RE: [squid-users] Cert issue on reserve proxy

From: Jason Hitt <Jhitt@dont-contact.us>
Date: Fri, 1 Jun 2007 10:45:43 -0500

Well using the sslflags=DONT_VERIFY_PEER on the cache peer got us to a
password prompt but still can't log in. Debug shows the following:

2007/06/01 08:51:43| fwdNegotiateSSL: Error negotiating SSL connection
on FD 15:
error:00000000:lib(0):func(0):reason(0) (5/0/0)

2007/06/01 08:51:43| TCP connection to 10.10.5.202/443 failed

We tried the below cache effective user command with no success, even
when we made openssl daemon user and did a chown on the logs and cache
folder for it. Not sure what the s_client is for. We're so close, just
need this last bit.

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Thursday, May 31, 2007 5:38 PM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy

tor 2007-05-31 klockan 14:59 -0500 skrev Jason Hitt:
> From the squid box I can ping the web server by name and IP. Nmap to
> both locations from my desktop shows 443 open and https is set to 443
> on the web box. Maybe I need a pass rule?

As your cache_effective_user on the squid server try

  openssl s_client -connect webserver:443

Regards
Henrik
Received on Fri Jun 01 2007 - 09:45:57 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:03 MDT