RE: [squid-users] Cert issue on reserve proxy

From: Jason Hitt <Jhitt@dont-contact.us>
Date: Wed, 6 Jun 2007 09:57:24 -0500

For clarity on the error I get and what is in my conf here is squid ran
with the -X.

$ ./squid -N -X
2007/06/06 08:46:25| Memory pools are 'off'; limit: 0.00 MB
2007/06/06 08:46:25| cachemgrRegister: registered mem
2007/06/06 08:46:25| cbdataInit
2007/06/06 08:46:25| cachemgrRegister: registered cbdata
2007/06/06 08:46:25| cachemgrRegister: registered events
2007/06/06 08:46:25| authSchemeAdd: adding basic
2007/06/06 08:46:25| parse_line: ssl_unclean_shutdown off
2007/06/06 08:46:25| parse_line: sslproxy_version 1
2007/06/06 08:46:25| parse_line: icp_port 3130
2007/06/06 08:46:25| parse_line: udp_incoming_address 0.0.0.0
2007/06/06 08:46:25| parse_line: udp_outgoing_address 255.255.255.255
2007/06/06 08:46:25| parse_line: icp_query_timeout 0
2007/06/06 08:46:25| parse_line: maximum_icp_query_timeout 2000
2007/06/06 08:46:25| parse_line: mcast_icp_query_timeout 2000
2007/06/06 08:46:25| parse_line: dead_peer_timeout 10 seconds
2007/06/06 08:46:25| parse_line: cache_vary on
2007/06/06 08:46:25| parse_line: cache_mem 8 MB
2007/06/06 08:46:25| parse_line: cache_swap_low 90
2007/06/06 08:46:25| parse_line: cache_swap_high 95
2007/06/06 08:46:25| parse_line: maximum_object_size 4096 KB
2007/06/06 08:46:25| parse_line: minimum_object_size 0 KB
2007/06/06 08:46:25| parse_line: maximum_object_size_in_memory 8 KB
2007/06/06 08:46:25| parse_line: ipcache_size 1024
2007/06/06 08:46:25| parse_line: ipcache_low 90
2007/06/06 08:46:25| parse_line: ipcache_high 95
2007/06/06 08:46:25| parse_line: fqdncache_size 1024
2007/06/06 08:46:25| parse_line: cache_replacement_policy lru
2007/06/06 08:46:25| parse_line: memory_replacement_policy lru
2007/06/06 08:46:25| parse_line: cache_log
/usr/local/squid/var/logs/cache.log
2007/06/06 08:46:25| parse_line: cache_store_log
/usr/local/squid/var/logs/store.log
2007/06/06 08:46:25| parse_line: emulate_httpd_log off
2007/06/06 08:46:25| parse_line: log_ip_on_direct on
2007/06/06 08:46:25| parse_line: mime_table
/usr/local/squid/etc/mime.conf
2007/06/06 08:46:25| parse_line: log_mime_hdrs off
2007/06/06 08:46:25| parse_line: pid_filename
/usr/local/squid/var/logs/squid.pid
2007/06/06 08:46:25| parse_line: debug_options ALL,1
2007/06/06 08:46:25| parse_line: log_fqdn off
2007/06/06 08:46:25| parse_line: client_netmask 255.255.255.255
2007/06/06 08:46:25| parse_line: ftp_user Squid@
2007/06/06 08:46:25| parse_line: ftp_list_width 32
2007/06/06 08:46:25| parse_line: ftp_passive on
2007/06/06 08:46:25| parse_line: ftp_sanitycheck on
2007/06/06 08:46:25| parse_line: ftp_telnet_protocol on
2007/06/06 08:46:25| parse_line: check_hostnames on
2007/06/06 08:46:25| parse_line: allow_underscore on
2007/06/06 08:46:25| parse_line: dns_retransmit_interval 5 seconds
2007/06/06 08:46:25| parse_line: dns_timeout 2 minutes
2007/06/06 08:46:25| parse_line: dns_defnames off
2007/06/06 08:46:25| parse_line: hosts_file /etc/hosts
2007/06/06 08:46:25| parse_line: diskd_program
/usr/local/squid/libexec/diskd-daemon
2007/06/06 08:46:25| parse_line: unlinkd_program
/usr/local/squid/libexec/unlinkd
2007/06/06 08:46:25| parse_line: url_rewrite_children 5
2007/06/06 08:46:25| parse_line: url_rewrite_concurrency 0
