[squid-users] 3.1.15 squid report ERR_SECURE_CONNECT_FAIL on peer with self-signed cert

From: 叶雨飞 <sunyucong_at_gmail.com>
Date: Fri, 2 Mar 2012 10:57:13 -0800

Hi,

I've been trying to use a SSL connection to an parent squid proxy, and
the child squid always fails even I specifically asked it to stop
verifying stuff

here's the relevant config on child

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN
cache_peer x.x.x.x parent 8443 0 no-digest no-query default ssl
sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN,NO_DEFAULT_CA
sslcert=ssl.pem sslkey=ssl.key

and this appears in the cache.log

2012/03/03 02:50:51| fwdNegotiateSSL: Error negotiating SSL connection
on FD 11: error:00000000:lib(0):func(0):reason(0) (5/-1/104)

I've verified the parent side works fine, in fact, the server side has
been implemented using stunnel and it works fine if I setup stunnel in
local and tunnel squid through it.

Cheers.
Received on Fri Mar 02 2012 - 18:57:41 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 03 2012 - 12:00:02 MST