On Tue, 6 Dec 2011 14:43:31 +0100, Sean Boran wrote:
Hi,
Hmm. Is that negotiation between browser and squid or between squid
and the destination site?
*client*NegotiateSSL is the client browser/agent.
Openssl is 0.9.8k (standard with Ubuntu Lucid 10.04)
I wiped /var/lib/squid_ssl_db/certs, and re-ran
/usr/local/squid/libexec/ssl_crtd -c -s /var/lib/squid_ssl_db
/var/lib/squid_ssl_db/certs
so that new certs would be generated.
... and so far, no crashes.
It this resolves the issue, the perhaps the problem was that I
changed
the proxy's CA key several times during tests, so some target sites
would have generated with different CA keys, and would have still be
cached in /var/lib/squid_ssl_db/certs.
The lesson would then be to empty /var/lib/squid_ssl_db/certs if one
changes the CA key :-)
Er. Yes.
(updating the docs now to make sure that is mentioned).
Amos