2007/06/06 08:46:25| parse_line: url_rewrite_host_header on
2007/06/06 08:46:25| parse_line: location_rewrite_children 5
2007/06/06 08:46:25| parse_line: location_rewrite_concurrency 0
2007/06/06 08:46:25| parse_line: authenticate_cache_garbage_interval 1
hour
2007/06/06 08:46:25| parse_line: authenticate_ttl 1 hour
2007/06/06 08:46:25| parse_line: authenticate_ip_ttl 0 seconds
2007/06/06 08:46:25| parse_line: wais_relay_port 0
2007/06/06 08:46:25| parse_line: request_header_max_size 20 KB
2007/06/06 08:46:25| parse_line: request_body_max_size 0 KB
2007/06/06 08:46:25| parse_line: quick_abort_min 16 KB
2007/06/06 08:46:25| parse_line: quick_abort_max 16 KB
2007/06/06 08:46:25| parse_line: quick_abort_pct 95
2007/06/06 08:46:25| parse_line: read_ahead_gap 16 KB
2007/06/06 08:46:25| parse_line: negative_ttl 5 minutes
2007/06/06 08:46:25| parse_line: positive_dns_ttl 6 hours
2007/06/06 08:46:25| parse_line: negative_dns_ttl 1 minute
2007/06/06 08:46:25| parse_line: range_offset_limit 0 KB
2007/06/06 08:46:25| parse_line: collapsed_forwarding off
2007/06/06 08:46:25| parse_line: refresh_stale_hit 0 seconds
2007/06/06 08:46:25| parse_line: forward_timeout 4 minutes
2007/06/06 08:46:25| parse_line: connect_timeout 1 minute
2007/06/06 08:46:25| parse_line: peer_connect_timeout 30 seconds
2007/06/06 08:46:25| parse_line: read_timeout 15 minutes
2007/06/06 08:46:25| parse_line: request_timeout 5 minutes
2007/06/06 08:46:25| parse_line: persistent_request_timeout 1 minute
2007/06/06 08:46:25| parse_line: client_lifetime 1 day
2007/06/06 08:46:25| parse_line: half_closed_clients on
2007/06/06 08:46:25| parse_line: pconn_timeout 120 seconds
2007/06/06 08:46:25| parse_line: ident_timeout 10 seconds
2007/06/06 08:46:25| parse_line: shutdown_lifetime 30 seconds
2007/06/06 08:46:25| parse_line: reply_header_max_size 20 KB
2007/06/06 08:46:25| parse_line: cache_mgr webmaster
2007/06/06 08:46:25| parse_line: mail_program mail
2007/06/06 08:46:25| parse_line: cache_effective_user nobody
2007/06/06 08:46:25| parse_line: httpd_suppress_version_string off
2007/06/06 08:46:25| parse_line: umask 027
2007/06/06 08:46:25| parse_line: announce_period 0
2007/06/06 08:46:25| parse_line: announce_host tracker.ircache.net
2007/06/06 08:46:25| parse_line: announce_port 3131
2007/06/06 08:46:25| parse_line: httpd_accel_no_pmtu_disc off
2007/06/06 08:46:25| parse_line: logfile_rotate 10
2007/06/06 08:46:25| parse_line: tcp_recv_bufsize 0 bytes
2007/06/06 08:46:25| parse_line: memory_pools on
2007/06/06 08:46:25| parse_line: memory_pools_limit 5 MB
2007/06/06 08:46:25| parse_line: via on
2007/06/06 08:46:25| parse_line: forwarded_for on
2007/06/06 08:46:25| parse_line: log_icp_queries on
2007/06/06 08:46:25| parse_line: icp_hit_stale off
2007/06/06 08:46:25| parse_line: minimum_direct_hops 4
2007/06/06 08:46:25| parse_line: minimum_direct_rtt 400
2007/06/06 08:46:25| parse_line: store_avg_object_size 13 KB
2007/06/06 08:46:25| parse_line: store_objects_per_bucket 20
2007/06/06 08:46:25| parse_line: client_db on
2007/06/06 08:46:25| parse_line: netdb_low 900
2007/06/06 08:46:25| parse_line: netdb_high 1000
2007/06/06 08:46:25| parse_line: netdb_ping_period 5 minutes
2007/06/06 08:46:25| parse_line: query_icmp off
