On 10/09/2013 8:13 p.m., Loïc Blot wrote:
Hello all, i don't know if it's a bug, but there is a strange issue with https_port when ipv6 is enabled. I have 4 squid 3.3.8 proxies (on OpenBSD 5.2). 2 on IPv4 only and 2 with both IPv4 and IPv6. On IPv4 only this configuration line works (--disable-ipv6 option enabled): https_port 3130 intercept ssl-bump cert=/etc/ssl/wildcard-proxies.crt key=/etc/ssl/wildcard-proxies.key On IPv4 and IPv6 squid proxies, squid doesn't accept the certificates: FATAL: No valid signing SSL certificate configured for https_port 0.0.0.0:3130 I haven't found solutions on the web. Any idea ?
OpenBSD uses what is known as a "split" TCP stack, where IPv4 and IPv6 require two sockets opened. Squid automatically separates the wildcard ports configured but the SSL certificates details are not cloned during that split.
Until that is fixed you will have to configure the IPv4 and IPv6 versios of the port separately like this:
http_port 0.0.0.0:3130 ... http_port [::]:3130 ... Amos
