Hey Yuri,
From what I remember before squid passes data into ssl_crtd can debug
the certificates of the requested sites.
If you will record\log them you can run a script throw them and find the
culprit pretty fast(relatively).
What debug sections have you tried using to debug it?
Since squid uses openssl libs it's probably do not know about the CA and
there for not much details about it.
I would say that the URL is not important in the case of an intercept proxy.
In the case it's a regular forward proxy with ssl_bump you can run throw
the list of CONNECT requests which logged before the decryption of the
tunnel.
What squid.conf rules are you using?
I noticed you assume that squid passes URL to ssl_crtd and it's not how
it works.
All The Bests,
Eliezer
On 03/02/2015 16:26, Yuri Voinov wrote:
Hi gents,
I think, will be good to add advanced debug options to ssl_crtd to avoid
this:
2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
Now we have no one tools to diagnose the situations above. Excluding own
eyes and brains. And - telepathy.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
