Hi,
I have a problem regarding squid https forwarding.
Setup
| --------------------------
| |--------------------------------
---user----> | squid (port 2500)-->2501| ------ssh tunnel--------->
|apache (port 2500)
( https ) |____________________ | ( http
) | ---------------------------------
EXTERNAL BOX
INTERNAL BOX
So the user is meant to connect via https on port 2500, which is sent
through an ssh tunnel to an
internal apache machine listening on port 2500.
This works fine when i'm using http, but when i try to use https, i get
in cache.log:
"clientNegotiateSSL: Error negotiating SSL connection on FD 10:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request"
as soon as i try to connect to it (it starts up fine).
In squid.conf i am using:
https_port XXX.XXX.XXX.XXX:2500 cert=/usr/local/squid/var/server.crt
key=/usr/local/squid/var/server.key
httpd_accel_host 127.0.0.1
httpd_accel_port 2501
httpd_accel_single_host on
httpd_accel_uses_host_header off
(if i use http_port XXX.XXX.XXX.XXX:2500 instead of https_port, it works
fine!)
I have other problems too (the internal web server tells the external
one to go to http://XXX not
https://XXX), but i think i might be able to get around this with
rewrites and some code modification.
Any help on the above problem would be most appreciated.
I am using the certificates from my apache installation on the external box.
Thanks in advance,
Jon
----------------------------------------------------------------------------------------------------
CACHE.LOG:
2003/07/24 15:18:12| Starting Squid Cache version 2.5.STABLE3 for
i686-pc-linux-gnu...
2003/07/24 15:18:12| Process ID 19437
2003/07/24 15:18:12| With 1024 file descriptors available
2003/07/24 15:18:12| Performing DNS Tests...
2003/07/24 15:18:12| Successful DNS name lookup tests...
2003/07/24 15:18:12| DNS Socket created at 0.0.0.0, port 33162, FD 4
2003/07/24 15:18:12| Adding nameserver XX.XX.XX.XX from /etc/resolv.conf
2003/07/24 15:18:12| Unlinkd pipe opened on FD 9
2003/07/24 15:18:12| Swap maxSize 102400 KB, estimated 7876 objects
2003/07/24 15:18:12| Target number of buckets: 393
2003/07/24 15:18:12| Using 8192 Store buckets
2003/07/24 15:18:12| Max Mem size: 8192 KB
2003/07/24 15:18:12| Max Swap size: 102400 KB
2003/07/24 15:18:12| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)
2003/07/24 15:18:12| Using Least Load store dir selection
2003/07/24 15:18:12| Set Current Directory to /usr/local/squid/var/cache
2003/07/24 15:18:12| Loaded Icons.
2003/07/24 15:18:12| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 11.
2003/07/24 15:18:12| Initialising SSL.
2003/07/24 15:18:12| Using certificate in /usr/local/squid/var/server.crt
2003/07/24 15:18:12| Using private key in /usr/local/squid/var/server.key
2003/07/24 15:18:12| Accepting HTTPS connections at XX.XX.XX.XX, port
2500, FD 12.
2003/07/24 15:18:12| WCCP Disabled.
2003/07/24 15:18:12| Ready to serve requests.
2003/07/24 15:18:12| Done reading /usr/local/squid/var/cache swaplog (1
entries)
2003/07/24 15:18:12| Finished rebuilding storage from disk.
2003/07/24 15:18:12| 1 Entries scanned
2003/07/24 15:18:12| 0 Invalid entries.
2003/07/24 15:18:12| 0 With invalid flags.
2003/07/24 15:18:12| 1 Objects loaded.
2003/07/24 15:18:12| 0 Objects expired.
2003/07/24 15:18:12| 0 Objects cancelled.
2003/07/24 15:18:12| 0 Duplicate URLs purged.
2003/07/24 15:18:12| 0 Swapfile clashes avoided.
2003/07/24 15:18:12| Took 0.0 seconds ( 1.0 objects/sec).
2003/07/24 15:18:12| Beginning Validation Procedure
2003/07/24 15:18:12| Completed Validation Procedure
2003/07/24 15:18:12| Validated 1 Entries
2003/07/24 15:18:12| store_swap_size = 4k
2003/07/24 15:18:13| storeLateRelease: released 0 objects
2003/07/24 15:18:48| clientNegotiateSSL: Error negotiating SSL
connection on FD 10: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request
Received on Thu Jul 24 2003 - 00:05:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:15 MST