RE: [squid-users] Cert issue on reserve proxy

From: Jason Hitt <Jhitt@dont-contact.us>
Date: Mon, 4 Jun 2007 15:25:27 -0500

When I ru squid with -N -X I notice it parses the line you had me add
but I get the error below:

2007/06/04 14:20:08| Processing: 'cache_effective_user openssl s_client
-connect
<web server ip>:443 '
2007/06/04 14:20:08| parse_line: cache_effective_user openssl s_client
-connect
<web server ip>:443

FATAL: Cannot open '/usr/local/squid/var/logs/access.log' for writing.
        The parent directory must be writeable by the
        user 'openssl', which is the cache_effective_user
        set in squid.conf.

-----Original Message-----
From: Jason Hitt [mailto:Jhitt@eGisticsinc.com]
Sent: Monday, June 04, 2007 9:41 AM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy

Here the output I got when I read the following from the prompt as
root:

# openssl s_client -connect <server ip>:443
CONNECTED(00000004)
depth=0 /CN=<server url>
verify error:num=18:self signed certificate verify return:1 depth=0
/CN=<server url> verify return:1

---
Certificate chain
 0 s:/CN=<server url>
   i:/CN=<server url>
---
Server certificate
-----BEGIN CERTIFICATE-----
<cert info>
-----END CERTIFICATE-----
subject=/CN=<server url>
issuer=/CN=<server url>
---
No client certificate CA names sent
---
SSL handshake has read 659 bytes and written 324 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
F01F000016E12FA021E0550C3B4E278053809D37116C03644D4827EEA147F11C
    Session-ID-ctx:
    Master-Key: <key info>
    Key-Arg   : None
    Start Time: 1180967593
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
read:errno=54 
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Saturday, June 02, 2007 5:49 AM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy
fre 2007-06-01 klockan 10:45 -0500 skrev Jason Hitt:
> We tried the below cache effective user command with no success, even 
> when we made openssl daemon user and did a chown on the logs and cache
> folder for it. Not sure what the s_client is for. We're so close, just
> need this last bit.
s_client is a simple SSL client for connecting to SSL servers such as
https servers.
The command "openssl s_client -connect webserver:443" opens an SSL
connection to the webserver on port 443, and shows details about the
negotiated SSL connection. When connected it waits for data to send to
the server over the SSL connection and/or shows responses from the
server.
You can find an example output of a valid session at
http://paste.lisp.org/display/42143
The HEAD /.. part was typed by me after the connection was established.
Regards
Henrik
Received on Mon Jun 04 2007 - 14:25:42 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT