On Wed, Nov 11, 2020 at 11:45:26AM -0500, Alex Rousskov wrote: > On 11/11/20 6:56 AM, Lorenzo Marcantonio wrote: > > I'm using 4.13 with libressl 3.2.2 and SSL bumps. > > FYI: Libressl-based builds are not officially supported. I do not know > whether libressl is a factor here. Uhm. That could be. However I think that mixing openssl and libressl could be an even bigger can of worm, given that they have the same soname. > > X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY@depth=2 > > If the connection is using TLS v1.3, then you may be suffering from Bug > 5067: https://bugs.squid-cache.org/show_bug.cgi?id=5067 Ah. There is some kind of hack in squid to get the missing certificates. but openssl verify checks ok without going to the net (I did a strace to check the cafile). libressl seems to be the most probable issue then. Not an easy fix I fear Thanks for the advice -- Lorenzo Marcantonio
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
