I was running squid as nobody:nogroup but made a user for squid and added it to cache_effective_user, logged in as the user and run the openssl command. Got whats below. Why does it say protocol is TLS, shouldn't it be sslv3?
CONNECTED(00000004)
depth=0 /CN=<url>
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=<url>
verify return:1
---
Certificate chain
0 s:/CN=<url>
i:/CN=<url>
---
Server certificate
-----BEGIN CERTIFICATE-----
<cert info>
-----END CERTIFICATE-----
subject=/CN=<url>
issuer=/CN=<url>
---
No client certificate CA names sent
---
SSL handshake has read 659 bytes and written 324 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 7E1B0000FBDFFEC0CE1EAAAAA79B9A990AEDB5D92D7F3F6A0E213610D3EDC49E
Session-ID-ctx:
Master-Key: <key info>
Key-Arg : None
Start Time: 1181055015
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, June 04, 2007 4:37 PM
To: Jason Hitt
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: RE: Cert issue on reserve proxy
mån 2007-06-04 klockan 11:20 -0500 skrev Jason Hitt:
> When I added it to cache_effective_user as you mentioned I states theres no account named "openssl". I made one just to see if that's what you meant and gave the openssl account ownership of the logs and caches as needed butI get an abort trap. I'm stumped. Abort to do a port mirror and wireshark the ssl exchange.
I want you to run the openssl s_client command as the cache_effective_user on your Squid server, whatever that is on your server, not as root.
I do not want you to change the cache_effective_user in suqid.conf at all. Just to run the openssl command as the user cache_effective_user is set to run Squid under..
Regards
Henrik
