Hi, I'm running a squid 2.7.STABLE3 on a SLES10 as a normal proxy. For content-filtering we are using squidguard which redirects a user to a special page if he hits a blocked page. If the redirect goes to a http page everthing works as expeced. But if the redirect goes to a https page, the user gets a errorpage saying that the connection failed and the system returned '(71) Protocol error'. In the cache.log a error is printed (attached). A deny_info to the https page works without any problem. When i'm adding 'sslproxy_flags DONT_VERIFY_PEER' to the squid.conf the error disappears. The question is now: is the sslproxy_flags method opening any holes in the setup or is there an other way for solving this problem? Thanks in advance part of the cache.log (cut the detail about the certificate): 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
