Hey, I have recently seen more then one site that doesn't provide the full CA bundle chain. An example: https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudschool.org https://www.ssllabs.com/ssltest/analyze.html?d= certificatechain.io I wanted to somehow get this issue logged properly. Currently squid sends the client a customized 503 page and the next line in cache.log: 2022/01/25 19:01:25 kid1| ERROR: negotiating TLS on FD 26: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (1/-1/0) Were there any improvement in this area in 5.x or 6.x brances? And also the logging is very uninformative regarding the culprit of the issue. I would have expected that the remote host ip:port and sni would be logged as well in the above mentioned line. Currently I do not know about a way to identify from the logs these specific sites. I was thinking about writing a daemon that will do the trick automatically for 4.17. Any ideas about the subject? Thanks, Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
