On Wed, 28 Jan 2004, Loc Nguyen wrote:
> I set up my squid.conf with cache_peer
> ssloptions=DONT_VERIFY_PEER but I keep getting the
> error messages:
> SSL unknown certificate 20 ....
Is this message "SSL unknown certificate error 20 in ..."?
If it is then Squid does not know what SSL error 20 is.
On startup you should see either
NOTICE: Peer certificates are not verified for validity!
(DONT_VERIFY_PEER enabled)
or
Setting certificate verification callback.
(DONT_VERIFY_PEER not set)
please note that this is given once for the global SSL client and then
again once per ssl-enabled cache_peer.
> I turn on the debug using "debug_options ALL,1"
> expecting to see a lot of SSL debug messages
ALL,1 only gives you the default messages. If you want full debug messages
you should use ALL,9, or if just the SSL messages in full: ALL,1 83,9
Looking again at your cache_peer line I think I have spotted the problem..
DONT_VERIFY_PEER is an sslflags parameter, not ssloptions.
Regards
Henrik
Received on Thu Jan 29 2004 - 04:38:33 MST
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:09 MST