2007/06/06 08:46:25| parse_line: test_reachability off
2007/06/06 08:46:25| parse_line: buffered_logs off
2007/06/06 08:46:25| parse_line: reload_into_ims off
2007/06/06 08:46:25| parse_line: icon_directory
/usr/local/squid/share/icons
2007/06/06 08:46:25| parse_line: global_internal_static on
2007/06/06 08:46:25| parse_line: short_icon_urls off
2007/06/06 08:46:25| parse_line: error_directory
/usr/local/squid/share/errors/English
2007/06/06 08:46:25| parse_line: maximum_single_addr_tries 1
2007/06/06 08:46:25| parse_line: retry_on_error off
2007/06/06 08:46:25| parse_line: snmp_port 3401
2007/06/06 08:46:25| parse_line: snmp_incoming_address 0.0.0.0
2007/06/06 08:46:25| parse_line: snmp_outgoing_address 255.255.255.255
2007/06/06 08:46:25| parse_line: as_whois_server whois.ra.net
2007/06/06 08:46:25| parse_line: wccp_router 0.0.0.0
2007/06/06 08:46:25| parse_line: wccp_version 4
2007/06/06 08:46:25| parse_line: wccp2_rebuild_wait on
2007/06/06 08:46:25| parse_line: wccp2_forwarding_method 1
2007/06/06 08:46:25| parse_line: wccp2_return_method 1
2007/06/06 08:46:25| parse_line: wccp2_assignment_method 1
2007/06/06 08:46:25| parse_line: wccp2_weight 10000
2007/06/06 08:46:25| parse_line: wccp_address 0.0.0.0
2007/06/06 08:46:25| parse_line: wccp2_address 0.0.0.0
2007/06/06 08:46:25| parse_line: incoming_icp_average 6
2007/06/06 08:46:25| parse_line: incoming_http_average 4
2007/06/06 08:46:25| parse_line: incoming_dns_average 4
2007/06/06 08:46:25| parse_line: min_icp_poll_cnt 8
2007/06/06 08:46:25| parse_line: min_dns_poll_cnt 8
2007/06/06 08:46:25| parse_line: min_http_poll_cnt 8
2007/06/06 08:46:25| parse_line: max_open_disk_fds 0
2007/06/06 08:46:25| parse_line: offline_mode off
2007/06/06 08:46:25| parse_line: uri_whitespace strip
2007/06/06 08:46:25| parse_line: nonhierarchical_direct on
2007/06/06 08:46:25| parse_line: prefer_direct off
2007/06/06 08:46:25| parse_line: strip_query_terms on
2007/06/06 08:46:25| parse_line: redirector_bypass off
2007/06/06 08:46:25| parse_line: ignore_unknown_nameservers on
2007/06/06 08:46:25| parse_line: client_persistent_connections on
2007/06/06 08:46:25| parse_line: server_persistent_connections on
2007/06/06 08:46:25| parse_line: persistent_connection_after_error off
2007/06/06 08:46:25| parse_line: detect_broken_pconn off
2007/06/06 08:46:25| parse_line: balance_on_multiple_ip on
2007/06/06 08:46:25| parse_line: pipeline_prefetch off
2007/06/06 08:46:25| parse_line: request_entities off
2007/06/06 08:46:25| parse_line: high_response_time_warning 0
2007/06/06 08:46:25| parse_line: high_page_fault_warning 0
2007/06/06 08:46:25| parse_line: high_memory_warning 0
2007/06/06 08:46:25| parse_line: store_dir_select_algorithm least-load
2007/06/06 08:46:25| parse_line: ie_refresh off
2007/06/06 08:46:25| parse_line: vary_ignore_expire off
2007/06/06 08:46:25| parse_line: sleep_after_fork 0
2007/06/06 08:46:25| parse_line: minimum_expiry_time 60 seconds
2007/06/06 08:46:25| parse_line: relaxed_header_parser on
2007/06/06 08:46:25| Processing: 'https_port 443
cert=/usr/local/squid/var/cert.pem accel defaultsite=<web server name>'
2007/06/06 08:46:25| parse_line: https_port 443
cert=/usr/local/squid/var/cert.pem accel defaultsite=<web server name>
2007/06/06 08:46:25| Initialising SSL.
