[squid-users] Alert unknown CA
Yuri Voinov
yvoinov at gmail.com
Tue Feb 3 18:36:47 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What about linking OpenSSL libraries into Squid? Like eCAP?
Or how to trace openssl calls anywhere else?
AFAIK, URL is passed to SSL_CRTD. Then return with result, right?
Why we can't add catch errors and log it with URL?
This unrecoverable errors is makes correct bump much difficult.
04.02.2015 0:31, Amos Jeffries пишет:
> On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents,
>>
>> I think, will be good to add advanced debug options to ssl_crtd to avoid
>> this:
>>
>> 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL
>> connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>> alert unknown ca (1/0)
>>
>> Now we have no one tools to diagnose the situations above. Excluding own
>> eyes and brains. And - telepathy.
>>
>> Amos,
>>
>> is it possible to get more informative diagnostics? URL will be enough.
>
> I dont think we can without re-writing OpenSSL library operations
> directly in Squid.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU0RU/AAoJENNXIZxhPexGRlsH/2dgwQuHz7QSPBukAqvSN3T6
RDao4nnWgM0V5ACgqRfSibwv4EuAPSJuJHDsvc3JxmNvb6bSuAu8RZ4ra+5cEdor
7yPJcSevskiuOkMFXq4XxyAIwaYMJEWGFSpyKmSQHHM0fVIHhVxWgF/0gGxUxNPm
aulE/R5zRoxt0Vvm0FLdLjgt5X1axyFeNoQYoLID24uggWXn8qkRcy1NrA9QnYOG
E9Y4vXwDHL48bBd5J7Ld1WGUAJ/xvokWOmK+Jz9dHuEIi4pT7u7IOFlkWBjZjWgi
eGuXoK0BqEBh+1izeFrpGKtfcqWC0ZWVn0Sykv6jl/l1B3PVta1GOwocFp9nPBA=
=ZzDE
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list