On 3/06/2015 2:46 a.m., Klavs Klavsen wrote: > Amos Jeffries wrote on 06/02/2015 04:10 PM: >> On 3/06/2015 1:45 a.m., Klavs Klavsen wrote: >>> Thank you Amos. >>> >>> I'll build 3.5.5 then.. >>> >>> any config changes I need to be aware of? >> >> --with-openssl instead of --enable-ssl is the only one that comes to >> mind right now. The release notes for 3.4 and 3.5 have the lists. >> > > I borrowed the spec from fedora 23.. :) > > After installing 3.5.5 instead - it now complains when trying to issue > certificate :( > > squid cache log says: > Error negotiating SSL connection on FD 10: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate > > client gets: > curl: (51) SSL: certificate subject name '64.233.184.103' does not match > target host name 'www.google.com' > > any hints for tests I can do, to figure out the problem would be very > much appreciated :) James Lay has just done some good investigations in his "SSL-bump deep dive" thread(s). Compare what he came up with to your config Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
