Search squid archive

Re: Got [No Error] (TLS code: SQUID_ERR_SSL_HANDSHAKE)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/17/19 1:22 AM, Itai Tieger wrote:

> I'm using squid 4.4 compiled with openssl 1.1.0. 
> Sometimes when I try to access a site, I get this error: 

> (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server failed: [No Error] 


> how can I debug it myself? 

Since the error is probably detected inside OpenSSL SSL_connect(), I
would start by extracting the corresponding server certificate from the
packet capture and asking OpenSSL library on the Squid box to validate it.


> I also get many 
>  32	2019/02/25 00:09:19 kid1| ERROR: negotiating TLS on FD 43:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate
> verify failed (1/-1/0) 
> in the log, might be related... ?

It is -- SQUID_ERR_SSL_HANDSHAKE is only returned after printing the
above level-1 message AFAICT.


BTW, if Squid does not relay the above OpenSSL error details to the
error page, it is a Squid bug or deficiency.


Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux