[squid-users] Re: Squid 2.7+SSL on Windows will not proxy SSL requests

Can anyone help me with this?
Am I missing something obvious?

On Thu, Sep 30, 2010 at 11:09 AM, Jake Hawkes <jakehawkes_at_computer.org> wrote:
> Hello,
>
> I am running Squid 2.7.STABLE8 on Windows XP.  I am primarily doing
> this for convenience for myself, since I often change from the
> locked-down work environment to home, and having to change the proxy
> config every time is a bother.
>
> The idea is that Squid is configured to be the proxy in all the places
> where this is needed, and then it will contact the parent at work, or
> the internet at home.
>
> This all works great.  I have even managed to allow my iPad to access
> the internet while at work, which is great because the iPad can't
> authenticate with the proxy at work.
>
> It all falls down with HTTPS however.
>
> I honestly can't remember if this has ever worked, (I seem to think it
> did) but now I am completely stumped.
> I have checked the windows firewall, and it is off.
> I have downloaded the SSL package from acme, and there is no
> difference in the behaviour.
>
> The SSL connections from the browser timeout.  Chome reports "Waiting
> for proxy tunnel" in the status bar, and then fails with this error:
> Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
>
> I've tried to enable SSL debugging, but that seems to result in no
> logging at all.  This seems to be a bug seperate to my problem.
>
> Here's hoping someone out there can help =)
>
> Regards,
>
>  - Jake
>
> squid.conf
> ========================================================================
> http_port 8082
> # work settings
> acl INTERNAL src 172.28.0.0/255.255.0.0
> cache_peer 172.25.x.y parent 8080 0      no-query default proxy-only
> login=<user>:<pass> no-digest
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl NAUGHTY_STUFF dstdom_regex -i "c:\squid\etc\domain_blacklist"
> acl PollingAPIs   dstdom_regex -i "c:\squid\etc\pollingAPIs"
> acl BLOCKED    dstdom_regex -i "c:\squid\etc\abg_blocked"
> http_access deny NAUGHTY_STUFF
> http_access allow PollingAPIs
> http_access allow manager localhost
> http_access deny manager
> http_access deny BLOCKED
> http_access allow localhost
> http_access allow INTERNAL
> http_access deny all
> #never_direct allow all
> icp_access deny all
> # debug ACL matching
> # debug_options 28,3
> # debug SSL
> # debug_options 83, 3
> # debug URL parsing
> # debug_options 23,3
> cache_effective_user squid
> cache_effective_group wheel
> httpd_suppress_version_string on
> snmp_access deny all
> visible_hostname a_computer
> cachemgr_passwd 5432 all
> #seconds.ms responsetime clientIP squidReqStat/HTTPStat replySize reqMethod
> # reqUrl username squidHeirarchyStatus/serverOrPeerIP mime
> logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
> # localtime, clientIP, reqURL, squidReqStat/HTTPStat, replySize,
> logformat accessFormat %{%d/%b/%Y:%H:%M:%S}tl,%>a, %ru, %Ss/%03Hs, %<st
> #access_log stdio:c:/squid/var/logs/localhost.access.log accessFormat localhost
> #access_log stdio:c:/squid/var/logs/internal.access.log accessFormat INTERNAL
> #access_log stdio:c:/squid/var/logs/pollingAPIs.access.log
> accessFormat PollingAPIs
> access_log stdio:c:/squid/var/logs/access.log accessFormat
> cache_log c:/squid/var/logs/cache.log
> cache_store_log none
> log_mime_hdrs none
> useragent_log none
> referer_log none
> pid_filename c:/squid/var/logs/squid.pid
> strip_query_terms off
>
>
>
> cache.log
> ========================================================================
> 2010/09/30 10:44:50| Starting Squid Cache version 2.7.STABLE8 for
> i686-pc-winnt...
> 2010/09/30 10:44:50| Running on Windows XP
> 2010/09/30 10:44:50| Process ID 5072
> 2010/09/30 10:44:50| With 2048 file descriptors available
> 2010/09/30 10:44:50| With 512 CRT stdio descriptors available
> 2010/09/30 10:44:50| Windows sockets initialized
> 2010/09/30 10:44:50| Using select for the IO loop
> 2010/09/30 10:44:50| Performing DNS Tests...
> 2010/09/30 10:44:50| Successful DNS name lookup tests...
> 2010/09/30 10:44:50| DNS Socket created at 0.0.0.0, port 4787, FD 4
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding domain x.x.x.x  from Registry
> 2010/09/30 10:44:50| User-Agent logging is disabled.
> 2010/09/30 10:44:50| Referer logging is disabled.
> 2010/09/30 10:44:50| logfileOpen: opening log stdio:c:/squid/var/logs/access.log
> 2010/09/30 10:44:50| Unlinkd pipe opened on FD 7
> 2010/09/30 10:44:50| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
> 2010/09/30 10:44:50| Target number of buckets: 425
> 2010/09/30 10:44:50| Using 8192 Store buckets
> 2010/09/30 10:44:50| Max Mem  size: 8192 KB
> 2010/09/30 10:44:50| Max Swap size: 102400 KB
> 2010/09/30 10:44:50| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2010/09/30 10:44:50| Store logging disabled
> 2010/09/30 10:44:50| Rebuilding storage in c:/squid/var/cache (CLEAN)
> 2010/09/30 10:44:50| Using Least Load store dir selection
> 2010/09/30 10:44:50| Current Directory is C:\squid
> 2010/09/30 10:44:50| Loaded Icons.
> 2010/09/30 10:44:50| Accepting proxy HTTP connections at 0.0.0.0, port
> 8082, FD 12.
> 2010/09/30 10:44:50| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
> 2010/09/30 10:44:50| Accepting HTCP messages on port 4827, FD 14.
> 2010/09/30 10:44:50| Accepting SNMP messages on port 3401, FD 15.
> 2010/09/30 10:44:50| Configuring 172.25.x.y  Parent 172.25.x.y /8080/0
> 2010/09/30 10:44:50| Ready to serve requests.
> 2010/09/30 10:44:50| Done reading c:/squid/var/cache swaplog (1106 entries)
> 2010/09/30 10:44:50| Finished rebuilding storage from disk.
> 2010/09/30 10:44:50|      1106 Entries scanned
> 2010/09/30 10:44:50|         0 Invalid entries.
> 2010/09/30 10:44:50|         0 With invalid flags.
> 2010/09/30 10:44:50|      1106 Objects loaded.
> 2010/09/30 10:44:50|         0 Objects expired.
> 2010/09/30 10:44:50|         0 Objects cancelled.
> 2010/09/30 10:44:50|         0 Duplicate URLs purged.
> 2010/09/30 10:44:50|         0 Swapfile clashes avoided.
> 2010/09/30 10:44:50|   Took 0.1 seconds (11766.0 objects/sec).
> 2010/09/30 10:44:50| Beginning Validation Procedure
> 2010/09/30 10:44:51|   Completed Validation Procedure
> 2010/09/30 10:44:51|   Validated 1106 Entries
> 2010/09/30 10:44:51|   store_swap_size = 23708k
> 2010/09/30 10:44:51| storeLateRelease: released 0 objects
> access.log
> ========================================================================
> 30/Sep/2010:10:43:46,127.0.0.1, mail.google.com:443, TCP_MISS/000, 0
> 30/Sep/2010:10:48:01,127.0.0.1, www.dropbox.com:443, TCP_MISS/504, 0
>

-- 
----
jakehawkes_at_computer.org
+34 670 683 799