On 10/06/18 02:23, James Lay wrote: > On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote: >> On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote: >>> On 10/06/18 01:02, James Lay wrote: >>> >>> So in my config file I have: >>> >>> sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB >>> >>> However I do not see this after compiling and installing. Has this gone >>> away in 4? Thank you. >>> >>> James >>> >>> >>> It's now called security_file_certgen. >>> >>> <http://www.squid-cache.org/Versions/v4/squid-4.0.24-RELEASENOTES.html#ss2.4> >>> >>> Amos >>> >> >> Thanks Amos...I'll read this before asking anymore questions ☺ >> >> > > So ok...after making the changes to the config to account for new > security_file_certgen and tls_outgoing_options (thanks Amos!) I am > greeted with (hostname changed from real): > > FATAL: mimeLoadIcon: cannot parse internal URL: > http://<hostname>:0/squid-internal-static/icons/silk/image.png > There should be an error about no forward-proxy port as well. Squid requires at least one port able to receive requests for those URLs from clients. Port 3128 is normally that port, but you have repurposed it for interception, which disqualifies it. The hostname in these URLs is taken from that port's IP address reverse-DNS name, or the proxies public/visible hostname. Whichever meets the requirement of being resolvable in DNS. > Here's my config line: > > ./configure --prefix=/opt/squid --with-openssl=/opt/libressl > --sysconfdir=/opt/squid/etc --enable-ssl --enable-ssl-crtd > --enable-linux-netfilter --enable-follow-x-forwarded-for > --with-large-files --enable-xternal-acl-helpers=none Missing 'e' on --enable-external-acl-helpers. ... > > sslproxy_cert_error allow all > tls_outgoing_options capath=/etc/ssl/certs flags=DONT_VERIFY_PEER Please avoid DONT_VERIFY_PEER and "allow all" for cert errors. They are useless for both production AND debugging since all they do is hide security issues from *you*. It is best to watch for security issues and fix them. Not just ignore everything. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