2007/06/06 08:46:25| Using SSLv2/SSLv3.
2007/06/06 08:46:25| Using certificate in /usr/local/squid/var/cert.pem
2007/06/06 08:46:25| Using private key in /usr/local/squid/var/cert.pem
Enter PEM pass phrase:
2007/06/06 08:47:53| Comparing private and public SSL keys.
2007/06/06 08:47:53| Setting RSA key generation callback.
2007/06/06 08:47:53| Setting CA certificate locations.
2007/06/06 08:47:53| Not requiring any client certificates
2007/06/06 08:47:53| Processing: 'sslproxy_flags DONT_VERIFY_PEER'
2007/06/06 08:47:53| parse_line: sslproxy_flags DONT_VERIFY_PEER
2007/06/06 08:47:53| Processing: 'cache_peer <web server ip> parent 443
0 no-query originserver ssl sslflags=DONT_VERIFY_PEER Login=PASS '
2007/06/06 08:47:53| parse_line: cache_peer <web server ip> parent 443 0
no-query originserver ssl sslflags=DONT_VERIFY_PEER Login=PASS
2007/06/06 08:47:53| Initialising SSL.
2007/06/06 08:47:53| Using SSLv2/SSLv3.
2007/06/06 08:47:53| Setting RSA key generation callback.
2007/06/06 08:47:53| NOTICE: Peer certificates are not verified for
validity!
2007/06/06 08:47:53| Setting CA certificate locations.
2007/06/06 08:47:53| cbdataLock: 0x83ad6e10
2007/06/06 08:47:53| eventAdd: Adding 'peerClearRR', in 300.000000
seconds
2007/06/06 08:47:53| Processing: 'hierarchy_stoplist cgi-bin ?'
2007/06/06 08:47:53| parse_line: hierarchy_stoplist cgi-bin ?
2007/06/06 08:47:53| Processing: 'acl QUERY urlpath_regex cgi-bin \?'
2007/06/06 08:47:53| parse_line: acl QUERY urlpath_regex cgi-bin \?
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'QUERY'
2007/06/06 08:47:53| Processing: 'cache deny QUERY'
2007/06/06 08:47:53| parse_line: cache deny QUERY
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'QUERY'
2007/06/06 08:47:53| Processing: 'acl apache rep_header Server ^Apache'
2007/06/06 08:47:53| parse_line: acl apache rep_header Server ^Apache
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'apache'
2007/06/06 08:47:53| Processing: 'broken_vary_encoding allow apache'
2007/06/06 08:47:53| parse_line: broken_vary_encoding allow apache
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'apache'
2007/06/06 08:47:53| Processing: 'cache_dir ufs
/usr/local/squid/var/cache 100 16 256'
2007/06/06 08:47:53| parse_line: cache_dir ufs
/usr/local/squid/var/cache 100 16 256
2007/06/06 08:47:53| Processing: 'access_log
/usr/local/squid/var/logs/access.log squid'
2007/06/06 08:47:53| parse_line: access_log
/usr/local/squid/var/logs/access.log squid
2007/06/06 08:47:53| Log definition name 'squid' file
'/usr/local/squid/var/logs/access.log'
2007/06/06 08:47:53| Processing: 'cache_log
/usr/local/squid/var/logs/cache.log'
2007/06/06 08:47:53| parse_line: cache_log
/usr/local/squid/var/logs/cache.log
2007/06/06 08:47:53| Processing: 'refresh_pattern ^ftp: 1440
20% 10080'
2007/06/06 08:47:53| parse_line: refresh_pattern ^ftp: 1440
20% 10080
2007/06/06 08:47:53| Processing: 'refresh_pattern ^gopher: 1440
0% 1440'
2007/06/06 08:47:53| parse_line: refresh_pattern ^gopher: 1440
0% 1440
2007/06/06 08:47:53| Processing: 'refresh_pattern . 0
20% 4320'
2007/06/06 08:47:53| parse_line: refresh_pattern . 0
20% 4320
2007/06/06 08:47:53| Processing: 'acl allout dst <web server
ip>/255.255.255.255 '
2007/06/06 08:47:53| parse_line: acl allout dst <web server
ip>/255.255.255.255
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'allout'
2007/06/06 08:47:53| aclParseIpData: <web server ip>/255.255.255.255
2007/06/06 08:47:53| Processing: 'acl allout2 port 80 '
2007/06/06 08:47:53| parse_line: acl allout2 port 80
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'allout2'
2007/06/06 08:47:53| Processing: 'acl snmppublic snmp_community public'
2007/06/06 08:47:53| parse_line: acl snmppublic snmp_community public
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'snmppublic'
2007/06/06 08:47:53| Processing: 'acl snmp-egi snmp_community <com
string>'
