Re: https --> http reverse proxy problem

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Mirabello Massimiliano wrote:
>  
>
> > -----Original Message-----
> > From: Mirabello Massimiliano 
>
> > > -----Original Message-----
> > > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
> > > Sent: Wednesday, April 02, 2008 1:11 AM
> > > To: Mirabello Massimiliano
> > > Cc: Squid Users
> > > Subject: Re:  https --> http reverse proxy problem
> > >
> > > tis 2008-04-01 klockan 17:55 +0200 skrev Mirabello Massimiliano:
> > > > My cache.log reports:
> > > > 2008/04/01 17:53:50| clientNegotiateSSL: Error negotiating SSL 
> > > > connection on FD 11: error:140B512D:SSL 
> > > > routines:SSL_GET_NEW_SESSION:ssl session id callback failed (1/-1)
> > > Hmm.. that's a new one.
> > >
> > > Which version of OpenSSL are you using?
> >  IPAHU016 > openssl version
> >  OpenSSL 0.9.6k 30 Sep 2003
> >
> > > Try setting sslcontext=something on your https_port, may make a 
> > > difference (very related to session ids).
> > I tried but nothing changed. Still get the same error.
>
> I think I found where the problem is:
>
> IPAHU016 > squid -v
> Squid Cache: Version 2.6.STABLE16
> configure options:  '--prefix=/opt/iexpress/squid' '--enable-carp'
> '--enable-storeio=ufs,null,coss,diskd,aufs' '--enable-pthreads'
> '--enable-removal-policies=heap,lru' '--enable-icmp'
> '--enable-delay-pools' '--enable-kill-parent-hack' '--enable-snmp'
> '--enable-cachemgr-hostname' '--enable-htcp' '--enable-forw-via-db'
> '--enable-cache-digests' '--enable-underscores'
> '--enable-basic-auth-helpers=LDAP,SMB,MSNT,NCSA,PAM,YP,multi-domain-NTLM
> ' '--enable-ssl' *****'--with-openssl=/opt/openssl'
> *****'--enable-ntlm-auth-helpers=SMB,fakeauth'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_grou
> p' '--enable-ntlm-fail-open' '--enable-x-accelerator-vary' 'CC=gcc
> -static-libgcc ' 'CFLAGS=-g' 'LDFLAGS=-Wl,+nodefaultrpath
> -L/opt/openssl/lib -L/opt/iexpress/openldap/lib -L/usr/local/lib
> -L/usr/lib' 'CPPFLAGS=-I/opt/iexpress/openldap/include
> -I/opt/openssl/include'
>
> IPAHU016 > ls -ltr /opt/openssl
> /opt/openssl not found
>
>
> The binary package I use has been compiled with option
> '--with-openssl=/opt/openssl', so I think squid looks for openssl in
> /opt and doesn't find it.
>
> There is a way to instruct squid to look for openssl on other path?

You could re-compile from sources.

OR you could make that path exist as a symlink to where its supposed to 
be on your system.

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4