On 3/17/19 1:22 AM, Itai Tieger wrote: > I'm using squid 4.4 compiled with openssl 1.1.0. > Sometimes when I try to access a site, I get this error: > (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server failed: [No Error] > how can I debug it myself? Since the error is probably detected inside OpenSSL SSL_connect(), I would start by extracting the corresponding server certificate from the packet capture and asking OpenSSL library on the Squid box to validate it. > I also get many > 32 2019/02/25 00:09:19 kid1| ERROR: negotiating TLS on FD 43: > error:1416F086:SSL routines:tls_process_server_certificate:certificate > verify failed (1/-1/0) > in the log, might be related... ? It is -- SQUID_ERR_SSL_HANDSHAKE is only returned after printing the above level-1 message AFAICT. BTW, if Squid does not relay the above OpenSSL error details to the error page, it is a Squid bug or deficiency. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
