ons 2006-12-20 klockan 18:17 +0800 skrev Jasenux Wong: > from the squid (squid -d 9 -N) box i get this: > TCP connection to xxxx/failed > fwNegotiateSSL: Error negotiating SSL connection on FD 13:.... > certificate verify failed (1/-1/0) The CA issuing the certificate used by the server is not trusted by your Squid.. > my squid.conf, > http_port 80 > https_port 443 cert=mycert.pem accel defaultsite=targetwebserver > ssl_unclean_shutdown on > sslproxy_capath /etc/ssl/certs > sslproxy_flags DONT_VERIFY_PEER DONT_VERIFY_DOMAIN > cache_peer targetwebserver parent 443 0 proxy-only no-query default > originserver ssl front-end-https=auto cache_peer has it's own SSL flags etc.. The settings set in sslproxy_* isn't used there. See the cache_peer directive. The sslproxy_* directives is used by Squid when forwarding requests direct or via "normal" proxy type peers (not origin type).. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
