FW: [squid-users] Cert issue on reserve proxy

From: Jason Hitt <Jhitt@dont-contact.us>
Date: Tue, 5 Jun 2007 10:11:59 -0500

 
After logging in as the effective user and setting the cache and log ownership to this account when I launch squid I get this:

commBind: Cannot bind socket FD 12 to *:443: (13) Permission denied
FATAL: Cannot open HTTP Port

-----Original Message-----
From: Jason Hitt [mailto:Jhitt@eGisticsinc.com]
Sent: Tuesday, June 05, 2007 9:56 AM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy

I was running squid as nobody:nogroup but made a user for squid and added it to cache_effective_user, logged in as the user and run the openssl command. Got whats below. Why does it say protocol is TLS, shouldn't it be sslv3?

 CONNECTED(00000004)
depth=0 /CN=<url>
verify error:num=18:self signed certificate verify return:1 depth=0 /CN=<url> verify return:1

---
Certificate chain
 0 s:/CN=<url>
   i:/CN=<url>
---
Server certificate
-----BEGIN CERTIFICATE-----
<cert info>
-----END CERTIFICATE-----
subject=/CN=<url>
issuer=/CN=<url>
---
No client certificate CA names sent
---
SSL handshake has read 659 bytes and written 324 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 7E1B0000FBDFFEC0CE1EAAAAA79B9A990AEDB5D92D7F3F6A0E213610D3EDC49E
    Session-ID-ctx:
    Master-Key: <key info>
    Key-Arg   : None
    Start Time: 1181055015
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Monday, June 04, 2007 4:37 PM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy
mån 2007-06-04 klockan 11:20 -0500 skrev Jason Hitt:
> When I added it to cache_effective_user as you mentioned I states theres no account named "openssl". I made one just to see if that's what you meant and gave the openssl account ownership of the logs and caches as needed butI get an abort trap. I'm stumped. Abort to do a port mirror and wireshark the ssl exchange. 
I want you to run the openssl s_client command as the cache_effective_user on your Squid server, whatever that is on your server, not as root.
I do not want you to change the cache_effective_user in suqid.conf at all. Just to run the openssl command as the user cache_effective_user is set to run Squid under..
Regards
Henrik
Received on Tue Jun 05 2007 - 09:12:15 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT