Hi,
the setup is exactly what you suggested but still the ERROR shows up.
Here the startup sequence about context creation:
2019/04/05 06:29:48.050| Initializing https:// proxy context
2019/04/05 06:29:48.050| 24,8| SBuf.cc(38) SBuf: SBuf950 created from id SBuf110
2019/04/05 06:29:48.050| 24,8| Tokenizer.cc(174) skip: skipping char '1'
2019/04/05 06:29:48.050| 24,5| Tokenizer.cc(25) consume: consuming 1 bytes
2019/04/05 06:29:48.050| 24,8| SBuf.cc(497) consume: SBuf950 consume 1
2019/04/05 06:29:48.050| 24,8| SBuf.cc(38) SBuf: SBuf951 created from id SBuf950
2019/04/05 06:29:48.050| 24,8| SBuf.cc(70) ~SBuf: SBuf951 destructed
2019/04/05 06:29:48.050| 24,8| Tokenizer.cc(174) skip: skipping char '.'
2019/04/05 06:29:48.050| 24,5| Tokenizer.cc(25) consume: consuming 1 bytes
2019/04/05 06:29:48.050| 24,8| SBuf.cc(497) consume: SBuf950 consume 1
2019/04/05 06:29:48.050| 24,8| SBuf.cc(38) SBuf: SBuf952 created from id SBuf950
2019/04/05 06:29:48.050| 24,8| SBuf.cc(70) ~SBuf: SBuf952 destructed
2019/04/05 06:29:48.050| 24,8| SBuf.cc(38) SBuf: SBuf953 created from id SBuf950
2019/04/05 06:29:48.050| 24,5| Tokenizer.cc(25) consume: consuming 1 bytes
2019/04/05 06:29:48.050| 24,8| SBuf.cc(497) consume: SBuf950 consume 1
2019/04/05 06:29:48.050| 24,8| SBuf.cc(38) SBuf: SBuf954 created from id SBuf950
2019/04/05 06:29:48.050| 24,8| SBuf.cc(70) ~SBuf: SBuf954 destructed
2019/04/05 06:29:48.050| 24,8| SBuf.cc(70) ~SBuf: SBuf953 destructed
2019/04/05 06:29:48.050| 24,8| SBuf.cc(70) ~SBuf: SBuf950 destructed
2019/04/05 06:29:48.051| 83,9| support.cc(586) InitClientContext: Setting certificate verification callback.
2019/04/05 06:29:48.051| 83,8| PeerOptions.cc(647) updateContextCa: Setting CA certificate locations.
2019/04/05 06:29:48.051| 83,8| PeerOptions.cc(630) loadSystemTrustedCa: Setting default system Trusted CA. ctx=0x55dcadedcd20
2019/04/05 06:29:48.052| 24,8| SBuf.cc(30) SBuf: SBuf955 created
2019/04/05 06:29:48.052| 24,7| SBuf.cc(85) assign: assigning SBuf955 from SBuf118
2019/04/05 06:29:48.052| 24,8| SBuf.cc(38) SBuf: SBuf956 created from id SBuf955
2019/04/05 06:29:48.053| 24,8| SBuf.cc(70) ~SBuf: SBuf956 destructed
2019/04/05 06:29:48.053| 24,8| SBuf.cc(70) ~SBuf: SBuf955 destructed
2019/04/05 06:29:48.053| Initializing http_port 0.0.0.0:3128 TLS contexts
2019/04/05 06:29:48.053| Using certificate in /etc/squid/squidCA.pem
2019/04/05 06:29:48.053| 24,7| SBuf.cc(160) rawSpace: reserving 1 for SBuf217
2019/04/05 06:29:48.053| 24,7| SBuf.cc(167) rawSpace: SBuf217 not growing
2019/04/05 06:29:48.053| 24,7| SBuf.cc(160) rawSpace: reserving 1 for SBuf217
2019/04/05 06:29:48.053| 24,8| SBuf.cc(886) cow: SBuf217 new size:23
2019/04/05 06:29:48.053| 24,8| SBuf.cc(857) reAlloc: SBuf217 new size: 23
2019/04/05 06:29:48.054| 24,9| MemBlob.cc(56) MemBlob: constructed, this=0x55dcadedd7c0 id=blob1225 reserveSize=23
2019/04/05 06:29:48.054| 24,8| MemBlob.cc(101) memAlloc: blob1225 memAlloc: requested=23, received=40
2019/04/05 06:29:48.054| 24,7| SBuf.cc(865) reAlloc: SBuf217 new store capacity: 40
2019/04/05 06:29:48.054| 83,3| KeyData.cc(105) loadX509ChainFromFile: Using certificate chain in /etc/squid/squidCA.pem
2019/04/05 06:29:48.054| 83,3| KeyData.cc(123) loadX509ChainFromFile: Adding issuer CA: /CN=nobody
2019/04/05 06:29:48.054| Using key in /etc/squid/squidCA.pem
2019/04/05 06:29:48.054| 24,7| SBuf.cc(160) rawSpace: reserving 1 for SBuf218
2019/04/05 06:29:48.054| 24,8| SBuf.cc(886) cow: SBuf218 new size:23
2019/04/05 06:29:48.054| 24,8| SBuf.cc(857) reAlloc: SBuf218 new size: 23
2019/04/05 06:29:48.054| 24,9| MemBlob.cc(56) MemBlob: constructed, this=0x55dcadef07f0 id=blob1226 reserveSize=23
2019/04/05 06:29:48.054| 24,8| MemBlob.cc(101) memAlloc: blob1226 memAlloc: requested=23, received=40
2019/04/05 06:29:48.054| 24,9| MemBlob.cc(82) ~MemBlob: destructed, this=0x55dcaddf6c30 id=blob554 capacity=40 size=23
2019/04/05 06:29:48.054| 24,7| SBuf.cc(865) reAlloc: SBuf218 new store capacity: 40
2019/04/05 06:29:48.054| 83,8| PeerOptions.cc(647) updateContextCa: Setting CA certificate locations.
2019/04/05 06:29:48.054| 83,9| ServerOptions.cc(444) updateContextClientCa: Not requiring any client certificates
2019/04/05 06:29:48.054| 24,8| SBuf.cc(30) SBuf: SBuf957 created
2019/04/05 06:29:48.054| 24,7| SBuf.cc(85) assign: assigning SBuf957 from SBuf118
2019/04/05 06:29:48.054| 24,8| SBuf.cc(38) SBuf: SBuf958 created from id SBuf957
2019/04/05 06:29:48.054| 24,8| SBuf.cc(70) ~SBuf: SBuf958 destructed
2019/04/05 06:29:48.054| 24,8| SBuf.cc(70) ~SBuf: SBuf957 destructed
If you want I can attach all the cache log with startup and one request with error
Thanks
On Fri, 5 Apr 2019 at 06:23, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 5/04/19 12:37 am, Davide Belloni wrote:
> Hi,
> this is the certificate that I'm using at the moment:
>
AFAICS the pieces Squid-4 needs for your config and checks for are all
there.
Are the pieces correctly ordered in the .pem file? key first, then CA cert.
>
> On Thu, 4 Apr 2019 at 12:57, Davide Belloni wrote:
>
> Hi, thanks very much for all the advices!
> About the action to generate the certificate I've followed the squid
> wiki, that doesn't modify (if I remember correctly) openssl conf to
> create it .
>
> Do you have some link to a good howto about that?
>
Ah, we have several how-to's in the wiki. The SSL-Bump documentation has
an example. The ConfigExamples section has one for self-signed root CA
like yours, one for intermediate CA signing cert, and one for a wildcard
domain cert.
The one most relevant to what you have is:
<https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Features.2FDynamicSslCert.Create_Self-Signed_Root_CA_Certificate>
If this already matches what you are doing, and the PEM file content is
correct, and that context creation ERROR still shows up. Then your next
step would be to start Squid with the -X command line option and see if
anything more specific about it shows up.
(This will produce a huge amount of debug info, but you only need the
startup sequence where the ERROR shows up. It should not be necessary to
send traffic until the context is working.)
Amos
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