2007/06/06 08:47:53| parse_line: acl snmp-egi snmp_community <com
string>
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'snmp-egi'
2007/06/06 08:47:53| Processing: 'acl all src 0.0.0.0/0.0.0.0'
2007/06/06 08:47:53| parse_line: acl all src 0.0.0.0/0.0.0.0
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'all'
2007/06/06 08:47:53| aclParseIpData: 0.0.0.0/0.0.0.0
2007/06/06 08:47:53| Processing: 'acl manager proto cache_object'
2007/06/06 08:47:53| parse_line: acl manager proto cache_object
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'manager'
2007/06/06 08:47:53| Processing: 'acl localhost src
127.0.0.1/255.255.255.255'
2007/06/06 08:47:53| parse_line: acl localhost src
127.0.0.1/255.255.255.255
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'localhost'
2007/06/06 08:47:53| aclParseIpData: 127.0.0.1/255.255.255.255
2007/06/06 08:47:53| Processing: 'acl to_localhost dst 127.0.0.0/8'
2007/06/06 08:47:53| parse_line: acl to_localhost dst 127.0.0.0/8
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'to_localhost'
2007/06/06 08:47:53| aclParseIpData: 127.0.0.0/8
2007/06/06 08:47:53| Processing: 'acl SSL_ports2 dst <web server
ip>/255.255.255.255'
2007/06/06 08:47:53| parse_line: acl SSL_ports2 dst <web server
ip>/255.255.255.255
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'SSL_ports2'
2007/06/06 08:47:53| aclParseIpData: <web server ip>/255.255.255.255
2007/06/06 08:47:53| Processing: 'acl SSL_ports port 443'
2007/06/06 08:47:53| parse_line: acl SSL_ports port 443
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'SSL_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 80
# http'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 80 # http
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 21
# ftp'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 21 # ftp
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 443
# https'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 443
# https
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 70
# gopher'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 70 # gopher
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 210
# wais'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 210
# wais
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 1025-65535
# unregistered ports'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 1025-65535 #
unregistered ports
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 280
# http-mgmt'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 280
# http-mgmt
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 488
# gss-http'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 488
# gss-http
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 591
# filemaker'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 591
# filemaker
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl Safe_ports port 777
# multiling http'
2007/06/06 08:47:53| parse_line: acl Safe_ports port 777
# multiling http
2007/06/06 08:47:53| aclParseAclLine: Appending to 'Safe_ports'
2007/06/06 08:47:53| Processing: 'acl CONNECT method CONNECT'
2007/06/06 08:47:53| parse_line: acl CONNECT method CONNECT
2007/06/06 08:47:53| aclParseAclLine: Creating ACL 'CONNECT'
2007/06/06 08:47:53| Processing: 'http_access allow manager localhost'
2007/06/06 08:47:53| parse_line: http_access allow manager localhost
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'manager'
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name
'localhost'
2007/06/06 08:47:53| Processing: 'http_access allow allout'
2007/06/06 08:47:53| parse_line: http_access allow allout
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'allout'
2007/06/06 08:47:53| Processing: 'http_access allow allout2'
2007/06/06 08:47:53| parse_line: http_access allow allout2
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'allout2'
2007/06/06 08:47:53| Processing: 'http_access allow SSL_ports'
