Search squid archive

usage of sslcapath in cache_peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

I have a question about using sslcapath in cache_peer.  My server.example.com has a self-signed cert, which I imported into my squid box under /data/certs.  The following cache_peer line actually worked.  However, if I remove the sslcafile, squid won't verify the self-signed cert.

cache_peer server.example.com parent 443 0 \
       no-query originserver ssl \
       forceddomain=server.example.com \
       login=PASS \
       sslcert=/data/certs/certificate sslkey=/data/certs/key \
       ssloptions=NO_SSLv2,NO_SSLv3 \
       sslcafile=/data/cacerts/72af835f.0 \
       sslcapath=/data/cacerts

[admin@dsg214 cacerts]# ls -l
total 0
lrwxrwxrwx 1 admin root 53 Feb 18 00:22 35fa123a.0 -> ../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt

Running openssl command from the squid box verified the certificate chain ok with the -CApath option, which really puzzled me.
# openssl s_clients -CApath /data/certs -connect server.example.com:443

Any ideas?

Thanks,
Hector


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux