localhost
> > http_access deny !acceso_internet
> > http_access allow acceso_internet domainusers
> > http_reply_access allow all
> > icp_access allow all
> > http_access deny all
> >
> > visible_hostname luna
> >
> > never_direct allow all
> >
> > coredump_dir /var/spool/squid
> >
> >
> > Thanks in advance for any reply,
> >
> > Fernando.
> >
> > --
> > Yo uso software libre, ¿Y tu?
> > ¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html
> >
> > Fernando Ruza
> > e-mail: feruza@terra.es
> > Tlf: 661123845
> > Yahoo! Messenger id: fruza
> > Linux user: #273644 (http://counter.li.org)
> > Debian Sid (Kernel 2.4.20 & ext3)
> >
> > "In an internet without fences ... who needs 'gates'"
> --
> Yo uso software libre, ¿Y tu?
> ¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html
>
> Fernando Ruza
> e-mail: feruza@terra.es
> Tlf: 661123845
> Yahoo! Messenger id: fruza
> Linux user: #273644 (http://counter.li.org)
> Debian Sid (Kernel 2.4.20 & ext3)
>
> "In an internet without fences ... who needs 'gates'"

-- 
 'Love is truth without any future.
 (M.E. 1997)