Search squid archive

Re: Existing root certificate not working with SSL Bump (squid 3.3.10)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



squid -v:

Squid Cache: Version 3.3.10
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/bloxx-squid3' '--srcdir=.'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--with-logdir=/var/log/squid3'
'--with-swapdir=/var/spool/squid3' '--with-pidfile=/var/run/squid3.pid'
'--enable-dependency-tracking' '--enable-wccp' '--enable-wccp2'
'--disable-icmp' '--disable-htcp' '--disable-ident-lookups' '--disable-poll'
'--enable-ssl' '--enable-epoll' '--enable-delay-pools'
'--enable-default-languages=English' '--enable-err-languages=English'
'--enable-storeio=diskd,ufs,aufs' '--enable-async-io' '--enable-auth'
'--enable-basic-auth-helpers=LDAP,NCSA'
'--enable-digest-auth-helpers=password' '--enable-icap-client'
'--enable-underscores' '--with-maxfd=65536' '--with-default-user=proxy'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wall'

apparmor_status:

apparmor module is loaded.
7 profiles are loaded.
7 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/freshclam
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/clamd
   /usr/sbin/ntpd
   /usr/sbin/tcpdump
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
   /usr/bin/freshclam (1206)
   /usr/sbin/ntpd (1942)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

ip addr:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
    link/ether 00:15:5d:28:60:31 brd ff:ff:ff:ff:ff:ff
    inet 192.168.137.138/24 brd 192.168.137.255 scope global eth0
3: gre0: <NOARP> mtu 1476 qdisc noop state DOWN
    link/gre 0.0.0.0 brd 0.0.0.0

Unfortunately, these CA certificates aren't ones that I have created, and I
don't know what OpenSSL config flags might have been used to create them. We
have had them in use with other proxy software without getting any errors or
browser warnings once the root is installed. It's only with this server that
we get errors and warnings, even with the same cert installed in the
browser/on the machine.

I don't really want to share any other specific info (certs, IP addresses)
publicly, but let me know if you need them for testing and I will email them
to you.



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Existing-root-certificate-not-working-with-SSL-Bump-squid-3-3-10-tp4668515p4668670.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux