I tried to install a joomla-Plugin from behind squid. It didn't work. I could reproduce the error using the following php-script: > <?php > $url="https://downloads.joomla.org/extensions/install-from-web/1-1-1/ plg_webinstaller_3.7v1.1.1.zip"; > $ctx = stream_context_create(['http' => ['proxy' => "tcp://$proxy:$port"], > 'ssl' => ['capture_session_meta' => TRUE]]); > $html = file_get_contents($url , FALSE, $ctx); > $meta = stream_context_get_options($ctx)['ssl']['session_meta']; > var_dump($meta); > ?> Results in: > PHP Warning: file_get_contents(): Peer certificate CN=`*.s3-us- west-2.amazonaws.com' did not match expected CN=`downloads.joomla.org' in / tmp/test.php on line 5 > PHP Warning: file_get_contents(https://downloads.joomla.org/extensions/ install-from-web/1-1-1/plg_webinstaller_3.7v1.1.1.zip): failed to open stream: Cannot connect to HTTPS server through proxy in /tmp/test.php on line 5 For $url="https://cdn.joomla.org/images/Joomla_logo.png"; it works. Squid produces the following log: 2018/03/10 13:19:48.252 kid1| 5,2| TcpAcceptor.cc(226) doAccept: New connection on FD 17 2018/03/10 13:19:48.252 kid1| 5,2| TcpAcceptor.cc(317) acceptNext: connection on local=localhost:localport remote=[::] FD 17 flags=9 2018/03/10 13:19:48.252 kid1| 17,2| QosConfig.cc(126) getNfmarkFromConnection: QOS: Failed to retrieve connection mark: (-1) (1) Operation not permitted (Destination localhost:localport, source localhost:47200) 2018/03/10 13:19:48.252 kid1| 11,2| client_side.cc(1329) parseHttpRequest: HTTP Client local=localhost:localport remote=localhost:47200 FD 18 flags=1 2018/03/10 13:19:48.252 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST: --------- CONNECT downloads.joomla.org:443 HTTP/1.0 ---------- 2018/03/10 13:19:48.253 kid1| 85,2| client_side_request.cc(755) clientAccessCheckDone: The request CONNECT downloads.joomla.org:443 is ALLOWED; last ACL checked: all 2018/03/10 13:19:48.253 kid1| 85,2| client_side_request.cc(731) clientAccessCheck2: No adapted_http_access configuration. default: ALLOW 2018/03/10 13:19:48.253 kid1| 85,2| client_side_request.cc(755) clientAccessCheckDone: The request CONNECT downloads.joomla.org:443 is ALLOWED; last ACL checked: all 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(282) peerSelectDnsPaths: Find IP destination for: downloads.joomla.org:443' via downloads.joomla.org 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(303) peerSelectDnsPaths: Found sources for 'downloads.joomla.org:443' 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(304) peerSelectDnsPaths: always_direct = DENIED 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(305) peerSelectDnsPaths: never_direct = DENIED 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(309) peerSelectDnsPaths: DIRECT = local=0.0.0.0 remote=72.29.124.146:443 flags=1 2018/03/10 13:19:48.253 kid1| 44,2| peer_select.cc(318) peerSelectDnsPaths: timedout = 0 2018/03/10 13:19:48.925 kid1| 33,2| client_side.cc(585) swanSong: local=localhost:localport remote=localhost:47200 flags=1 ==> /var/log/squid/access.log <== localhost - - [10/Mar/2018:13:19:48 +0000] "CONNECT downloads.joomla.org:443 HTTP/1.0" 200 5843 "-" "-" TCP_TUNNEL:HIER_DIRECT [] [] ==> /var/log/squid/cache.log <== 2018/03/10 13:19:48.927 kid1| 5,2| TcpAcceptor.cc(226) doAccept: New connection on FD 17 2018/03/10 13:19:48.928 kid1| 5,2| TcpAcceptor.cc(317) acceptNext: connection on local=localhost:localport remote=[::] FD 17 flags=9 2018/03/10 13:19:48.928 kid1| 17,2| QosConfig.cc(126) getNfmarkFromConnection: QOS: Failed to retrieve connection mark: (-1) (1) Operation not permitted (Destination localhost:localport, source localhost:47206) 2018/03/10 13:19:48.972 kid1| 11,2| client_side.cc(1329) parseHttpRequest: HTTP Client local=localhost:localport remote=localhost:47206 FD 18 flags=1 