> Hi,
>
> I want to enable SSL bumping with Squid.
> This function is disabled in Debian version of Squid (Lenny,
> Lenny-backports and Squeeze), so I decided to compile Squid from source.
>
> Squid version: 3.1.8
>
> ./configure --prefix=/usr/local/squid \
> --enable-inline \
> --enable-async-io=8 \
> --enable-storeio="ufs,aufs,diskd" \
> --enable-removal-policies="lru,heap" \
> --enable-delay-pools \
> --enable-cache-digests \
> --enable-icap-client \
> --enable-follow-x-forwarded-for \
> --enable-auth="basic,digest,ntlm,negotiate" \
>
.......
>
> /usr/local/squid/sbin/squid output:
> 2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
> squid.conf:1155 unrecognized: 'https_port'
> 2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
> squid.conf:1156 unrecognized: 'ssl_bump'
> 2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
> squid.conf:1537 unrecognized: 'ssl_bump'
> 2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
> squid.conf:5625 unrecognized: 'sslproxy_cert_error'
> 2010/09/09 11:23:43| cache_cf.cc(363) parseOneConfigFile:
> squid.conf:5626 unrecognized: 'sslproxy_flags'
>
> What am I doing wrong?
./configure --help | grep ssl
--enable-ssl Enable ssl gatewaying support using OpenSSL
--with-openssl{=PATH} Compile with the OpenSSL libraries. The path to the
It looks like '--with-ssl' doesn't work, you should use '--enable-ssl'
also since 3.1.7 "sslBump" is deprecated, you should move to
"ssl-bump" : http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_7.html
have a look at ./src/squid.conf.documented line 1045
>http_port 8080
>https_port 8443 sslBump cert=/etc/ssl/certs/certificate.pem
I am quite new to squid but I don't think this is going to do what you
want judging by your config file without any "cache_peer"
https_port as stated in the documentation is really only useful when
running squid as an accelerator. you should use
"http_port 8080 ssl-bump cert=/etc/ssl/certs/certificate.pem" instead
and remove https_port
Guillaume.
