I'm using 4.13 with libressl 3.2.2 and SSL bumps. Most of the time it works (e.g. google). Some other time it get me back a 'fake untrusted' certificate (like CN=Not trusted by \"proxy.proxind.it\") and this of course gives user issues. In the logs I see lines like 2020-11-11 12:47:59.314124500 L 290 192.168.2.102 NONE/200 0 CONNECT www.selcdn.ru:443 - HIER_DIRECT/92.53.68.204 - /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY@depth=2 which suggest something missing in the certificate store. However testing with openssl verify the certificate from the server (extracted with a browser *outside* the squid network) it verifies OK. The certs.pem file is the same (I checked:P) so I don't get why it should fail. In fact I ensured it with tls_outgoing_options cafile=/var/lib/openssl/certs.pem Any ideas on how to solve/troubleshoot/workaround the problem? -- Lorenzo Marcantonio
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
