On 23/04/2016 7:02 a.m., Zee wrote: > I am doing SSL bump it seems like Squid utilizes openssl library. I went ahead and updated openssl library to reflect new CA certificates, but it still fails to work and I see the following error. > "The system returned: > (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)" > Upgraded the library with the following yum install ca-certificates > > --> Running transaction check > ---> Package ca-certificates.noarch 0:2014.1.98-65.1.el6 will be updated > ---> Package ca-certificates.noarch 0:2015.2.6-65.0.1.el6_7 will be an update > The date in that package name (Feb 2015) seems to still be very old. IME the global CA certs list changes every month or two. Particularly in the past year when all CA have been rolling over to 2048 or 4096 bit crypto. > But it still fails to work. > Squid version? The latest 4.0.9 (beta) and 3.5.17 releases contain several bug fixes to intermediate cert handling that might show up like this. What CA certificate can't be found? If needed you can always workaround it by loading the CA cert into Squid explicitly. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
