Alex Rousskov wrote:
On 11/07/2016 11:59 AM, L. A. Walsh wrote:
I have the SSL bump feature setup and so far have been happy with
it, but today, I got an error from a website,
You got an error from Squid, not a website.
saying they detect my
ability to monitor my webtraffic and refuse to allow it:
Actually, the error says that Squid refuses to trust the web server.
---
Really. Interesting (so much for my ability to understand
error messages...)
The system returned:
(71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See
www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized
use only/CN=Entrust Root Certification Authority - G2
... because your Squid/OpenSSL setup does not trust the above root
certificate at the end of the server certificate chain.
---
Weird. I don't know who they are... it is on/for a US gov
website... Given all the hacks going on recently, not so sure
I should just accept it.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
