Search squid archive

Re: squid 4.5, can't download certificate?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/18/19 4:35 AM, Dmitry Melekhov wrote:
> 
> 17.01.2019 21:02, Alex Rousskov пишет:
>> On 1/16/19 10:30 PM, Dmitry Melekhov wrote:
>>
>>> 2019/01/17 09:18:21 kid1| ERROR: negotiating TLS on FD 55:
>>> error:14090086:SSL routines:ssl3_get_server_certificate:certificate
>>> verify failed (1/-1/0)
>>
>>> In access log:
>>> 1547702300.945      0 192.168.22.229 NONE/503 329 GET
>>> https://lkk-udm.esplus.ru/Services/Auth.asmx/Safe? dm HIER_NONE/-
>>> text/html
>>> 1547702301.304     84 - TCP_MISS/404 162 GET
>>> http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt-/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff-GETmyip=-myport=0
>>> - HIER_DIRECT/91.199.212.52 text/html
>> Your Squid (or some helper) appears to be adding an
>> "-/ffff...GETmyip=-myport=0" suffix to the crt.sectigo.com URL,
>> resulting in a 404 response from that server.

> Yes, I suspected this, there is no helper which can add this, as far as
> I know

> can squid add this

Squid itself does not add non-trivial paths to URLs. If your Squid does
not have a URL rewriter or an adaptation service, and the certificate
your Squid receives does not containt that weird URL, then this is
probably a Squid bug such as using an "unterminated c-string" when
forming the request URL. If you can reproduce, it may be fairly easy to
distinguish bugs from helpers from certificates as the source of this
problem using an ALL,9 cache.log.
 Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux