On 07/12/17 20:47, G~D~Lunatic wrote:
my squid is a transparent proxy.
the cache.log shows that
2017/12/07 15:42:53 kid1| Error negotiating SSL connection on FD 175:
Closed by client
2017/12/07 15:42:54 kid1| Error negotiating SSL on FD 95:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1/0)
2017/12/07 15:42:55 kid1| Error negotiating SSL connection on FD 124:
Closed by client
2017/12/07 15:42:56 kid1| Error negotiating SSL on FD 52:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1/0)
what's the problem? thank you
Four log lines talking about four different connections (FD's).
Two of them are "Closed by client".
Two of them "certificate verify failed" for the remote server certificate.
For those server certificates the relevant options are the sslproxy_* or
tls_outgoing_options directives in your squid.conf.
* Maybe your system CA certificates are outdated, check for that and update.
* Maybe the server cert is missing intermediates certs from its chain.
In Squid-3.5 use sslproxy_foreign_intermediate_certs to inform squid of
extra intermediate certs that might be missing.
* Maybe the server cert is actually invalid. That happens a lot,
especially on dodgy traffic.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