2018/03/10 13:19:48.972 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST: --------- CONNECT s3-us-west-2.amazonaws.com:443 HTTP/1.0 ---------- 2018/03/10 13:19:48.973 kid1| 85,2| client_side_request.cc(755) clientAccessCheckDone: The request CONNECT s3-us-west-2.amazonaws.com:443 is ALLOWED; last ACL checked: all 2018/03/10 13:19:48.973 kid1| 85,2| client_side_request.cc(731) clientAccessCheck2: No adapted_http_access configuration. default: ALLOW 2018/03/10 13:19:48.973 kid1| 85,2| client_side_request.cc(755) clientAccessCheckDone: The request CONNECT s3-us-west-2.amazonaws.com:443 is ALLOWED; last ACL checked: all 2018/03/10 13:19:48.973 kid1| 44,2| peer_select.cc(282) peerSelectDnsPaths: Find IP destination for: s3-us-west-2.amazonaws.com:443' via s3-us- west-2.amazonaws.com 2018/03/10 13:19:49.006 kid1| 44,2| peer_select.cc(303) peerSelectDnsPaths: Found sources for 's3-us-west-2.amazonaws.com:443' 2018/03/10 13:19:49.006 kid1| 44,2| peer_select.cc(304) peerSelectDnsPaths: always_direct = DENIED 2018/03/10 13:19:49.006 kid1| 44,2| peer_select.cc(305) peerSelectDnsPaths: never_direct = DENIED 2018/03/10 13:19:49.006 kid1| 44,2| peer_select.cc(309) peerSelectDnsPaths: DIRECT = local=0.0.0.0 remote=52.218.192.176:443 flags=1 2018/03/10 13:19:49.006 kid1| 44,2| peer_select.cc(318) peerSelectDnsPaths: timedout = 0 2018/03/10 13:19:49.618 kid1| 33,2| client_side.cc(585) swanSong: local=localhost:localport remote=localhost:47206 flags=1 ==> /var/log/squid/cache.log <== 2018/03/10 13:19:49.619 kid1| ctx: enter level 0: 'https://example.com/tmp/ test.php' 2018/03/10 13:19:49.619 kid1| 11,2| http.cc(720) processReplyHeader: HTTP Server local=intProxIp:35486 remote=intWebIp:443 FD 12 flags=1 2018/03/10 13:19:49.620 kid1| 11,2| http.cc(724) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 200 OK Date: Sat, 10 Mar 2018 13:19:48 GMT Server: Apache Strict-Transport-Security: max-age=15768000 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Length: 196 Keep-Alive: timeout=360, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 ---------- ==> /var/log/squid/access.log <== localhost - - [10/Mar/2018:13:19:49 +0000] "CONNECT s3-us- west-2.amazonaws.com:443 HTTP/1.0" 200 3237 "-" "-" TCP_TUNNEL:HIER_DIRECT [] [] ==> /var/log/squid/cache.log <== 2018/03/10 13:19:49.620 kid1| ctx: exit level 0 2018/03/10 13:19:49.620 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable 2018/03/10 13:19:49.620 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable 2018/03/10 13:19:49.620 kid1| 88,2| client_side_reply.cc(2083) processReplyAccessResult: The reply for GET https://example.com/tmp/test.php is ALLOWED, because it matched all 2018/03/10 13:19:49.620 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=intProxIp:3128 remote=requestingIp:50115 FD 10 flags=1 2018/03/10 13:19:49.620 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 200 OK Date: Sat, 10 Mar 2018 13:19:48 GMT Server: Apache Strict-Transport-Security: max-age=15768000 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Length: 196 Content-Type: text/html; charset=UTF-8 X-Cache: MISS from www.example.com X-Cache-Lookup: MISS from www.example.com:3129 Via: 1.1 www.example.com (squid) Connection: keep-alive ---------- 2018/03/10 13:19:49.620 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable 2018/03/10 13:19:49.621 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable 2018/03/10 13:19:49.621 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable 2018/03/10 13:19:49.621 kid1| 20,2| store.cc(991) checkCachable: StoreEntry::checkCachable: NO: not cachable With wget, it works perfectly. Is that a PHP problem or squid related? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
![https://cdn.joomla.org/images/Joomla_logo.png"](https://cdn.joomla.org/images/Joomla_logo.png"){kind=link}