2007/06/06 08:47:53| parse_line: http_access allow SSL_ports
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name
'SSL_ports'
2007/06/06 08:47:53| Processing: 'http_access allow SSL_ports2'
2007/06/06 08:47:53| parse_line: http_access allow SSL_ports2
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name
'SSL_ports2'
2007/06/06 08:47:53| Processing: 'http_reply_access allow all'
2007/06/06 08:47:53| parse_line: http_reply_access allow all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| Processing: 'http_reply_access allow all'
2007/06/06 08:47:53| parse_line: http_reply_access allow all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| Processing: 'icp_access allow all'
2007/06/06 08:47:53| parse_line: icp_access allow all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| Processing: 'cache_effective_user openssl '
2007/06/06 08:47:53| parse_line: cache_effective_user openssl
2007/06/06 08:47:53| Processing: 'snmp_port 161 '
2007/06/06 08:47:53| parse_line: snmp_port 161
2007/06/06 08:47:53| Processing: 'snmp_access allow snmppublic
localhost'
2007/06/06 08:47:53| parse_line: snmp_access allow snmppublic localhost
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name
'snmppublic'
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name
'localhost'
2007/06/06 08:47:53| Processing: 'snmp_access allow snmp-egi '
2007/06/06 08:47:53| parse_line: snmp_access allow snmp-egi
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'snmp-egi'
2007/06/06 08:47:53| Processing: 'snmp_access deny all'
2007/06/06 08:47:53| parse_line: snmp_access deny all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| Processing: 'snmp_incoming_address 0.0.0.0'
2007/06/06 08:47:53| parse_line: snmp_incoming_address 0.0.0.0
2007/06/06 08:47:53| Processing: 'snmp_outgoing_address 255.255.255.255'
2007/06/06 08:47:53| parse_line: snmp_outgoing_address 255.255.255.255
2007/06/06 08:47:53| Processing: 'coredump_dir
/usr/local/squid/var/cache'
2007/06/06 08:47:53| parse_line: coredump_dir /usr/local/squid/var/cache
2007/06/06 08:47:53| parse_line: ident_lookup_access deny all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| parse_line: reply_body_max_size 0 allow all
2007/06/06 08:47:53| aclParseAccessLine: looking for ACL name 'all'
2007/06/06 08:47:53| parse_line: dns_testnames netscape.com internic.net
nlanr.net microsoft.com
2007/06/06 08:47:53| parse_line: wccp2_service standard 0
2007/06/06 08:47:53| wccp2_add_service_list: added service id 0
2007/06/06 08:47:53| getMyHostname: '<squid box name>' resolved into
'<squid box name>'
2007/06/06 08:47:53| Initialising SSL.
2007/06/06 08:47:53| Using SSLv2/SSLv3.
2007/06/06 08:47:53| Setting RSA key generation callback.
2007/06/06 08:47:53| NOTICE: Peer certificates are not verified for
validity!
2007/06/06 08:47:53| Setting CA certificate locations.
2007/06/06 08:47:53| cachemgrRegister: registered config
2007/06/06 08:47:53| fd_open FD 3 kqueue ctl
2007/06/06 08:47:53| fd_open FD 0 stdin
2007/06/06 08:47:53| fd_open FD 1 stdout
2007/06/06 08:47:53| fd_open FD 2 stderr
2007/06/06 08:47:53| leave_suid: PID 26345 called
Abort trap (core dumped)

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Wednesday, June 06, 2007 4:06 AM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: RE: FW: [squid-users] Cert issue on reserve proxy

tis 2007-06-05 klockan 10:59 -0500 skrev Jason Hitt:
> When I log in as root I get access denied on writing cache due to the
> user account owning the directory, set it back to nobody?

So what account have you told Squid to run as using the
cache_effective_user directive? Directories etc should be owned by that
user.

> cache_peer <web servers ip> parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER Login=PASS

Looks fine to me.

Regards
Henrik
Received on Wed Jun 06 2007 - 08:57:41 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT