-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Now I have: root @ cthulhu /etc/opt/csw/ssl/certs # ls -al *.pem|wc -l 210 root and intermediate CA's. Most known I can found. Note: all of them was wound in different places - in addition with Mozilla's bundle, shipped with OpenSSL. How I can found, which is absent? And how to support this heap? In practice? Manually with CLI openssl? Ok, but how to identify problem URL, when Squid's load over 100 requests per second? 04.02.2015 0:31, Amos Jeffries пишет: > On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents, >> >> I think, will be good to add advanced debug options to ssl_crtd to avoid >> this: >> >> 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL >> connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 >> alert unknown ca (1/0) >> >> Now we have no one tools to diagnose the situations above. Excluding own >> eyes and brains. And - telepathy. >> >> Amos, >> >> is it possible to get more informative diagnostics? URL will be enough. > > I dont think we can without re-writing OpenSSL library operations > directly in Squid. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU0RhxAAoJENNXIZxhPexGBXMH/iyom3/HPCkQB0xpAOZ7UdD0 aW5DhdzmGuaVQFbtxB4rkD+fd0KUxi3l0aOctE7xEjJFwB3R1BqjTqWD7Kw/N5I2 KaWUkxMHG2yxAjBqlOU/8ViJCpu4bq7aKQJWlfivr+qcH2QREUm5Q6cB9g18GKNy mnS4qX7tcLp5mCtZAP4da9JkU9SqJy43AYkrPQTWVXKAz+ctZRDZVNzibhfIydmI xXGy7iiUwwzJRLojjrp1WVpYQPV899EkhKxmFCW8uTqxMmzagDb5MmpHeaN7YyiN VRnBD8dmiD0tZd1W69wlelVpfgdJJnOPF3UFYC97MHyBaVTDMCM6ZZOIS8xTyrQ= =fqa6 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
