On 10/09/2013 8:13 p.m., Loïc Blot wrote:
> Hello all,
> i don't know if it's a bug, but there is a strange issue with https_port
> when ipv6 is enabled.
>
> I have 4 squid 3.3.8 proxies (on OpenBSD 5.2). 2 on IPv4 only and 2 with
> both IPv4 and IPv6.
>
> On IPv4 only this configuration line works (--disable-ipv6 option
> enabled):
>
> https_port 3130 intercept ssl-bump cert=/etc/ssl/wildcard-proxies.crt
> key=/etc/ssl/wildcard-proxies.key
>
> On IPv4 and IPv6 squid proxies, squid doesn't accept the certificates:
> FATAL: No valid signing SSL certificate configured for https_port
> 0.0.0.0:3130
>
> I haven't found solutions on the web. Any idea ?
OpenBSD uses what is known as a "split" TCP stack, where IPv4 and IPv6
require two sockets opened. Squid automatically separates the wildcard
ports configured but the SSL certificates details are not cloned during
that split.
Until that is fixed you will have to configure the IPv4 and IPv6 versios
of the port separately like this:
http_port 0.0.0.0:3130 ...
http_port [::]:3130 ...
Amos
Received on Wed Sep 11 2013 - 02:02:43 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 11 2013 - 12:00:04 MDT