[squid-users] Re: squid 3.1 - endless loop IIS webserver

From: kadvar <kadvar_at_gmail.com>
Date: Tue, 13 Mar 2012 01:21:54 -0700 (PDT)

Hi,

Hi, Thanks for that. I tried your recommendations and now I get this.

2012/03/13 12:11:25| clientNegotiateSSL: Error negotiating SSL connection on
FD 18: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
(1/0)
2012/03/13 12:11:25| clientNegotiateSSL: Error negotiating SSL connection on
FD 20: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
(1/0)
2012/03/13 12:11:27| clientNegotiateSSL: Error negotiating SSL connection on
FD 18: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
(1/0)

Adding ssl sslflags=NO_VERIFY_PEER to the cache_peer line gives:

2012/03/13 12:35:23| TCP connection to 192.168.124.169/443 failed
2012/03/13 12:35:23| SSL unknown certificate error 20 in /CN=savitr69
2012/03/13 12:35:23| SSL unknown certificate error 20 in /CN=savitr69
2012/03/13 12:35:23| fwdNegotiateSSL: Error negotiating SSL connection on FD
20: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1/0)

I'm a bit confused about the actual interaction between squid and the
backend IIS server. The programmer has generated an ssl cert on the iis
server, I have generated an ssl cert on squid. When I type
https://www.example.com/Login.aspx, it asks me to add an exception for the
squid box but the request now hangs at the iis server.

As per my understanding according to the current setup, when a user visits
www.example.com/Login.aspx he is presented with a "Add exception" window for
the squid box, after accepting he should again be presented with an "add
exception" window from the iis server, this never happens. Is there a better
way to do this?

Thanks,
Adi

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-1-endless-loop-IIS-webserver-tp4465329p4468478.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Mar 13 2012 - 08:21:57 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 13 2012 - 12:00:09 MDT